NCQA Compliance — Medcare Solutions LLC

What is NCQA?

The National Committee for Quality Assurance (NCQA) is the leading authority in healthcare quality accreditation. NCQA accreditation is the gold standard for organizations performing credentialing verification (CVO), utilization management (UM), and other managed care functions.

Achieving NCQA accreditation demonstrates to health plans, providers, and patients that your organization meets rigorous quality standards — and it is increasingly a requirement for participation in managed care networks.

Why it matters: NCQA accreditation signals that an organization has the policies, procedures, and infrastructure to perform critical healthcare functions accurately, consistently, and in compliance with federal and state regulations.

Virtual Organization Compliance

Medcare Solutions operates as a 100% virtual organization — and NCQA explicitly accommodates this model. Our virtual-first approach is not a workaround; it is a recognized and supported operational structure under current NCQA standards.

How We Qualify

NCQA standards (specifically for CVOs) include a scoring factor that defaults to "Yes" when an organization attests to the following:

There is no physical building where work is conducted
All credentialing and verification work is performed remotely
All data is stored using a HIPAA-compliant, cloud-based service vendor

Our attestation: Medcare Solutions formally attests to NCQA that we are a completely virtual organization. Our policies and procedures explicitly describe our virtual operation model and cloud-based storage protocols, as required by NCQA standards.

The Address Standard

While operating virtually is permitted, NCQA has specific requirements for the address used in their records and on the public NCQA Report Card.

What NCQA Requires

Valid U.S. address: A real, legal business address within the United States
Not a P.O. Box: NCQA does not allow P.O. Box addresses as the primary listed location
Not a Registered Agent: A statutory agent address (e.g., a registered agent service) is generally not accepted
Virtual office addresses are acceptable: Services like Regus or WeWork provide a legal business address that satisfies NCQA requirements

Our approach: Medcare Solutions maintains a professional virtual office address that serves as our corporate mailing address and legal business location for NCQA reporting purposes.

Virtual Reviews

Historically, NCQA conducted physical site visits to verify file security (locked cabinets, secure storage rooms). With the industry's shift to digital records, NCQA now offers Virtual Reviews for organizations that operate remotely.

How Virtual Reviews Work

Reviews are conducted via screen-sharing technology (Zoom, Microsoft Teams)
Surveyors observe your systems, digital files, workflows, and access controls in real time
Staff demonstrate credentialing processes, data retrieval, and security protocols live
No physical office staging — NCQA expects transparency about your dispersed workforce model

Important: NCQA surveyors explicitly advise against renting a virtual office to "stage" a site visit. If no staff works at a location, demonstrating an empty room serves no purpose. Be transparent about your remote workforce model.

Data Security & HIPAA

For virtual organizations, NCQA shifts its scrutiny from physical security ("locks on doors") to digital security. Our IT infrastructure and data handling practices are the primary focus during accreditation reviews.

Our Security Framework

Cloud Infrastructure

All data is stored in HIPAA-compliant cloud environments with signed Business Associate Agreements (BAAs). We maintain contracts with our cloud vendors ensuring they meet all applicable security standards.

HIPAA-compliant cloud storage with end-to-end encryption
Signed BAAs with all cloud service vendors
SOC 2 Type II certified infrastructure
Regular security audits and penetration testing

Remote Work Policy

Our written Remote Work Policy governs all staff with access to protected health information (PHI). This policy is a core component of our NCQA compliance documentation.

Staff must work in a private, dedicated workspace
Computer screens must not be visible to household members or visitors
Two-factor authentication (2FA) required for all system access
Mandatory annual HIPAA and security awareness training
Incident response procedures for potential breaches

Business Continuity

Because our workforce is distributed, we maintain a comprehensive Business Continuity Plan (BCP) that addresses how operations continue during disruptions.

Redundant cloud infrastructure with automatic failover
Power and internet outage contingency protocols for remote staff
Regular backup and disaster recovery testing
Communication escalation procedures for critical disruptions

Frequently Asked Questions

Can a fully virtual organization achieve NCQA accreditation?

Yes. NCQA explicitly acknowledges and accommodates organizations that are "completely virtual" — meaning no physical building and all work done remotely. The key requirement is that your policies and procedures describe your virtual operation and cloud-based storage protocols.

What kind of address does NCQA require?

NCQA requires a valid United States address for its public Report Card. P.O. Boxes and statutory agent addresses are generally not accepted. A virtual office address (e.g., Regus, WeWork) is acceptable as long as it is a legal business address for your entity. Home addresses are technically allowed if that is where NCQA-reviewed functions are conducted.

How do site visits work for virtual organizations?

Virtual organizations request a Virtual Review instead of a traditional onsite survey. Surveyors connect via screen-sharing technology (Zoom/Teams) and observe your systems, digital files, and workflows in real time. There is no need to stage a physical office — NCQA expects transparency about your distributed workforce.

What does NCQA evaluate if there is no physical office?

When there is no physical office, NCQA shifts its focus from "locks on doors" to digital security. Key evaluation areas include:

Cloud vendor contracts and BAAs
Remote work policies governing PHI access
Business continuity planning for distributed operations
Two-factor authentication and access controls
Staff training on HIPAA and security protocols

How often does NCQA accreditation need to be renewed?

NCQA accreditation cycles are typically three years. Organizations must demonstrate ongoing compliance throughout the accreditation period and undergo a full re-survey for renewal. Medcare Solutions provides continuous monitoring and support to ensure you remain in compliance between survey cycles.

Need help with NCQA compliance? Our team has deep expertise in navigating NCQA standards for virtual organizations. Contact us for a free consultation →