Datagence · NPD Readiness Assessment

Your Signatory Attests by September 1.

Can You Prove Readiness Today?

Under CMS-4208-F2 and its Technical Implementation Guide, your CEO, CFO, or COO signs in HPMS under personal liability that your CY 2027 directory is accurate, complete, and truthful.

The NPD Submission Readiness Assessment is a fixed-scope, fixed-fee, 30-day engagement that takes your MA organization from uncertainty to a validated, attestable, submission-ready provider directory dataset. No engineering effort required on your side. One signed readout your signatory can rely on.

Sept 1

CY 2027 HPMS attestation deadline. No extensions.

30 days

From engagement kickoff to signed readout and evidence package

60.25%

Of NPD providers are not in PECOS Medicare enrollment good standing (Datagence reconciliation)

$35K

Fixed fee. Single invoice. No engineering lift on your side.

Request a Scoping Call →

Overview

The CY 2027 Attestation Is Not a Routine Filing.

42 CFR 422.111(m) requires every Medicare Advantage organization to attest at least annually that the provider directory data it submits to CMS is accurate. CMS’s Technical Implementation Guide for the rule specifies who signs and how: the attestation must be completed electronically in HPMS, and only the CEO, CFO, or COO is authorized to sign. The language is fixed: “Accurate, complete, and truthful at the time of the attestation to the best information, knowledge, and belief of the MA organization.”

Unlike other Part 422 certification provisions, the Technical Guide names only those three officers and provides no pathway to delegate the signature to compliance staff or network operations. It is the signatory personally, under the standard of their own knowledge.

Today, most signatories would sign that attestation on faith. They would be relying on the confidence of their network operations team rather than on independent, documented evidence that what was submitted to CMS meets the technical specification, reconciles against federal reference data, and updates within the mandated 30-day cadence.

The NPD Submission Readiness Assessment closes that gap. It produces the evidence package your signatory needs to sign under the “best information, knowledge, and belief” standard, and the audit trail your compliance team needs when that attestation is later reviewed by regulators, plaintiffs’ firms, or state AGs.

Your compliance team drafts the attestation. Your signatory carries the liability.

The readiness evidence the signature rests on is the product.

This page walks through what the assessment delivers, how the 30-day engagement runs, and what your organization walks away with, beginning the moment the engagement kicks off and continuing long after September 1.

Section 01 · Signatory Liability

What Your Signatory Is Actually Signing

CMS-4208-F2 requires every Medicare Advantage organization to attest in HPMS at least annually that its provider directory data meets a specific, legally operative standard. CMS’s Technical Implementation Guide for the rule specifies who can sign: only the CEO, CFO, or COO, with no pathway to delegate. It is the signatory’s signature, under their own name, on their own standard of knowledge.

Four elements of that attestation define what “readiness” actually means before the signature is applied.

Element 01

The Signature Itself

Personal and electronic. CEO, CFO, or COO only, with no delegation pathway. Filed in the HPMS MPF Provider Directory module under Plan Bids.

Element 02

The Legal Standard

“Accurate, complete, and truthful at the time of the attestation to the best information, knowledge, and belief of the MA organization.”

Element 03

The Underlying Dataset

Every in-network provider and facility: NPI, name, address, phone, NUCC taxonomy, MA Plan ID, contract year, last-updated timestamp in ISO 8601.

Element 04

The Ongoing Obligation

30-day update cadence, validated by daily CMS crawls of the plan’s API URLs. Attestation is a point-in-time event on a continuous obligation.

The “best information, knowledge, and belief” standard is the core of the product. It is exactly what most signatories do not have today without independent, documented readiness evidence. The assessment produces that evidence, organized against every data element the attestation covers.

The CMS Validation Is Against the Submission Spec, Not Against the NPD

A frequent misreading of the new environment is that CMS will validate an MA plan’s directory against the National Provider Directory content. It will not. CMS will validate the plan’s submitted data against the CY 2027 Dual Option Solution technical specification, either a machine-readable MAPROVIDERS.JSON file or a FHIR-based JSON API conforming to the PDex Plan-Net Implementation Guide version 1.2.0 on HL7 FHIR R4, and against the 30-day update cadence. That conformance test is the gate. Reconciliation against the federally-published NPD reference dataset is a higher-quality readiness signal, but it is not what determines pass or fail.

That distinction matters for the reconciliation work itself. Per the AINPI third-party audit of the April 9, 2026 NPD release, the data is technically strong on some dimensions: 95.72% NPPES identity validity, 99.83% valid NUCC taxonomy on Practitioner.qualification, and clean Practitioner dedup across 7.44 million NPIs. It is materially weaker on others: 70.5% of Organization NPIs map to more than one Organization resource, and 98.7% of Organizations carry zero Endpoint references. Datagence’s own reconciliation of NPD records against PECOS enrollment status adds another layer: 60.25% of providers in the NPD are not in Medicare enrollment good standing. Reconciliation exceptions between a plan’s directory and the NPD may indicate plan-side errors, or they may indicate NPD-side artifacts. Distinguishing the two is the work.

