skip to: page content | links on this page | site navigation | footer (site information)

 

Company | SupportContact Us
Privacy | Transactions and Code Sets | Security | Identifiers
HIPAA Navigator | HIPAA SLP | Manuals
Approach | Assessment | Implementation | Training | Evaluation | Maintenance
For Providers | For Health Plans | FAQ | Free Downloads
For Providers | For Health Plans | For Attorneys | For Security Professionals
subglobal7 link | subglobal7 link | subglobal7 link | subglobal7 link | subglobal7 link | subglobal7 link | subglobal7 link
subglobal8 link | subglobal8 link | subglobal8 link | subglobal8 link | subglobal8 link | subglobal8 link | subglobal8 link

Health Care Provider Identifier

3. Approved Uses of the NPI

The preamble of the May 7, 1998, proposed rule discussed approved uses of the NPI. We did not receive
comments that objected to those uses. By 24 months after the effective date of this final rule, covered health care providers, health plans (except for small health plans), and health care clearinghouses must use the NPI in standard transactions. Small health plans must do so within 36 months of the effective date. Covered health care providers must disclose their NPIs to other entities when these entities need to include those health care providers' NPIs in standard transactions. We encourage all other health care providers to do the same.

The NPI may also be used for any other lawful purpose requiring the unique identification of a health care
provider. It may not be used in any activity otherwise prohibited by law. Examples of permissible uses include, in addition to the above, the following:

  • The NPI may be used as a cross-reference in health care provider fraud and abuse files and other program integrity files.
  • The NPI may be used to identify health care providers for debt collection under the provisions of the Debt Collection Improvement Act of 1996 (Pub. L. 104-134, enacted on April 26, 1996) and the Balanced Budget Act of 1997 (Pub. L. 105-33, enacted on August 5, 1997).
  • Health care providers may use their own NPIs to identify themselves in nonstandard health care transactions and on related correspondence.
  • Health care providers may use other health care providers NPIs to identify those other health care providers in health care transactions and on related correspondence.
  • Health plans may use NPIs in their internal health care provider files to process transactions and in communications with health care providers.
  • Health plans may communicate NPIs to other health plans for coordination of benefits.
  • Health care clearinghouses may use NPIs in their internal files to create and process standard transactions and in communications with health care providers and health plans.
  • NPIs may be used to identify health care providers in patient medical records.
  • NPIs may be used to identify health care providers that are health care card issuers on health care identification cards. We encourage health care providers that are not required to comply with HIPAA regulations to use NPIs in the ways listed above.

4. System of Records Notice

A System of Records Notice (HHS/HCFA/OIS No. 09-70-0008) published in the Federal Register on July 28, 1998 (63 FR 40297), listed the ways in which data from the NPS that are protected by the Privacy Act may be used. Few comments were received on the System of Records Notice. We are including a summary of the comments below:

Comment: One commenter believes that the data collected to assign NPIs to physicians should be kept to an absolute minimum. Data that are not required for enumeration or legitimate administrative purposes should not be collected. Data released beyond HHS must be released in accordance with the provisions of the Privacy Act, insofar as that Act applies to the data in question, and the Freedom of Information Act, as appropriate. Data in addition to those which are published in the Unique Physician Identification Number (UPIN) Directory should not be released. Most of the data collected to enumerate an individual should not be publicly available.

Another commenter was concerned that removal of a health care provider's record from the NPS could result in the re-issuance of that health care provider's NPI to another health care provider. The NPI must remain
unequivocally unique and the NPS must never re-issue a previously assigned NPI. Removal of a health care provider's records at some point after the health care provider's death is reasonable, as long as there are guarantees that the health care provider's NPI will never be used by another health care provider or re-issued to another health care provider.

Response: In section II. C. 2. of this preamble, ''Data Elements and Data Dissemination,'' we describe the information that we expect will be collected and stored in the NPS. The requirements described in the comments we received on the NPS System of Records Notice will be met in the design and operation of the NPS and in the enumeration functions.

5. Summary of Effects on Various Entities

Below is a summary of how the implementation of the NPI will affect health care providers, health plans, and health care clearinghouses.

a. Health Care Providers

At this time, bulk enumeration of health care providers is not expected to occur. If, however, it is determined to be feasible, we will populate the NPS with data from Medicare provider files. If bulk enumeration were to occur, the affected health care providers would be notified of their NPIs and would not have to apply for them. Otherwise, in order to be assigned NPIs, covered health care providers must apply for NPIs. (Health care providers that are not covered entities are encouraged to apply for NPIs.) After applying for NPIs, health care providers will be assigned and notified of their NPIs by the NPS. Health care providers will submit a paper application or, if feasible, will have the option of applying for NPIs via the Internet. The NPI application/update form and information about health care provider enumeration will be available from the CMS Web site (http://www.cms.hhs.gov). Covered health care providers that have been assigned NPIs must furnish updates (changes) in their required NPS data or that of their subparts to the NPS within 30 days of the changes; they may use the NPI application/update form for this purpose. We recommend that health care providers notify the health plans in which they are enrolled of any changes at the same time they notify the NPS of these changes. (This recommendation does not preclude health plans from requiring notification of updates within a shorter time frame.) We encourage health care providers who have been assigned NPIs but who are not covered entities also to notify the NPS of changes in their NPS data within 30 days of the changes. Covered health care providers must use their NPIs to identify themselves and their subparts, if appropriate, on all standard transactions when their health care provider identifiers are required. We encourage all health care providers and subparts that have been assigned NPIs to do the same.

Covered health care providers must disclose their NPIs and those of their subparts to entities that need the NPIs to identify those health care providers in standard transactions. We encourage all health care providers and subparts that have been assigned NPIs to do the same.

Covered health care providers must require their business associates, if they use them to conduct standard transactions on their behalf, to use their NPIs and the NPIs of other health care providers and subparts appropriately as required by those transactions. Covered health care providers that are organization health care providers with subparts as described earlier in this preamble must ensure that, when NPIs are assigned to subparts, either the covered health care provider or the subpart (1) uses the NPIs of the subparts on all standard transactions when their health care provider identifiers are required, (2) discloses their NPIs to entities that need the NPIs to identify those subpart(s) in standard transactions, (3) communicates changes in required data elements of the subparts to the NPS, and (4) requires business associates of the subparts, if
they use them to conduct standard transactions on their behalf, to use their NPIs and the NPIs of other health care providers and subparts appropriately as required by the transactions that the business associates conduct on their behalf.

b. Health Plans

Health plans must use the NPI of any health care provider or subpart that has been assigned an NPI to identify that health care provider or subpart on all standard transactions when the NPI is required. All plans except small health plans have 24 months from the effective date of this final rule to implement the NPI; small health plans have 36 months. Health plans that need NPS data in order to create standard transactions
will be able to obtain NPS data from the NPS. (See section II. C. 2. of this preamble, ''Data Elements and Data Dissemination.'') Use of data from the NPS in order to comply with HIPAA requirements is a routine use as published in the NPS System of Records Notice.

HIPAA does not prohibit a health plan from requiring its enrolled health care providers to obtain NPIs if those health care providers are eligible for NPIs as discussed earlier in this preamble.

c. Health care clearinghouses

Health care clearinghouses must use the NPI of any health care provider or subpart that has been assigned an NPI to identify that health care provider or subpart on all standard transactions when the NPI is required. As with health plans, health care clearinghouses will be able to obtain NPS data from the NPS.

Go to TOP

DATA

Privacy Policy | Legal Notice | ©2001-2008 HIPAAssociates, Inc.