The REAL Health Providers Act was passed as part of the Consolidated Appropriations Act, signed by President Trump on February 3, 2026. Effective beginning with plan year 2028, the Act both codifies Medicare Advantage (MA) provider directory requirements, previously established through rulemaking, and introduces the first national statutory requirement to measure and report provider directory accuracy. This post unpacks the Act’s requirements and explores what they mean for payers, provider data and API vendors, and the broader public.
Key provisions of the Act
The Act codifies previously issued MA provider directory guidance, specifically, a requirement to verify and update all directory information at least every 90 days . It also incorporates consumer protection concepts from the No Surprises Act: when a plan knows a provider has left the network, the provider must be removed from the directory within five days (compared to two days under the No Surprises Act, which applied to any directory update), and members are protected from cost-sharing penalties when they reasonably rely on an incorrect in-network listing. In effect, the Real Health Providers Act extends a familiar “no penalty for reasonable reliance” framework into Medicare Advantage, anchoring directory accuracy and consumer protection in federal statute.
The new element of the Act is the requirement to analyze provider directory accuracy and publicly report the results. For the first time, Congress has legislated a national mandate to measure and disclose provider directory accuracy. The statute leaves implementation details to forthcoming rulemaking by HHS and likely CMS, including which provider specialties must be audited, the methodology used to assess accuracy, and the specific machine-readable format in which results will be published.
Four models CMS could use to measure provider directory accuracy
As CMS moves to implement the Real Health Providers Act, it can consider these plausible models for measuring and reporting provider directory accuracy. Each of these presents different cost, scalability, and enforcement implications for payers and their solution vendors.
1. Secret shopper audits (CMS-run or CMS-prescribed)
CMS has conducted secret shopper audits of Medicare Advantage (MA) provider directories for a decade, making this the most familiar option. CMS could continue running these audits, but the Act’s $4 million funding is unlikely to support meaningful, recurring samples across all MA plans and specialties. At scale, comprehensive annual audits may exceed that budget. A more likely approach is for CMS to define a standardized audit methodology and require MA plans to execute it themselves. Under this model, CMS could (a) maintain a list of certified third-party auditors, (b) “audit the audits” to ensure methodological consistency, and (c) rely on Provider Directory APIs as the source for audits rather than manual directory website review. CMS has already leaned toward FHIR-based APIs for MA Plan Finder and National Directory, making API-driven audits a natural extension.
2. Comparison against a National Directory (system-of-record model)
Another option is for CMS to designate a National Provider Directory as the reference dataset and require MA plans to measure accuracy by comparing their directories against it. CMS previously signaled such an approach in a January 2020 memo, noting discretion when plans relied on NPPES data. This approach was widely considered problematic due to well-documented errors in NPPES. CMS has signaled in public comments that it wishes to capture observed errors and corrections via a National Directory, so a ‘crowdsourced’ feedback-loop approach could be in the cards. If CMS succeeds in standing up a higher-quality National Directory, it could revisit this model, particularly if paired with a “safe harbor” for plans that rely on the National Directory.
3. Algorithmic or risk-based accuracy assessment
A number of vendors use algorithmic approaches that combine public data, payer APIs, claims, scraped data, and models trained against secret shopper audits to estimate provider directory accuracy at scale. CMS could adopt such a methodology, or encourage plans to use these tools as an interim risk-assessment layer. This helps payers quantify exposure and prioritize remediation between formal audits. This model emphasizes continuous monitoring and iterative improvements, rather than episodic compliance.
4. Hybrid models
In reality, CMS may blend these approaches: periodic secret shopper audits for validation, algorithmic monitoring for scale (and warnings), and selective comparison against national datasets as they mature. The common thread across all models is a shift away from static, PDF- or webpage-based directory review and auditing toward API-first, machine-readable data that can be audited continuously.
Eighteen months after enactment, by August 2027, the Act directs HHS to issue implementation guidance in three key areas: best practices for maintaining accurate provider directories while minimizing administrative burden; identification and use of relevant public data sets to support directory accuracy; and clear guidance to providers on when and how often they are expected to update their information in NPPES. Together, this guidance is intended to align payer, provider, and public data responsibilities ahead of the Act’s 2028 effective date.
What does this mean for payers?
1. Compliance is now durable, and data will actually be used by the government
Requirements that previously existed through rulemaking are now codified in statute, locking in expectations for regular verification and updates. More importantly, directory data is no longer just a compliance artifact: regulators and the public will actively use it. CMS already plans to consume MA directory data in products like MA Plan Finder. The REAL Act reinforces this trajectory by complementing API requirements with public transparency. Usage and public reporting, not just enforcement, will drive improvement in both API availability and directory accuracy.
2. Accuracy will be formally defined and compared
The Act sets the stage for a government-defined standard for provider directory accuracy, replacing today’s informal, de facto benchmarks derived from CMS secret shopper audits. Ahead of rulemaking, payers should actively engage with regulators, provider groups, and patient advocates (ahead of the public meeting) to help shape how accuracy is defined and measured. Once accuracy metrics are publicly reported, second-order effects will occur: network adequacy perceptions, broker and member decision-making, targeted enforcement, and increased exposure to “ghost network” litigation. Improving accuracy before reporting requirements take effect reduces these risks. Defacto’s recent analysis showed that some payers have more effective directory approaches than others, and are measurably pulling away from the pack with more accurate directories.
3. Baselines and frequent measurement become essential
You cannot manage what you do not measure. Payers will need a clear baseline and a repeatable way to assess accuracy over time. This is not just for the annual audits, but as an operational feedback loop to drive continuous improvement. Even ahead of CMS’s official guidance, payers should establish a regular audit process if they haven’t already, and use the results to make incremental, iterative improvements. This organizational muscle memory needs to be in place prior to CMS guidance, as the pace of improvement will need to accelerate once guidance is issued.
4. Data governance is the long pole—start now
Experience with Provider Directory API implementations showed that fixing upstream data governance (that allow for reliable data flows into the APIs) can take years. Enhancing data governance to activate continuous improvement in directory data accuracy can take longer (most payers have yet to start on this phase). If CMS incorporates a National Directory into its definition of accuracy, payers will need to ingest, reconcile, and operationalize that data quickly. Monitoring CMS signals, through participation in the health tech ecosystem and national directory initiatives, will offer early insight into which sources regulators intend to rely on.
Bottom line: once the dust settles, transparency and continuous improvement will be table stakes. Payers will be expected to operate transparent provider directory APIs and machine-readable files, measure accuracy using a standard methodology, and publish results. Members, brokers, and groups will expect a baseline level of reliability when choosing MA plans. The timeline is short, and the payers that flourish will be the ones that treat accuracy, availability, and access as core capabilities to serve members, not compliance checkboxes.