The National Provider Identifier: Guidelines for Health Care Practitioners and Organizations to Achieve Compliance
by Thuy P. Huynh, Sullivan Stolier & Resor, APLC, Lafayette, LA
I. The National Provider Identifier is a standard designation used to process electronic healthcare transactions.
In an effort to improve the efficiency and effectiveness of the national healthcare system, Congress enacted the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The HIPAA provisions included requirements for "administrative simplification," which prompted the Department of Health and Human Services (DHHS) to adopt the National Provider Identifier (NPI) as a standard unique identifier used in all electronic healthcare transactions. DHHS published the NPI Final Rule on January 23, 2004, and set a deadline for most applicable entities to comply by May 23, 2007.
Individual and institutional healthcare providers and suppliers conducting HIPAA standard transactions with Medicare contractors must apply for an NPI. In other words, if these parties, also referred to as "covered entities," transmit healthcare information in electronic form in connection with a transaction for which DHHS has adopted a standard (i.e., Medicare claims), they must obtain an NPI. Failure to adopt an NPI could subject the healthcare practitioners and entities to civil monetary payments and delays in reimbursement.
The NPI replaces the legacy numbers that currently designate healthcare providers, including Medicaid provider IDs, individual plan provider IDs, Unique Physician Identification Numbers (UPINs), etc. By consolidating these legacy numbers into a single classification, the NPI eliminates the use of multiple designations for the same provider in processing healthcare claims.
Unlike its predecessor, the NPI is "intelligence free," meaning that the digits do not reflect specific information about the healthcare provider, such as the location or specialty. The NPI also ensures more efficiency in processing electronic transmissions between covered entities and contractors.II. Covered entities can submit an online or paper application to obtain their National Provider Identifier.
DHHS, through the Centers for Medicare and Medicaid Services (CMS), established the National Plan and Provider Enumeration System (NPPES) to oversee assignment of the NPIs. Covered entities can obtain an NPI online at https://nppes.cms.hhs.gov/NPPES/Welcome.do, or submit a paper application available for download at the website.
The application process is simple. NPPES requests information regarding the practice location (i.e., address and contact phone numbers), as well as the type of services rendered by the provider. For example, if the applicant is an institutional provider, it must indicate whether it is a hospital, skilled nursing facility, hospice, etc. If the applicant selects "hospital," then it must indicate whether the services it offers are acute care, rehabilitation, psychiatric, etc.
Following submission, NPPES processes the application and assigns the NPI. The contact person listed on the application receives the identifier and can thereafter use the NPI to conduct transactions on behalf of the healthcare provider or supplier.
III. In addition to applying for their own National Provider Identifier, covered entities must determine whether their related facilities constitute subparts, and thus require separate designations.
One of the most ambiguous aspects of the NPI process is whether covered entities must apply for separate NPIs for their "subparts." Subparts refer to organizations that furnish healthcare and comprise a part of the covered entities, but are not in themselves a separate legal entity. Subpart delegations only affect institutional providers or suppliers because DHHS considers individuals as separate legal entities, therefore no practitioner can comprise a subpart of another practitioner.
Determining whether covered entities have subparts is important because many healthcare organizations consist of multiple components or operate from various locations. The most prevalent example is the chain home provider, which is a healthcare organization headquartered at one site and operating several facilities throughout the state or nation. The chain home provider receives such designation because, despite the geographic diversity of its facilities, all operations are conducted from a central office.
DHHS instructs covered entities to make their own determination with regard to subparts. If so determined, the healthcare providers must assign an NPI for that subpart. The following statements relate to entities that could be considered subparts:
- A subpart may or may not be located at the same location as the covered organization healthcare provider of which it is a part;
- A subpart may or may not have a Medicare specialty that is the same as the covered organization healthcare provider of which it is a part;
- Medicare is transitioning to exclusive use of the NPIs in HIPAA standard transactions, thus subparts are facilities that need their own NPIs so that they can continue to be uniquely identified in those transactions;
- A subpart that conducts any of the HIPAA standard transactions separately from the covered organization healthcare provider of which it is a part must have its own unique NPI.
The aforementioned factors are neither exclusive nor mandatory requirements. In fact, DHHS made it clear that the ultimate determination of subpart classification is left to the judgment of each covered entity.
Based on the federal guidelines, subparts may include facilities licensed, certified, or located separate from the main healthcare provider. For example, the NPI Final Rule stated that hospital components could consist of "outpatient departments, surgical centers, psychiatric units, and laboratories" because these facilities must maintain state and federal authorizations distinct from the hospital. DHHS may also consider separate physical locations, including off-sites of a hospital, to be subparts of covered entities. Accordingly, these subparts could apply for their own NPIs.
The process of assigning NPIs to separately licensed, certified, and located facilities is further supported by the fact that DHHS rejected a plan to establish "sub-IDs" under a covered entity's NPI. The sub-IDs would have served as the identifiers for facilities considered part of the main healthcare organization. However, DHHS concluded that a subpart should have its own NPI instead of being associated with the NPI of a covered entity.
If an organization is uncertain as to whether it has a subpart, it should be noted that there is no cost to apply for an NPI. Thus, covered entities can afford to be overly cautious and assign NPIs for their subparts in case such identifiers are required.
IV. Although most covered entities should have already obtained NPIs, DHHS does provide a contingency date for healthcare individuals and organizations that exercise good faith efforts to comply.
Following publication of the NPI Final Rule, DHHS set a deadline for covered entities to comply by May 23, 2007 for "primary providers," (i.e., billing, pay-to, and rendering providers). "Secondary providers" (i.e., referring, ordering, supervising, facility, care plan, oversight, purchase service, attending, and operating, and small health plans) have until May 23, 2008 to apply for an NPI.
This past April, DHHS announced a contingency plan after it became evident that many covered entities would not yet be in compliance by the May 23, 2007 deadline. The plan provides a one-year grace period for healthcare individuals and organizations that have made good faith efforts to obtain an NPI. DHHS shall determine, on an individual basis, whether noncompliance exists and if so, whether the time for curing the noncompliance should be extended.
As long as there are contingency plans to come into compliance by the final deadline of May 23, 2008, DHHS will not impose penalties. Covered entities that can document efforts to obtain, accept, and send NPIs with other healthcare practitioners and organizations generally qualify for the exception.
V. Penalties for non-compliance range from civil fines to the eventual rejection of Medicare claims submitted without a National Provider Identifier.
Enforcement of the NPI provisions is complaint-driven. If DHHS receives an allegation of non-compliance, it notifies the covered entity to either demonstrate compliance, or document good faith efforts to be in compliance, or submit a corrective action plan. Practitioners and organizations that willfully neglect to comply with the requirements may also be subject to civil monetary penalties.
However, the most serious consequence covered entities may face is a significant delay in cash flow and business operations. Throughout 2007, CMS will assess the number of claims submitted with an NPI. Once it determines that a substantial amount of covered entities are in compliance, CMS shall issue a formal announcement that it will begin rejecting the Medicare claims of applicable practitioners and organizations without NPIs. This notification shall occur by at least the May 23, 2008 deadline, at which point CMS will no longer accept the legacy identifiers for any inbound or outbound transactions. This delay, and perhaps denial, of Medicare reimbursement could place the covered entities in severe financial hardship.
Accordingly, healthcare providers and suppliers should contact their billing departments to ensure submission of the NPI is reflected on each claim. While the application process itself is not unduly burdensome, the ramifications of not obtaining an NPI can drastically affect Medicare reimbursement. Ultimately, implementing the NPI will create a more productive exchange of communication throughout the healthcare community.