What Is an NPI?
A National Provider Identifier or NPI is a unique 10-digit identification number issued to health care providers in the United States by the Centers for Medicare and Medicaid Services (CMS). The NPI has replaced the unique provider identification number (UPIN) as the required identifier for Medicare services, and is used by other payers, including commercial healthcare insurers. The transition to the NPI was mandated as part of the Administrative Simplifications portion of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and CMS began issuing NPIs in October 2006.
An NPI is a 10-position, intelligence-free numeric identifier (10-digit number). Intelligence-free means the number does not carry information about health care providers, such as the state where the provider practices, the provider type, or the provider’s specialization. The NPI must be used in place of legacy provider identifiers, such as a Unique Provider Identification Number (UPIN), Online Survey Certification & Reporting (OSCAR), and National Supplier Clearinghouse (NSC) in HIPAA standard transactions.
All health care providers (e.g., physicians, suppliers, hospitals, and others) are eligible for an NPI. Health care providers are individuals or organizations that render health care as defined in 45 Code of Federal Regulations (CFR) 160.103. For more information, refer to 45 CFR 160.103 at http://www.gpo.gov/fdsys/pkg/CFR-2009-title45-vol1/pdf/CFR-2009-title45-vol1-sec160-103.pdf on the Internet.
HIPAA covered entities such as providers completing electronic transactions, healthcare clearinghouses, and large health plans were required by regulation to use only the NPI to identify covered healthcare providers by May 23, 2007. CMS subsequently announced that as of May 23, 2008, CMS will not impose penalties on covered entities that deploy contingency plans to facilitate the compliance of their trading partners (e.g., those healthcare providers who bill them). The posted guidance document can be used by covered entities to design and implement a contingency plan. Details are contained in a CMS document entitled, "Guidance on Compliance with the HIPAA National Provider Identifier (NPI) Rule." Small health plans have one additional year to comply.
All individual HIPAA covered healthcare providers (physicians, physician assistants, nurse practitioners, dentists,denturists, chiropractors, physical therapists, athletic trainers etc.) or organizations (hospitals, home health care agencies, nursing homes, residential treatment centers, group practices, laboratories, pharmacies, medical equipment companies, etc.) must obtain an NPI for use in all HIPAA standard transactions, even if a billing agency prepares the transaction. Once assigned, a provider's NPI is permanent and remains with the provider regardless of job or location changes.
Other health industry workers, such as admissions and medical billing personnel, housekeeping staff, and orderlies, who provide support services but not health care, are not required to obtain the NPI.
The NPI must be used in connection with the electronic transactions identified in HIPAA. In addition, the NPI may be used in several other ways:
1.by health care providers to identify themselves in health care transactions identified in HIPAA or on related correspondence; 2.by health care providers to identify other health care providers in health care transactions or on related correspondence; 3.by health care providers on prescriptions (however, the NPI will not replace requirements for the Drug Enforcement Administration number or State license number); 4.by health plans in their internal provider files to process transactions and communicate with health care providers; 5.by health plans to coordinate benefits with other health plans; 6.by health care clearinghouses in their internal files to create and process standard transactions and to communicate with health care providers and health plans; 7.by electronic patient record systems to identify treating health care providers in patient medical records; 8.by the Department of Health and Human Services to cross reference health care providers in fraud and abuse files and other program integrity files; 9.for any other lawful activity requiring individual identification
Who Must Obtain an NPI?
All health care providers who are HIPAA-covered entities, whether they are individuals (e.g., physicians, nurses, dentists, chiropractors, physical therapists, or pharmacists) or organizations (e.g., hospitals, home health agencies, clinics, nursing homes, residential treatment centers, laboratories, ambulance companies, group practices, Health Maintenance Organizations [HMOs], suppliers of durable medical equipment, pharmacies) must obtain an NPI. The NPI will be used by HIPAA-covered entities (e.g., health plans, health care clearinghouses, and certain health care providers) to identify health care providers in HIPAA standard transactions. A covered health care provider, under HIPAA, is any health care provider who transmits health information in electronic form in connection with a transaction for which the Secretary of Health and Human Services has adopted a standard, even if the health care provider uses a business associate to do so. For more information and to access a tool to help establish whether one is a covered entity, visit http://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-Simplification/HIPAAGenInfo/AreYouaCoveredEntity.html on the Centers for Medicare & Medicaid Services (CMS) website.
Obtaining an NPI Does Not:
- Ensure a provider is licensed or credentialed;
- Guarantee payment by a health plan;
- Enroll a provider in a health plan;
- Turn a provider into a covered provider;
- Require a provider to conduct HIPAA transactions; or
- Change or replace the current Medicare enrollment or certification process.
