The Health Insurance Portability and Accountability Act of 1996 (HIPAA) mandated that the Secretary of Health and Human Services (HHS) adopt a standard unique health identifier for health care providers.
On January 23, 2004, HHS published the Final Rule that adopts the National Provider Identifier (the NPI) as the standard unique health identifier for health care providers. The effective date of the rule is May 23, 2005, 16 months after its publication date. Health care providers may apply for NPIs beginning on the effective date.
The compliance date for all covered entities is May 23, 2007, except that small health plans do not need to comply until May 23, 2008. When the NPI is implemented, covered entities will use only the NPI to identify health care providers in all standard transactions. Legacy identification numbers (e.g., UPIN, Blue Cross and Blue Shield Numbers, CHAMPUS Number, Medicaid Number, etc.) will not be permitted. Health care providers will no longer have to keep track of multiple numbers to identify themselves in standard transactions with one or more health plans. However, the Taxpayer Identifying Number may need to be reported for tax purposes as required by the implementation specifications.
The NPI is a numeric 10-digit identifier, consisting of 9 numbers plus a check-digit in the 10th position. It is accommodated in all standard transactions, and contains no embedded information about the health care provider that it identifies. The assigned NPI does not expire; and at the current rate of health care provider growth, can continue to be assigned for 200 years.
All health care providers, as defined in 45 CFR 160.103, are eligible for NPIs. Health care providers who transmit any health information in electronic form in connection with a transaction for which the Secretary has adopted a standard are covered entities (45 CFR 160.103) and are required to obtain and use NPIs. Health care providers who are not considered covered entities may also apply and be assigned an NPI. However, entities that do not provide health care (e.g., transportation services) are not eligible to be assigned NPIs because they do not meet the definition of “health care provider” and are not subject to HIPAA regulations.
In certain situations, it is possible for “subparts” of organization health care providers (such as hospitals) to be assigned NPIs. These subparts may need to be assigned NPIs in order to conduct standard transactions on their own behalf or to meet Federal regulatory requirements related to their participation in health plans such as Medicare. The Final Rule requires covered health care providers to determine if they have subparts that may need NPIs and, if so, to obtain NPIs for the subparts or require the subparts to obtain their own NPIs. The subpart concept does not pertain to health care providers who are individuals. Health care providers will be assigned NPIs upon successful completion of an application form. The form can be submitted on paper or over the Internet. Once a health care provider has been assigned an NPI, it must furnish updates to its data within 30 days of any changes. The National Provider System (NPS), being built under a Centers for Medicare & Medicaid Services (CMS) contract, will process the applications and updates, ensure the uniqueness of the health care provider, and generate the NPIs. The NPS will be able to produce reports and information based on requests from the health care industry and others.
A single entity, known as the enumerator, and performing under a CMS contract, will operate the NPS. The enumerator will receive applications and updates from health care providers. The enumerator will assist health care providers in completing applications and in furnishing updates, and will be responsible for resolving problems and answering questions. The enumerator will notify the health care providers of their NPIs. The enumerator will also process requests for, and disseminate information containing, health care providers’ NPIs. HHS will prepare a Federal Register Notice describing the NPS data dissemination policy. Information about NPI implementation, including information on how to apply for NPIs, will be made available to the health care industry by CMS closer to the effective date.
All HIPAA covered healthcare providers, whether they are individuals or organizations, must obtain an NPI for use to identify themselves in HIPAA standard transactions. Once enumerated, a provider’s NPI will not change. The NPI remains with the provider regardless of job or location changes.