For years, “ghost networks” were treated as an operational nuisance, an expected side effect of complex provider ecosystems, constant change, and fragmented data flows.
Plans issued guidance.
Vendors ran periodic cleanups.
Compliance teams documented “best efforts.”
That framing no longer holds.
In 2025 alone, inaccurate provider directories contributed to more than $45 million in legal settlements, including mandatory multi-year remediation programs imposed by the rulings. These enforcement actions did not target small or under-resourced organizations. They involved national payers with mature vendor stacks, credentialing platforms, and established directory management processes.
In October 2025, the California Attorney General announced a $40 million settlement with Health Net, citing misleading provider directories that caused members to rely on inaccurate information when seeking care. Beyond the monetary penalty, the settlement imposed ongoing compliance obligations that materially altered how provider data must be governed, validated, and monitored over time.
(Source: California Department of Justice – Health Net Settlement)
Shortly thereafter, Cigna agreed to pay $5.7 million to settle an ERISA class action alleging that inaccurate provider directories constituted a breach of fiduciary duty. The court rejected arguments based on vendor reliance or reasonable effort. The standard applied was whether the information presented to members was accurate—and whether the plan could demonstrate that accuracy.
(Source: American Bar Association – Ghost Networks and ERISA)
Taken together, these cases reflect a clear reframing: provider directory inaccuracies are no longer treated as operational defects. They are treated as legal misrepresentations.
That distinction matters. Operational issues can often be addressed quietly. Legal misrepresentation triggers litigation, regulatory oversight, mandated audits, and public disclosure—along with heightened expectations for proof, not process.
Notably, every organization involved in recent enforcement actions already had provider data vendors, verification workflows, and compliance teams in place. The failure was not a lack of effort. It was the absence of a way to continuously reconcile provider identity, status, and availability across claims, credentialing, contracting, and directory systems at the cadence regulators now expect.
That gap—between documented process and provable accuracy—is where enforcement is now focused.
Polus™ HCP is designed specifically to close that gap by continuously reconciling provider identity and status across systems rather than relying on periodic attestations. For the business, this eliminates the downstream cost of remediation and rework driven by inaccurate data. For the C-suite, it provides defensible, auditable proof of directory accuracy aligned to regulatory timelines, not vendor assurances. And for the end user, it reduces the risk of acting on inaccurate provider information at the point of care. When accuracy must be proven, not promised, directory management must become a data governance problem, and that is where Polus HCP operates.
See how Polus HCP helps payer operations teams replace reactive directory cleanups with continuous provider data reconciliation across core systems.