Providers or suppliers who are applying for enrollment in Medicare must have NPIs and must furnish them on their enrollment applications. An enrollment application without an NPI will be rejected.
Who Cannot Receive an NPI?
Any entity that does not meet the definition of a health care provider as defined in 45 CFR 160.103 is not eligible to apply for an NPI. Such entities include billing services, value-added networks, repricers, health care clearinghouses, non-emergency transportation services, and others.
National Plan and Provider Enumeration System (NPPES)
The National Plan and Provider Enumeration System (NPPES) was developed to assign standard unique identifiers to health care providers. The primary purpose of the NPPES is to:
- Collect information needed to uniquely identify individual and organization health care providers;
- Assign an NPI to those health care providers;
- Maintain and update the information about the health care providers; and
- Disseminate health care provider information in accordance with the provisions of the Privacy Act of 1974.
CMS published the NPPES Data Dissemination Notice on May 30, 2007. In accordance with the Electronic Freedom of Information Act (e-FOIA) Amendments, CMS has disclosed these data via the Internet.
Access to NPI data is available in two forms, the NPI Registry and an NPPES downloadable file.
The NPI Registry is an online query system in which a user can enter a health care provider’s name and retrieve that health care provider’s NPI; enter an NPI and retrieve information about the health care provider that has been assigned that NPI; and conduct certain other queries over the Internet. The NPI Registry displays information about enumerated health care providers that is disclosable under the Freedom of Information Act (FOIA). For more information, visit: http://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-Simplification/NationalProvIdentStand/DataDissemination.html on the CMS website.
To search for information within the NPI Registry, refer to:
https://npiregistry.cms.hhs.gov/NPPESRegistry/NPIRegistryHome.do on the CMS website.
NPPES Downloadable File
The NPPES downloadable file (also referred to as the NPI Downloadable File) contains information disclosable under FOIA for enumerated health care providers. It is downloadable by users with the necessary technical expertise from http://nppes.viva-it.com/NPI_Files.html on the CMS website. Each month, CMS replaces the previous month’s file; only one file is available for downloading at any given time. For more information, visit:
Health Care Provider Categories
There are two categories of health care providers for NPI enumeration purposes. Entity Type 1 providers are individual providers who render health care (e.g., physicians, dentists, nurses). Sole proprietors and sole proprietorships are Entity Type 1 (Individual) providers. Organization health care providers (e.g., hospitals, home health agencies, ambulance companies) are considered Entity Type 2 (Organization) providers.
Individual Health Care Providers, Including Sole Proprietors (Entity Type 1)
Individual health care providers are eligible for NPIs as Entity Type 1 (Individuals). A sole proprietor/sole proprietorship is an individual, and as such, is eligible for a single NPI. The sole proprietor must apply for the NPI using his or her own Social Security Number (SSN), not an Employer Identification Number (EIN) even if he/she has an EIN. How Many NPIs Can a Sole Proprietor Have? A sole proprietor is eligible for only one NPI, just like any other individual. For example, if a physician is a sole proprietor, the physician is eligible for only one NPI (the individual’s NPI), regardless of the number of different office locations the physician may have, whether the sole proprietorship has employees, and whether the Internal Revenue Service (IRS) has issued an EIN to the sole proprietorship so the employees’ W-2 forms can reflect the EIN instead of the sole proprietorship’s Taxpayer Identification Number (which is the sole proprietor’s SSN). A sole proprietor is not an incorporated individual because the sole proprietor has not formed a corporation. Being a sole practitioner or solo practitioner does not necessarily mean the practitioner is a sole proprietor, and vice versa.
Organization Health Care Providers (Entity Type 2)
Organization health care providers are group health care providers, not individual providers, and are eligible for NPIs as Entity Type 2 (Organizations). Organization health care providers may have a single employee or thousands of employees. For example, an incorporated individual may be the only health care provider who is employed by that organization provider (the corporation that he/she formed). Examples of organization providers include hospitals, home health agencies, clinics, nursing homes, ambulance companies, and health care provider corporations formed by individuals.
Organization Subparts and the NPI
Some organization health care providers are made up of components that furnish different types of health care or have separate physical locations where health care is furnished. These components and physical locations are not themselves legal entities, but are part of the organization health care provider (which is a legal entity). The NPI Final Rule refers to the components and locations as subparts. A covered organization provider may decide that its subparts (if it has any) should have their own NPIs. If a subpart conducts any HIPAA standard transactions on its own (e.g., separately from its parent), it must obtain its own NPI. Subparts are considered organization health care providers and are eligible for NPIs as Entity Type 2 (Organizations). Subpart determination ensures that entities within a covered organization are uniquely identified in HIPAA standard transactions that they conduct with Medicare and other covered entities. For example, a hospital offers acute care, laboratory, pharmacy, and rehabilitation services.