The consequence of failing is concrete. When an MA organization fails attestation, produces fatal errors in JSON or FHIR validation, or exceeds CMS’s data quality thresholds, CMS suppresses the plan’s provider directory on Medicare Plan Finder. During Annual Election Period, that means beneficiaries shopping MPF do not see your providers at all. It is the most material competitive exposure in the CY 2027 calendar.

Section 02 · Readiness Questions

The Five Questions Every MA Plan Is Asking

Across every MA organization we have spoken with since the April 9 NPD release, the same five questions surface. Each one the assessment is built to answer with documented, defensible evidence.

Can we meet the September 1 HPMS attestation cleanly, or will our signatory refuse to sign?

What the assessment delivers: A signed Attestation Readiness Scorecard covering every CMS-4208-F2 data element, coded Ready, At-Risk, or Not-Ready per element.

Will our FHIR-based provider directory API meet the CY 2027 Dual Option Solution specifications?

What the assessment delivers: A FHIR API Gap Report mapped to the PDex Plan-Net IG 1.2.0 on HL7 FHIR R4, covering all seven required FHIR resources, with fix priorities and effort estimates.

Which providers in our directory are likely to flag as not-in-good-standing?

What the assessment delivers: A provider-level enrollment risk list built on CMS enrollment signals, OIG LEIE exclusions, and SAM.gov data, against the 60.25% NPD-PECOS not-in-good-standing baseline (Datagence reconciliation).

How does our directory reconcile against the federally-published NPD reference dataset?

What the assessment delivers: A field-level reconciliation report against the April 9 NPD public use files, segregating plan-side gaps from NPD-side artifacts, with provider-level exceptions.

What remediation work must be complete between now and September 1, and what does it cost?

What the assessment delivers: A prioritized remediation plan with effort estimates, a week-by-week timeline mapped to the May 4 to August 31 CMS testing window, and a go-forward 30-day maintenance model.

Section 03 · Deliverables

What You Receive at the End of 30 Days

Each deliverable stands on its own if the engagement is paused. Together, they constitute the evidence package your signatory signs under, and the documentation your compliance team preserves as the audit trail behind the attestation event itself.

PRIMARY

Attestation Readiness Scorecard

Organized by CMS-4208-F2 data element. Ready / At-Risk / Not-Ready status codes. Written for signatory review.

TECHNICAL

FHIR API Gap Report

PDex Plan-Net IG 1.2.0 conformance check. All seven required resources. Fix priorities and effort estimates.

RECONCILIATION

NPD Reconciliation Report

Field-level comparison against the April 9 federal release. Plan-side gaps segregated from NPD-side artifacts identified in the AINPI independent audit, including Organization duplication and Endpoint linkage structure.

RISK

Enrollment-in-Good-Standing Risk List

Provider-level risk scoring. CMS enrollment signals, OIG LEIE, SAM.gov. Against the 60.25% NPD-PECOS reconciliation baseline.

ACTION

Prioritized Remediation Plan

Week-by-week execution timeline through August 31. Effort estimates per workstream. Go-forward maintenance model.

EVIDENCE

Auditable Documentation Package

Dated, third-party readiness record suitable as HPMS attestation evidence and audit defense.

“The assessment should never be positioned as legal attestation. What it produces is the evidence the signatory relies on to attest, and the audit trail compliance relies on after.”

The signatory signs. The readiness evidence is what the signature rests on. Those are distinct documents with distinct legal status, and the assessment makes the distinction explicit in the deliverable package.

Optional Scope: Remediation Execution

For organizations that want the top 20% of highest-risk records remediated before the executive readout, rather than documented for internal execution, the assessment offers a capped $15,000 add-on that returns a cleaned, submission-ready dataset on the provider records most likely to trigger fatal errors in CMS validation.

Section 04 · Methodology

The 30-Day Engagement

Four phases, each producing a deliverable that can stand on its own if the engagement pauses. Designed to fit inside the CMS Phase 2 plan testing window (May 4 to August 31, 2026) so that remediation begins before the testing period closes, not after.

Phase 01 · Days 1-5

Ingest and Baseline

Output: Baseline dataset

▸ Intake session with Network Operations, Compliance, and IT to scope directory sources, systems, and authoritative ownership.
▸ Ingestion of current directory exports, roster files, and any existing FHIR provider directory API output.
▸ Normalization into the Datagence CDEX schema and the Polus HCP Person / Provider / Practice / Location model.
▸ Baseline match against NPPES (8M+ records) and the April 9 NPD public use files.

