National Provider Identifier

Last updated

A National Provider Identifier (NPI) is a unique 10-digit identification number issued to health care providers in the United States by the Centers for Medicare and Medicaid Services (CMS). The NPI has replaced the Unique Physician Identification Number (UPIN) as the required identifier for Medicare services, and is used by other payers, including commercial healthcare insurers. The transition to the NPI was mandated as part of the Administrative Simplifications portion of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). [1]

Contents

Mandated uses

HIPAA–covered entities such as providers completing electronic transactions, healthcare clearinghouses, and large health plans were required by regulation to use only the NPI to identify covered healthcare providers by May 23, 2007. CMS subsequently announced that as of May 23, 2008, CMS will not impose penalties on covered entities that deploy contingency plans to facilitate the compliance of their trading partners (e.g., those healthcare providers who bill them). The posted guidance document can be used by covered entities to design and implement a contingency plan. Details are contained in a CMS document entitled, "Guidance on Compliance with the HIPAA National Provider Identifier (NPI) Rule." Small health plans have one additional year to comply.

All individual HIPAA–covered healthcare providers or organizations must obtain an NPI for use in all HIPAA standard transactions, even if a billing agency prepares the transaction. Individual HIPAA–covered healthcare providers include physicians, pharmacists, physician assistants, midwives, nurse practitioners, nurse anesthetists, dentists, denturists, licensed opticians, optometrists, chiropractors, clinical social workers, professional counselors, physical therapists, occupational therapists, prosthetists, orthotists, pharmacy technicians and athletic trainers. Organizations include hospitals, home health care agencies, nursing homes, residential treatment centers, group practices, laboratories, pharmacies and medical equipment companies. Once assigned, a provider's NPI is permanent and remains with the provider regardless of job or location changes.

Other health industry workers who provide support services but not health care (such as admissions and medical billing personnel, housekeeping staff and orderlies) are not required to obtain an NPI.

Optional uses

The NPI must be used in connection with the electronic transactions identified in HIPAA. In addition, the NPI may be used in several other ways:

  1. by health care providers to identify themselves in health care transactions identified in HIPAA or on related correspondence;
  2. by health care providers to identify other health care providers in health care transactions or on related correspondence;
  3. by health care providers on prescriptions (however, the NPI will not replace requirements for the DEA number or state license number);
  4. by health plans in their internal provider files to process transactions and communicate with health care providers;
  5. by health plans to coordinate benefits with other health plans;
  6. by health care clearinghouses in their internal files to create and process standard transactions and to communicate with health care providers and health plans;
  7. by electronic patient record systems to identify treating health care providers in patient medical records;
  8. by the Department of Health and Human Services to cross reference health care providers in fraud and abuse files and other program integrity files;
  9. for any other lawful activity requiring individual identification. [2]

Signup process

The NPI number can be obtained online through the National Plan and Provider Enumeration System (NPPES) pages on CMS's website. [3] Turnaround time for obtaining a number is from 1 to 20 days. NPI numbers can be searched on the CMS website listed in external links 'National Plan and Provider Enumeration System information from CMS'.

Identifier details

The NPI is a 10-position, intelligence-free numeric identifier (10-digit number). This means that the numbers do not carry other information about healthcare providers, such as the state in which they live or their medical specialty. The NPI must be used in lieu of legacy provider identifiers in the HIPAA standards transactions. As outlined in the federal regulation, The Health Insurance Portability and Accountability Act of 1996 (HIPAA), covered providers must also share their NPI with other providers, health plans, clearinghouses, and any entity that may need it for billing purposes. [4]

Ten-digit NPI numbers may be validated using the Luhn algorithm by prefixing "80840" to the 10-digit number. [5]

Open data set

NPI data is downloadable from CMS. The downloadable database was updated monthly until December 2012, and has been issued weekly since. A data structure file is available separately from CMS. [6] As of June 2024, the file download size is 947.84 MB, and the raw database file (npidata_pfile_20050523-20240512.csv) is 9.3 GB when extracted. [7] The size of the data has been steadily growing over time. The size of the raw database file was 8.8GB in June 2023, and 8.2GB in June 2022.

Use as a data key

The NPI is a data key that identifies a substantial portion of healthcare providers and other entities in the US, it is a frequently used data key in other data sources. For instance, the DocGraph data set is a crowdfunded open data [8] set that details how healthcare providers collaborate to deliver care (i.e. referral patterns) that uses the NPI as its data key. [9]

The NPI is often a common denominator between various healthcare provider identifier numbers, such as CMS Certification Number [10] (CCN; formerly OSCAR number), Employer Identification Number, and PECOS Associate Control ID [11] (PAC ID). With an increasing number of publicly available datasets containing these identifiers, some organizations have extracted the most plausible links between these identifiers. For example, a crosswalk between CCN and NPI can be obtained by analyzing the facility ownership datasets. [12] As another example, a subset of the crosswalk between EIN and NPI can be derived by analyzing the provider reference files from various payers. [13]