Each of these subparts may require its own NPI because each one sends its own standard transaction(s) to one or more health plans.NOTE: Subpart delegation does not affect health care providers who are enrolled in Medicare as individual practitioners or sole proprietors (for purposes of NPI assignment, they are Entity Type 1 [Individual] health care providers). Individuals are considered legal entities, cannot designate subparts, and cannot be considered subparts.What Must Covered Organizations DoWhen Applying for an NPI?An organization health care provider that is a covered provider under HIPAA must:
- Obtain an NPI for itself;
- Determine if it has subparts and if those subparts need to have their own NPIs;
- Ensure its subparts that need to have their own NPIs do so by either obtaining the NPIs for them or instructing the subparts to obtain their NPIs themselves; and
- Ensure the subparts comply with the NPI Final Rule requirements placed on covered health care providers.
How to Apply for an NPI
Health care providers may apply for an NPI in one of three ways:
1. Apply through a web-based application process. Visit the NPPES at:
https://nppes.cms.hhs.gov/NPPES/Welcome.do on the CMS website.
2. Complete, sign, and mail a paper application form to the NPI Enumerator. For a copy of the application form (CMS-10114), refer to:
http://www.cms.gov/Medicare/CMS-Forms/CMS-Forms/Downloads/CMS10114.pdf on the CMS website.
A hard copy application can be requested through the NPI Enumerator by calling 1-800-465-3203 or TTY 1-800-692-2326.
3. If requested, give permission to have an Electronic File Interchange Organization (EFIO) submit the application data on behalf of the health care provider (i.e., through bulk enumeration process). For more information on this option, see below or visit:
Electronic File Interchange (EFI)
EFI is an alternative process for healthcare providers applying for an NPI. The EFI process allows CMS approved organizations, known as Electronic File Interchange Organizations (EFIOs), to submit NPI application information on behalf of health care providers who are associated with them and who have agreed to have these organizations submit this information for them. The EFI process for bulk enumeration of health care providers allows each EFIO to submit NPI application information for hundreds or even thousands of health care providers all at one time in a single electronic file or in a series of electronic files. With EFI, health care providers do not need to apply for their NPIs themselves. EFI benefits both the health care providers and CMS. By allowing an EFIO to apply on its behalf, a health care provider itself does not have to apply for an NPI. This saves the health care provider time and resources.
CMS benefits by saving the time and resources it would have expended if the NPI Enumerator and the web-based system had to process NPI applications from all of these health care providers one at a time. In addition to obtaining NPIs for health care providers, some EFIOs may also decide to send changes or updates to the NPPES on behalf of enumerated health care providers in order to keep the providers’ NPPES records current. The EFIO would need to obtain the permission of the health care providers in order to do this. Whether or not to furnish changes or updates to a health care provider’s NPPES record is a decision made between an EFIO and its associated healthcare providers. For more information, visit:
http://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-Simplification/NationalProvIdentStand/efi.html on the CMS website and read the following documents:
- The “EFI Summary,” which contains a general overview of the EFI process;
- The “EFI User Manual”; and
- The “EFI Technical Companion Guide.”
These documents contain information on the appropriate file format and schema, screen prints, etc. Potential EFIOs must fully understand the content of these documents in order to be successful with the EFI process. Resources
For more information on all the latest NPI news for health care providers, visit http://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-Simplification/NationalProvIdentStand/index.html on the CMS website.
For more information regarding subparts, visit http://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-Simplification/NationalProvIdentStand/implementation.html on the CMS website.
For more information and additional publications regarding EFI, visit http://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-Simplification/NationalProvIdentStand/efi.html on the CMS website.
To register as an EFIO, an organization’s representative must refer to https://nppes.cms.hhs.gov/NPPES/Welcome.do on the CMS website, log on, and follow the appropriate links to the EFIO registration page.
EFIOs with questions about the process or problems experienced during the process may contact the NPI Enumerator at 1-800-465-3203 (NPI Toll-Free) or 1-800-692-2326 (NPI TTY) by phone, or at firstname.lastname@example.org by e-mail.
NPI Frequently Asked Questions (FAQs) are posted on the CMS website. Refer to the FAQs at http://questions.cms.gov on the CMS website.