Phase 02 · Days 6-15

Reconcile and Score

Output: Gap analysis

▸ Field-level reconciliation against NPD Practitioner, PractitionerRole, Organization, and Endpoint records.
▸ Entity resolution using patent-pending multi-entity consensus and confidence scoring.
▸ Enrollment-in-good-standing signal extraction from NPPES, OIG LEIE, and SAM.gov exclusions.
▸ Address, phone, and practice-location reachability probes on a statistically significant sample.
▸ FHIR API conformance check against the CY 2027 Dual Option Solution specifications, where an API is already in place.

Phase 03 · Days 16-25

Report and Remediate

Output: Readiness reports

▸ Generation of the Attestation Readiness Scorecard, NPD Reconciliation Report, and FHIR API Gap Report.
▸ Provider-level exception list with prioritized remediation actions.
▸ Working-session walkthrough with Network Operations and Compliance teams.
▸ Optional: remediation execution on the top 20% of highest-risk records, returned as a cleaned, submission-ready dataset.

Phase 04 · Days 26-30

Executive Readout and Transition

Output: Signatory readout

▸ Executive readout to the signatory, Chief Compliance Officer, and network operations leadership.
▸ Go-forward 30-day maintenance model proposal, including the Polus HCP subscription conversion option.
▸ Handoff package with auditable documentation suitable as HPMS attestation evidence.

Each phase produces a standalone deliverable. If priorities shift mid-engagement, the work completed through that point is self-contained and usable. The engagement is designed to de-risk itself.

Section 05 · Audit Defensibility

The Evidence Package That Lives Beyond September 1

The attestation is not a private filing. Once signed, it becomes a document that plaintiffs’ firms, state attorneys general, and CMS auditors can reference in subsequent proceedings. A ghost network lawsuit filed in 2027 will ask the same question any compliance audit will ask: what evidence did the signatory rely on when attesting that the directory was “accurate, complete, and truthful”?

The readiness evidence produced in the assessment is designed to answer that question concretely. Three elements of the deliverable package are specifically structured for audit defense and post-attestation review.

Dated Third-Party Record

A timestamped, externally produced readiness record is materially stronger in audit than internal self-assessment alone.

Remediation Log

A documented record of what was identified, what was remediated, and on what timeline, covering the window between assessment and attestation.

Provenance Trail

Record-level evidence of which sources were reconciled, which fields were validated, and which exceptions were knowingly left unresolved.

The assessment does not eliminate audit or litigation exposure. No product does. What it does is move the evidentiary posture from “we believed it was accurate” to “we documented our diligence against the federal reference, the submission specification, and every data element CMS will validate against, on a dated timeline that preceded the attestation.”

Section 06 · Commercial Terms

How the Engagement Is Structured

Standard Engagement

$35,000

Fixed fee. 30-day engagement. Signed MSA, single-invoice structure, net-30 terms. For MA plans of 25,000 to 500,000 lives.

Larger Plans

$55K-$75K

For organizations above 500,000 lives. Scoped in the initial intake call based on directory source complexity and network count.

Optional Remediation

+$15,000

Capped add-on for execution on the top 20% of highest-risk records. Returned as cleaned, submission-ready dataset.

Subscription Credit

50% back

Half of the assessment fee credits toward year-one Polus HCP subscription for organizations that convert within 120 days of readout.

The Only Timeline That Matters

May 4, 2026

CMS plan testing period opens. Daily crawl and validation simulation begins.

Aug 31, 2026

Last day to resolve fatal errors before production release.

Sept 1, 2026

HPMS attestation deadline. Signatory signs or the plan files late.

Oct 1, 2026

CY 2027 production release of Medicare Plan Finder. AEP visibility on the line.

Next Step

Request a 30-Minute Scoping Call.

No sales pitch. A working conversation about your current directory posture, your FHIR readiness, and where your signatory’s exposure sits against the CMS-4208-F2 data elements. If the assessment fits your situation, we scope it on the call. If it does not, we say so.

Schedule a Scoping Call →

✓ Fixed scope, fixed fee

✓ 30 days to signed readout

✓ No engineering lift required

Regulatory and Technical References

42 CFR 422.111(m) (eCFR) · CMS-4208-F2 Medicare Advantage Provider Directory Final Rule (Federal Register, September 19, 2025) · CMS Draft Technical Implementation Guide for Supplying Medicare Advantage Provider Directory Data to CMS (November 7, 2025) · PDex Plan-Net Implementation Guide v1.2.0 on HL7 FHIR R4 · National Provider Directory Public Use Files (directory.cms.gov) · FHIR IQ / AINPI: Independent NPD Data Quality Audit, April 21, 2026 (ainpi.vercel.app) · Datagence NPD-PECOS Reconciliation Analysis, April 2026 · CMS OIG List of Excluded Individuals/Entities (LEIE) · SAM.gov Exclusions.

The NPD Submission Readiness Assessment produces readiness evidence for HPMS attestation. It does not constitute legal attestation and does not transfer or substitute for the signatory’s personal certification under 42 CFR 422.111(m).

NPD Attestation