Ghost Networks: Why Credentialing and Contracting Must Work as One

A ghost network is not a hypothetical risk. It is the predictable outcome of a system where credentialing and contracting data are managed in isolation, updated on different timelines, and reconciled only when a member files a complaint — or a lawsuit. State attorneys general and CMS have taken notice. Class actions alleging fraudulent directory misrepresentation have been filed against some of the largest health plans in the country, with settlements reaching into the tens of millions of dollars.

For health systems, medical groups, and the payers that contract with them, the liability exposure is no longer abstract. Directory accuracy is now a compliance obligation with teeth — and the root cause almost always traces back to the same structural failure: credentialing data and contracting data that are never fully in sync.

How Ghost Networks Form

Ghost networks do not appear because organizations are careless. They appear because credentialing and contracting workflows are optimized independently, and the data handoffs between them are fragile. A provider may complete credentialing verification and be listed as in-network before their contract terms are finalized. A provider who terminates a payer contract may remain active in the credentialing system — and therefore in the directory — for weeks or months after their last in-network date.

The gap widens further when employment changes are involved. When a physician joins or leaves a practice, the credentialing record is updated, but the payer contract may list the practice rather than the individual provider — meaning a departed physician remains associated with a network location they no longer serve. Multiply this across a large group practice or health system with dozens of payer contracts and hundreds of providers, and the scale of the discrepancy becomes difficult to manage manually.

Each of these gaps represents a member who calls to schedule an appointment, is told the provider is in-network, and discovers at the point of care — or on the Explanation of Benefits — that they have been billed out-of-network. The financial harm is real. The erosion of trust is lasting.

The Regulatory Pressure Behind Ghost Network Lawsuits

Network adequacy regulations require payers to maintain directories that accurately reflect the providers available to members. The No Surprises Act and its implementing rules have sharpened federal attention on directory accuracy, creating audit obligations and member protections that directly interact with ghost network gaps. CMS has authority to impose civil monetary penalties for material directory inaccuracies, and state insurance regulators in California, New York, and Texas have pursued enforcement actions with increasing frequency.

The litigation risk compounds the regulatory risk. Plaintiffs in ghost network cases have successfully argued that inaccurate directories constitute fraudulent misrepresentation of the contracted network — a theory that supports not just individual claims but class certification. The combination of regulatory fines and class exposure has prompted payers to scrutinize their provider data governance with an urgency that did not exist five years ago.

For provider organizations, the pressure flows downward. Payers are increasingly requiring that credentialing updates be reported within defined timeframes, that terminations be confirmed within days rather than weeks, and that organizations maintain audit-ready records of their data exchange. These contractual obligations create provider-side liability for directory inaccuracies that originate in the provider's own credentialing or HR processes.

Where the Integration Breaks Down

The technical and operational gaps between credentialing and contracting are well understood in the industry, even when the solutions remain elusive. Credentialing data lives in one system — whether that is a purpose-built credentialing platform, an EHR module, or a shared drive of scanned documents — while contracting data lives in another: a contract management system, a spreadsheet, or a billing configuration table. Neither system is designed to notify the other when records change.

Terminations are a particular vulnerability. The workflow for offboarding a provider from active participation typically touches HR, credentialing, and contracting as separate steps. When any one of those steps is delayed — a common occurrence in high-volume practices — the provider may continue to appear as active in systems that should have been updated. A provider who leaves a practice on the first of the month may remain listed in a payer directory through the end of the quarter if the credentialing update is not submitted promptly and if the payer's own processing timeline adds further delay.

Enrollment status is a third layer of complexity. A provider may be credentialed, contracted, and still not enrolled with a specific payer plan — meaning they cannot bill under that plan even though directory data suggests they can. Tracking the distinction between credentialing status, contract status, and enrollment status requires either a unified data model or rigorous manual coordination that most organizations do not sustain over time.

Accuracy at the Source: The Only Durable Fix

Downstream remediation — periodic directory audits, manual attestation campaigns, member complaint reviews — addresses ghost network problems after they have already formed. The more durable solution is accuracy at the source: ensuring that the credentialing record, the contracting record, and the payer-reported directory status reflect the same underlying reality, updated in near-real-time as facts change.

This requires credentialing and contracting workflows that share data rather than exchange it. When a provider's credentialing status changes, the contracting system should register the change automatically. When a contract is terminated, the credentialing record should reflect the effective date immediately, and payer notification should be triggered without requiring a separate manual step. The handoffs that currently require staff coordination should be replaced by event-driven updates that propagate across systems without human intervention.

Audit readiness follows naturally from accurate source data. When every credentialing and contracting record carries a timestamp, a status, and a payer-specific enrollment state — and when that data is accessible in a single view — responding to a payer audit or a regulatory inquiry becomes a reporting exercise rather than a reconstruction effort. The organizations best positioned to defend against ghost network allegations are the ones whose data tells an accurate, current, and internally consistent story.

What Integrated Credentialing and Contracting Looks Like in Practice

In a well-integrated workflow, the life cycle of a provider's network participation is tracked as a single record with linked credentialing, contracting, and enrollment states. Initial credentialing verification generates a record that triggers the contracting workflow automatically — no provider is offered network participation before their credential verification is complete, and no contract is finalized without a confirmed credentialing status.

Enrollment with individual payer plans is tracked against the contract, with the distinction between credentialing approval, contract execution, and payer-specific enrollment clearly represented and independently updatable. When any state changes — a license is renewed, a contract term is modified, an enrollment is approved or terminated — the change propagates to the directory-reporting layer without additional manual steps.

Terminations are handled with the same discipline as initial enrollment. The system captures the termination date, notifies the relevant payers within the contractually required window, and updates the directory record with a confirmed end date. Staff no longer need to coordinate across credentialing, contracting, and billing to ensure that a departed provider is fully offboarded from all payer relationships.

The result is a network representation that reflects actual access — not historical data that has drifted from reality. Members can rely on the directory. Payers can rely on provider attestations. And organizations can respond to audits and litigation with records that demonstrate control rather than scramble to explain gaps.