Notes

  1. "HIPAA - General Information" Archived 2007-06-11 at the Wayback Machine . Centers for Medicare & Medicaid Services. Retrieved August 15, 2006.
  2. "Frequently Asked Questions about the National Provider Identifier". HHS. Retrieved July 16, 2019.
  3. "National Plan and Provider Enumeration System (NPPES) National Provider Identifier (NPI) for Health Care Providers". Centers for Medicare & Medicaid Services. Retrieved February 14, 2007.
  4. "National Provider Identifier Standard (NPI)". CMS.gov.
  5. "Requirements for the National Provider Identifier (NPI) and NPI Check Digit" (PDF). CMS.gov. 2004-01-23.
  6. National Plan and Provider Enumeration System (NPPES) Data Dissemination – Readme
  7. "NPI Files". download.cms.gov.
  8. "MedStartr". www.medstartr.com.
  9. Trotter, Fred (2012-11-19). "DocGraph: Open social doctor data". O'Reilly Radar. Retrieved 2017-10-24.
  10. "ResDAC CMS Certification Number Description". ResDAC.
  11. "Medicare Fee-For-Service Public Provider Enrollment Data". Data.CMS.gov.
  12. "A crosswalk between NPI and CCN (open data)". GitHub.
  13. "A crosswalk between NPI and EIN/TIN (a free NPI look-up tool)". NPI-DB.org.

Related Research Articles

<span class="mw-page-title-main">Medicare (United States)</span> US government health insurance program

Medicare is a federal health insurance program in the United States for people age 65 or older and younger people with disabilities, including those with end stage renal disease and amyotrophic lateral sclerosis. It was begun in 1965 under the Social Security Administration and is now administered by the Centers for Medicare and Medicaid Services (CMS).

<span class="mw-page-title-main">Centers for Medicare & Medicaid Services</span> United States federal agency

The Centers for Medicare & Medicaid Services (CMS) is a federal agency within the United States Department of Health and Human Services (HHS) that administers the Medicare program and works in partnership with state governments to administer Medicaid, the Children's Health Insurance Program (CHIP), and health insurance portability standards. In addition to these programs, CMS has other responsibilities, including the administrative simplification standards from the Health Insurance Portability and Accountability Act of 1996 (HIPAA), quality standards in long-term care facilities through its survey and certification process, clinical laboratory quality standards under the Clinical Laboratory Improvement Amendments, and oversight of HealthCare.gov. CMS was previously known as the Health Care Financing Administration (HCFA) until 2001.

Medical privacy, or health privacy, is the practice of maintaining the security and confidentiality of patient records. It involves both the conversational discretion of health care providers and the security of medical records. The terms can also refer to the physical privacy of patients from other patients and providers while in a medical facility, and to modesty in medical settings. Modern concerns include the degree of disclosure to insurance companies, employers, and other third parties. The advent of electronic medical records (EMR) and patient care management systems (PCMS) have raised new concerns about privacy, balanced with efforts to reduce duplication of services and medical errors.

<span class="mw-page-title-main">Health Insurance Portability and Accountability Act</span> United States federal law concerning health information

The Health Insurance Portability and Accountability Act of 1996 is a United States Act of Congress enacted by the 104th United States Congress and signed into law by President Bill Clinton on August 21, 1996. It aimed to alter the transfer of healthcare information, stipulated the guidelines by which personally identifiable information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and addressed some limitations on healthcare insurance coverage. It generally prohibits healthcare providers and businesses called covered entities from disclosing protected information to anyone other than a patient and the patient's authorized representatives without their consent. The bill does not restrict patients from receiving information about themselves. Furthermore, it does not prohibit patients from voluntarily sharing their health information however they choose, nor does it require confidentiality where a patient discloses medical information to family members, friends or other individuals not employees of a covered entity.

Medical billing is a payment practice within the United States healthcare system. The process involves the systematic submission and processing of healthcare claims for reimbursement. Once the services are provided, the healthcare provider creates a detailed record of the patient's visit, including the diagnoses, procedures performed, and any medications prescribed. This information is translated into standardized codes using the appropriate coding system, such as ICD-10-CM or Current Procedural Terminology codes—this part of the process is known as medical coding. These coded records are submitted by medical billing to the health insurance company or the payer, along with the patient's demographic and insurance information. Most insurance companies use a similar process, whether they are private companies or government sponsored programs. The insurance company reviews the claim, verifying the medical necessity and coverage eligibility based on the patient's insurance plan. If the claim is approved, the insurance company processes the payment, either directly to the healthcare provider or as a reimbursement to the patient. The healthcare provider may need to following up on and appealing claims.

Dual-eligible beneficiaries refers to those qualifying for both Medicare and Medicaid benefits. In the United States, approximately 9.2 million people are eligible for "dual" status. Dual-eligibles make up 14% of Medicaid enrollment, yet they are responsible for approximately 36% of Medicaid expenditures. Similarly, duals total 20% of Medicare enrollment, and spend 31% of Medicare dollars. Dual-eligibles are often in poorer health and require more care compared with other Medicare and Medicaid beneficiaries.

