The Confidentiality of National Provider Index (NPI) Numbers

National Provider Index

In the decade since the CMS implemented the National provider Identifiers (NPIs), the billing process for hospitals and healthcare institutions has become more dependable and simplified. Moreover, both Medicare and Medicaid support and promote NPIs. This is why, NPIs, similar to a Social Security Number, have become a crucial part of the healthcare ecosystem. This also implies that, as an NPI is not private, it can be used to steal a healthcare provider’s identity. NPIs are publicly accessible on the National Plan and Provider Enumeration System.

National Provider Index

Thousands of NPIs are stolen from the public NPI profile and used for deceitful activities every year. The data of the NPI profile in the public domain is based on the details you filled out while applying for an NPI number from the CMS. The NPI number is an intelligence-free number and will not consist of more data about you. If you think that wrong information has been shown about you on the NPPES portal, you have the opportunity to modify the information effortlessly.

It’s highly likely for your phone number or home address to appear on various online directories and websites, This is because it was cataloged as your primary contact information on NPI instead of your office address and contact details. Somebody else can fill up your NPI profile on your behalf and use their contact details involuntarily. When you first completed your application, you might not have been aware that this information will be made accessible to the public.

Since several online directories depend on public NPI data, healthcare provider must ensure their NPI profile includes the exact information they are willing to share for their patients to see. It’s terrifying to know that your details would be accessible to the public.

Here’s something that no healthcare provider would want: Imagine receiving a call on your mobile phone and finding a patient on the other side of the call. Or, imagine the patient standing right outside your house. While both of these scenarios may seem very unlikely, your data may be accessible publicly without you even being aware of it.

What Information is in Your NPI Profile

How Would You Do the Damage Control?

Seeing your personal information online is a scary thing. However, the good news is that you can manage your personal information online and control your identity. The initial step is to find out what may be available out there.

  1. Add Your Contact Information Wisely

If you have recently started practicing and haven’t applied for an NPI yet, you may want to reconsider adding your mobile number. This is because it might reveal your private information. NPIs are allotted to graduating medical students, so ask your director about which number and address will make the most sense.

  1. Think Twice about What Information is in Your NPI Profile

If you already have been allotted an NPI, you may not remember what information you added. Hence, visit the NPI registry to see if all the information on your profile is up to the mark. In case you need to modify anything, you can do it on the NPI website by simply creating an account.

Moving Ahead

If you think your NPI is stolen, the process for clearing your name and acquiring relief from suspected financial liability is challenging. In any case, in 2011, CMS established the Center for Program Integrity (CPI) to help people whose NPI numbers are stolen and to accelerate the process of exoneration. Contact CPI immediately after you think your NPI number has been stolen.

Once you contact CPI, begin your investigation. You can start by reviewing records for inconsistencies, especially the billing files and patient files relevant to the falsely billed services. If you identify the occurrence of fraudulent activity, notify people who have accessed the patient’s records. Moreover, tell them that the information is not correct in the records and ask them to modify the information with the correct details.

NPI Data Stolen

Later, make important notifications about the data breach- whether the breach happened under HIPPA Breach Notification Rule (45 CFR part 164 subpart D) or any applicable state breach notification law. Moreover, you need to re-evaluate your information security and HIPAA compliance.

There are a few conditions when you file a lawsuit — a financially and mentally expensive endeavor — which are warranted and correct. For instance, healthcare providers have filed a lawsuit against organizations or people that have used their NPI numbers without authorization for financial damages. The theory of liability in such circumstances is that a defendant organization and/or person has stolen the identity of a healthcare provider and violated a fiduciary duty.

Moreover, when there is a contract between the healthcare provider and the defendant, the lawsuit also claims a breach of contract. At times, these lawsuits are filed after the investigation has been concluded by the government and after they have accepted the plea or resolved any civil liability with the defendant. There are a few circumstances where filing a lawsuit after the government has finished its investigation gives the plaintiff a significant benefit. Relevant data has already been gathered and admissions have been made.

These are some of the most important steps you need to take if your NPI number has been stolen or breached. You should protect your NPI just like you protect your Social Security Number, and at the very least, regularly check your NPI profile just like you check your credit score.

Preventive measures do not work in cases where your NPI number has already been stolen. In such cases, make the correct reports and notifications, examine and determine the cause of the theft, and file a lawsuit, accordingly. The sooner you take the right initiative, the better it is. Putting an end to healthcare fraud schemes before they become insidious prevents healthcare from becoming more expensive. Moreover, it also helps save taxpayer dollars.