HIPAA/NPI
National Provider Indentifier

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) mandated that the Secretary of Health and Human Services adopt a standard unique health identifier for health care providers. On January 23, 2004, the Secretary published a Final Rule that adopted the National Provider Identifier (NPI) as this identifier. Final Rule Overview


All HIPAA covered healthcare providers, whether they are individuals or organizations, must obtain an NPI for use to identify themselves in HIPAA standard transactions. Once enumerated, a provider's NPI will not change. The NPI remains with the provider regardless of job or location changes.

HIPAA covered entities such as providers completing electronic transactions, healthcare clearinghouses, and large health plans, must use only the NPI to identify covered healthcare providers in standard transactions by May 23, 2007. Small health plans must use only the NPI by May 23, 2008.

NPI: Get It. Share It. Use It.

The NPI Compliance Deadline is Here!

At this point, any covered entity that is noncompliant, and has not implemented a contingency plan, is at risk for enforcement action. Please review the April 2, 2007 CMS “Guidance on Compliance with the HIPAA National Provider Identifier (NPI) Rule.” As this guidance pertains to claims transactions, it means that:

1. Providers must have and use their NPI;
2. Clearinghouses must accept and use NPIs; and
3. Health plans must accept and send NPIs in claims transactions. 

Providers should be:

1. Aware of contingency plans for any health plans they bill. Contingency plans may differ by health plan.
2. Aware that health plans may lift their contingency plans (and require an NPI on claims or other HIPAA transactions) any time before May 23, 2008.
3. Working with vendors and clearinghouses with whom they contract, to make sure the NPI is being passed to health plans.
4. Paying close attention to how and when health plans will be testing implementation of the NPI.
5. Aware that, for those health plans that did not establish a contingency plan, providers are required to use their NPIs now. This means that if you are not using your NPI, your claim may be rejected or denied.

New Tip Sheet Available
A Tip sheet entitled What the “Guidance on Compliance with the HIPAA National Provider Identifier (NPI) Rule” Means for Health Care Providers is now available.

This product provides helpful steps for providers based on the contingency guidance released on April 2, 2007. This guidance does not mean that providers have an extra year to get an NPI, so please view the Tip Sheet for additional information.

Reminder – Sharing NPIs
Once providers have received their NPIs, they should share them with other providers with whom they do business, and with health plans that request them. In fact, as outlined in current regulation, providers who are covered entities under HIPAA must share their NPIs with any entities that request them for use in standard transactions -- including those who need to identify ordering or referring physicians/providers. Providers should also consider letting health plans, or institutions for whom they work (e.g. a large hospital system), share their NPIs for them.

When to Contact the NPI Enumerator for Assistance
Providers should remember that the NPI Enumerator can only answer/address the following types of questions/issues:

Status of an NPI application, update, or deactivation
Forgotten/lost NPI
Lost NPI notification letter
Trouble accessing NPPES
Forgotten password/User ID
Need to request a paper application
· Need clarification on information that is to be supplied in the NPI application

Providers needing this type of assistance may contact the enumerator at 1-800-465-3203, TTY 1-800-692-2326, or email the request to the NPI Enumerator at CustomerService@NPIenumerator.com .

Resources for other kinds of questions can be found at the end of this document.

Please Note: The NPI Enumerator’s operation is closed on federal holidays. The federal holidays observed are: New Year's Day, Independence Day, Veteran’s Day, Christmas Day, Martin Luther King's Birthday, Washington's Birthday, Memorial Day, Labor Day, Columbus Day, and Thanksgiving.

Important Information for Medicare Fee-For-Service (FFS) Providers

Testing Medicare Claims
To date, Medicare has encouraged providers to submit both an NPI and a legacy identifier on claims. Medicare is now asking that submitters send a small number of claims using only the NPI. If no claims are rejected, the submitter can gradually increase the volume. If any claim is rejected, the NPI should be verified to make sure it was entered correctly. If the NPI is correct, then data in either NPPES or Medicare provider files should be corrected. The following fields in your NPPES and/or 855 provider enrollment record should be validated:

  • EIN (for organization providers)
  • Other Provider Identification Numbers. This is where providers, when they apply for their NPIs, list the Medicare legacy identifier(s) that needs to be linked to the NPI.
  • Practice Location Address
  • Master Address (from provider enrollment records)
  • Other Address (from provider enrollment records)

Legal Name or Legal Business Name
Once this has been done, test again with a small number of claims. This process will help establish confidence that your claims will be paid. It is critical that you start testing with your NPI now.

While Medicare FFS has announced its contingency plan, it is committed to ending the contingency plan as soon as possible. 

Additional Information
As always, more information and education on the NPI can be found at the CMS NPI page www.cms.hhs.gov/NationalProvIdentStand on the CMS website. Providers can apply for an NPI online at https://nppes.cms.hhs.gov or can call the NPI enumerator to request a paper application at 1-800-465-3203.

           Getting an NPI is free - not having one can be costly.