NPI data release has industry concerned

CHICAGO – With the distribution of national provider identifer numbers expected to occur this month, provider organizations are registering protests about the release of data.

Last month, the American Medical Association wrote the Department of Health and Human Services, expressing “serious concerns” about the distribution of physician demographic information over the Internet.

Others in the industry have questioned the short timeframe physicians have to view and correct data related to their NPIs, the fact that there are no controls on who could apply for a national provider identifier, and the lack of controls or

auditing over who is viewing physician data. The release could be a springboard to fraud and abuse, or enable identity theft, they contend.

In fact, current plans call for 2.2 million NPIs - along with associated data - to be available for download from the Centers for Medicare & Medicaid Services Web site. Visitors to the Web site also will be able use an NPI registry search engine, CMS has announced.

In a June 14 roundtable call on the NPI data release, CMS said the release of the data is protected under the Freedom of Information Act.

CMS is asking providers to review the data they’ve submitted to the National Plan & Provider Ennumeration System in applying for their NPIs. Providers can go online and delete any information in optional fields and begin the process of correcting other information. The agency, which had an original deadline of June 28 for such review, said it is considering a 30-day extension to give providers more time to review their data.

That’s important because some providers may have inadvertently included personal information in applying for an NPI, said Patricia Peyton, health insurance specialist in the office of financial management for CMS. For example, they may have listed the address of a personal residence instead of their business address or mailing address, she said.

Of much concern is the information contained in the “optional” field of the NPI data. Physicians have been asked to include “legacy” identifying numbers from current payers, as a way to facilitate the connection of these numbers to the new NPIs. The numbers were supposed to go into wide use on May 23, but because the industry was not ready to make the switch, the government issued a one-year delay as a contingency plan.

While providers can delete any optional information, removing legacy identifiers could cause significant problems because, outside of a huge volume of provider to insurer communication, there’s no easy way to facilitate the massive sharing of NPIs and legacy numbers to facilitate crosswalks between the two.

CMS will not release certain information not protected by FOIA, including: Social Security numbers; taxpayer identification numbers; and date and location of birth.

Officials say that much of the information being released with the NPI is publicly available already. In the June 14 roundtable, CMS encouraged providers to include legacy identifiers to help trading partners link NPIs to existing numbers.

There should be concern about whether physicians will be able to review data associated with their NPIs, said Michael L. Nelson, director of business development for Health Market Science, a company offering NPI services and applications.

Nelson noted that there was no qualifying process for obtaining an NPI, and anyone could get a number. “It’s not legal to do so, but anyone could get around the system,” he said. “All they check is the name, Social Security Number, and date and place of birth.”

However, Nelson believes that the information expected to be released with the NPI is “pretty innocuous” and “fairly easy to look up.”

Show All Comments