Understanding NPI Numbers and Their Importance in Preventing Healthcare Fraud
What is an NPI Number?
The National Provider Identifier (NPI) is a standard that establishes a unique health identifier for health care providers and entities.
An NPI is a unique identification number created to improve the efficiency and effectiveness of electronic transmission of health information. The NPI Final Rule, published on January 23, 2004, established the NPI as the Health Insurance Portability and Accountability Act (HIPAA) administrative standard. An NPI is a 10-digit numeric identifier. It does not carry information about a provider, such as the state where they practice, their provider type, or their specialization. An NPI number will not change, even if the provider’s name, address, taxonomy, or other information changes.
The Centers for Medicare and Medicaid (CMS) requires an NPI for all HIPPA covered providers and entities spanning both government and the private sector, as well as a provider or supplier that bills Medicare.
There Are Two Categories of NPI Numbers
There are two categories of NPI numbers; Entity Type 1 and Entity Type 2 numbers. Entity Type 1 NPI numbers are assigned to individual health care providers and only one number will be assigned to that individual. Entity Type 2 NPI numbers are given to health care organizations or group health care providers. These organizations can have a single employee or thousands of employees. With Entity Type 2 NPI numbers both the organization and each provider it employs must have an NPI.
The Benefits of Having an NPI Number
- Simple electronic transmission of HIPAA standard transactions
- Standard unique health identifiers for health care providers, health care plans, and employers
- Efficient coordination of benefit transactions
What an NPI Number Doesn’t Do
- Change or replace your current Medicare enrollment or certification process
- Enroll you in a health plan
- Ensure you are licensed or credentialed
- Guarantee payment by a health plan
- Require you to conduct HIPAA transactions
Who Can Obtain an NPI?
All health care providers or entities such as physicians, suppliers, or hospitals that render health care services can obtain an NPI number. If a provider enrolls in Medicare, they must have an NPI. Additionally, all health care providers who are HIPAA-covered are required to have an NPI number.
The following are a few of the health care providers or entities who are HIPAA-covered and thus required to obtain an NPI:
- Physical Therapists
- Nursing Homes
- Group Practices
How Do you Apply For an NPI?
Individual providers and entities can apply for NPIs through the CMS National Plan and Provider Enumeration System (NPPES) who will then assign them their NPI number.
According to the Department of Health and Human Services Centers for Medicare & Medicaid Services, there are three ways to apply for an NPI:
- Option 1: Apply through a web-based application process. Visit the National Plan and Provider Enumeration System (NPPES). Individual providers must create a username and password and login to NPPES using that username and password.
- Option 2: Complete, sign, and mail an application to the NPI Enumerator address listed on the application. For a copy of the application (Form CMS-10114, “NPI Application/Update Form”) go to the CMS website or send an email to firstname.lastname@example.org.
- Option 3: Give permission to an Electronic File Interchange Organization (EFIO) to submit application data on your behalf through a bulk enumeration process.
How Do I Look Up an NPI Number?
You can look up a provider’s NPI number using The NPI Registry, which is an online system that allows users to search for a health care provider’s NPI. The NPI Registry Public Search is a free directory of all active National Provider Identifier records. NPI information accessible by the public includes the provider’s name, specialty, and address of their practice.
Keys to Preventing Healthcare Fraud
The National Provider Identifier (NPI) is a key to preventing fraud in Medicare put in place by the Centers for Medicare and Medicaid (CMS) Final Rule on Fraud Prevention. It is designed to ensure quality care because it allows the verification of credentials of a provider who is treating patients or prescribing and ordering equipment and supplies. Keep in mind, however, that having an NPI number does not ensure that a provider is licensed or properly credentialed. Those verifications still need to occur to support patient safety and regulatory compliance.
Some ways NPI numbers are used fraudulently are; a provider or entity using multiple NPI numbers, which would indicate medical identity theft, or an excluded provider using an affiliated entity’s NPI number to continue practicing or prescribing. Thorough provider screening is the best way to prevent these types of fraudulent actions.
It is critical to deactivate the NPI number assigned to a deceased provider, a dissolved entity, or if theft is suspected to further mitigate fraudulent behavior.
Verisys focuses on improving patient safety and elevating the overall quality of health care in our country by carefully screening health care providers and entities. A large part of our mission is to identify and eliminate excluded providers as well as providers who abuse the health care system with fraudulent or unethical behavior. Verisys screens health care providers and entities against more than 3500 primary sources to verify their credentials and eligibility to treat patients and bill for services rendered. Having a thorough credentialing process in place is key to preventing healthcare fraud.
|Written by Juliette Willard
Healthcare Communications Specialist
Connect with Juliette on LinkedIn