Most dental groups don't think of their provider directory as a risk item. It's background noise — something that gets updated when someone remembers, or when a patient calls to complain they can't find a provider online.
In 2026, that approach has a regulatory consequence attached to it.
Here's what changed and what your group should do about it.
What CMS finalized
In September 2025, CMS issued a final rule (CMS-4208-F2) that took effect January 1, 2026, establishing new provider directory requirements for Medicare Advantage organizations. The rule requires MA plans to submit provider directory data directly to CMS for publication on Medicare Plan Finder, update that data within 30 days of becoming aware of any change, and attest annually to its accuracy.
That's the plan's obligation — not yours directly. But here's how it lands on your group.
Why this becomes your problem
Medicare Advantage plans are contractually required to keep your provider data accurate. To do that, they need accurate data from you. That means you should expect — if you haven't already — an increase in outreach from MA plans asking you to verify and confirm your provider information. Location addresses, phone numbers, specialties, accepting new patients status, whether a provider is still with your group.
Ignoring these requests has a consequence: your network status can be affected. A provider who doesn't respond to verification requests can end up delisted from a directory — meaning patients searching for in-network dentists won't find them, and claims submitted under that provider's NPI may be flagged.
This isn't theoretical. CMS audited Medicare Advantage directories in 2016 and found 52% of provider locations listed were inaccurate. The regulatory response has been building ever since, and 2026 is when the enforcement pressure moves downstream to groups and DSOs.
The cross-program risk most groups miss
There's a second enforcement change that's gotten less attention and carries more consequence for larger groups.
Starting in 2026, CMS has strengthened cross-program termination enforcement — meaning that a compliance action in one federal program now flows more consistently to others. If a provider faces a termination or sanction under Medicaid, that action travels to Medicare and can affect standing with commercial plans that follow CMS compliance standards.
For DSOs and groups operating across multiple states with providers enrolled in both Medicare and Medicaid networks, this is a material risk. One compliance issue with one payer in one state can cascade across your entire payer mix if provider data and enrollment records aren't being actively monitored.
The PECOS matching problem
The third piece is technical but important. CMS is now using enhanced automated matching to cross-reference provider information across databases — specifically comparing your PECOS enrollment data against your CAQH profile. Small discrepancies that previously passed unnoticed — an address formatted differently, a practice name that doesn't match exactly, an NPI linked to an old location — can now trigger flags that delay credentialing or cause enrollment revocations.
For groups adding locations, acquiring practices, or onboarding associate providers, this is the category most likely to bite you. The acquisition closes, the provider starts seeing patients, and a quiet mismatch in their PECOS record creates a billing problem three months later.
What this means operationally
None of this requires a complete overhaul. It requires the same thing credentialing has always required — someone who owns it and stays ahead of it rather than reacting to it.
Specifically:
- Respond to payer directory verification requests when they come in — don't let them sit.
- Audit your CAQH profiles against your PECOS enrollment records, especially for any provider added in the last 12 months.
- Make sure every provider's practice location, NPI, and contact information is consistent across every payer portal where they're enrolled.
- If you've had any state Medicaid compliance issues, flag them for review before they affect your broader payer standing.
At Credentialing DDS, this is the ongoing work we do for our clients — not as a one-time cleanup, but as continuous management. Provider data drifts. Payer requirements change. Enforcement tightens. The groups that stay out of trouble are the ones with someone watching all of it, all the time.
If your credentialing is running on a spreadsheet and good intentions, 2026 is a reasonable year to change that.
References:
- CMS Final Rule CMS-4208-F2, effective January 1, 2026 — Federal Register, September 19, 2025 (https://www.federalregister.gov/documents/2025/09/19/2025-18236)
- AHA News summary: https://www.aha.org/news/headline/2025-09-19-cms-issues-final-rule-cy-2026-policy-and-technical-changes-medicare-programs