In the healthcare industry, pay for performance (P4P), also known as "value-based purchasing", is a payment model that offers financial incentives to physicians, hospitals, medical groups, and other healthcare providers for meeting certain performance measures. Clinical outcomes, such as longer survival, are difficult to measure, so pay for performance systems usually evaluate process quality and efficiency, such as measuring blood pressure, lowering blood pressure, or counseling patients to stop smoking. This model also penalizes health care providers for poor outcomes, medical errors, or increased costs. Integrated delivery systems where insurers and providers share in the cost are intended to help align incentives for value-based care.

This article discusses the definitions and types of home medical equipment (HME), also known as durable medical equipment (DME), and durable medical equipment and prosthetics and orthotics (DMEPOS).

Protected health information (PHI) under U.S. law is any information about health status, provision of health care, or payment for health care that is created or collected by a Covered Entity, and can be linked to a specific individual. This is interpreted rather broadly and includes any part of a patient's medical record or payment history.

WEDI, pronounced "wee dee", is a not-for-profit user group in the United States for users of Electronic Data Interchange (EDI) in public and private healthcare. It is sometimes referred to by other names including some or all of the words Workgroup for Electronic Data Interchange.


Medicare Advantage is a type of health plan offered by Medicare-approved private companies that must follow rules set by Medicare. Most Medicare Advantage Plans include drug coverage. Under Part C, Medicare pays a sponsor a fixed payment. The sponsor then pays for the health care expenses of enrollees. Sponsors are allowed to vary the benefits from those provided by Medicare's Parts A and B as long as they provide the actuarial equivalent of those programs. The sponsors vary from primarily integrated health delivery systems to unions to other types of non profit charities to insurance companies. The largest sponsor is a hybrid: the non-profit interest group AARP using UnitedHealth.

An accountable care organization (ACO) is a healthcare organization that ties provider reimbursements to quality metrics and reductions in the cost of care. ACOs in the United States are formed from a group of coordinated health-care practitioners. They use alternative payment models, normally, capitation. The organization is accountable to patients and third-party payers for the quality, appropriateness and efficiency of the health care provided. According to the Centers for Medicare and Medicaid Services, an ACO is "an organization of health care practitioners that agrees to be accountable for the quality, cost, and overall care of Medicare beneficiaries who are enrolled in the traditional fee-for-service program who are assigned to it".

The Healthcare Common Procedure Coding System is a set of health care procedure codes based on the American Medical Association's Current Procedural Terminology (CPT).

The Health Information Technology for Economic and Clinical Health Act, abbreviated the HITECH Act, was enacted under Title XIII of the American Recovery and Reinvestment Act of 2009. Under the HITECH Act, the United States Department of Health and Human Services resolved to spend $25.9 billion to promote and expand the adoption of health information technology. The Washington Post reported the inclusion of "as much as $36.5 billion in spending to create a nationwide network of electronic health records." At the time it was enacted, it was considered "the most important piece of health care legislation to be passed in the last 20 to 30 years" and the "foundation for health care reform."

The Fast Healthcare Interoperability Resources standard is a set of rules and specifications for exchanging electronic health care data. It is designed to be flexible and adaptable, so that it can be used in a wide range of settings and with different health care information systems. The goal of FHIR is to enable the seamless and secure exchange of health care information, so that patients can receive the best possible care. The standard describes data formats and elements and an application programming interface (API) for exchanging electronic health records (EHR). The standard was created by the Health Level Seven International (HL7) health-care standards organization.

Health care finance in the United States discusses how Americans obtain and pay for their healthcare, and why U.S. healthcare costs are the highest in the world based on various measures.

Credentialing is the process of establishing the qualifications of licensed medical professionals and assessing their background and legitimacy.

Health care analytics is the health care analysis activities that can be undertaken as a result of data collected from four areas within healthcare; claims and cost data, pharmaceutical and research and development (R&D) data, clinical data, and patient behavior and sentiment data (patient behaviors and preferences,. Health care analytics is a growing industry in the United States, expected to grow to more than $31 billion by 2022. The industry focuses on the areas of clinical analysis, financial analysis, supply chain analysis, as well as marketing, fraud and HR analysis.

Medical data, including patients' identity information, health status, disease diagnosis and treatment, and biogenetic information, not only involve patients' privacy but also have a special sensitivity and important value, which may bring physical and mental distress and property loss to patients and even negatively affect social stability and national security once leaked. However, the development and application of medical AI must rely on a large amount of medical data for algorithm training, and the larger and more diverse the amount of data, the more accurate the results of its analysis and prediction will be. However, the application of big data technologies such as data collection, analysis and processing, cloud storage, and information sharing has increased the risk of data leakage. In the United States, the rate of such breaches has increased over time, with 176 million records breached by the end of 2017. There have been 245 data breaches of 10,000 or more records, 68 breaches of the healthcare data of 100,000 or more individuals, 25 breaches that affected more than half a million individuals, and 10 breaches of the personal and protected health information of more than 1 million individuals.

Federal and state governments, insurance companies and other large medical institutions are heavily promoting the adoption of electronic health records. The US Congress included a formula of both incentives and penalties for EMR/EHR adoption versus continued use of paper records as part of the Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the, American Recovery and Reinvestment Act of 2009.