[Please label written and e-mailed comments about this section with the subject: NPI Standard.]
Section 142.402, Provider identifier standard, would contain the national health care provider identifier standard. There is no recognized standard for health care provider identification as defined in the law. (That is, there is no standard that has been developed, adopted, or modified by a standard setting organization after consultation with the NUBC, NUCC, WEDI, and the ADA.) Therefore, we would designate a new standard.
We are proposing as the standard the national provider identifier (NPI), which would be maintained by HCFA. As discussed under the Background section earlier in this preamble, the NPI is an 8-position alphanumeric identifier. It includes as the 8th position a numeric check digit to assist in identifying erroneous or invalid NPIs. The check digit is a recognized International Standards Organization [ISO] standard. The check digit algorithm must be computed from an all-numeric base number. Therefore, any alpha characters that may be part of the NPI are translated to specific numerics before the calculation of the check digit. The NPI format would allow for the creation of approximately 20 billion unique identifiers.
The 8-position alphanumeric format was chosen over a longer numeric-only format in order to keep the identifier as short as possible while providing for an identifier pool that would serve the industry’s needs for a long time. However, we recognize that some health care providers and health plans might have difficulty in the short term in accommodating alphabetic characters. Therefore, we propose to issue numeric-only identifiers first and to introduce alphabetic characters starting with the first position of the NPI. This would afford additional time for health care providers and health plans to accommodate the alphabetic characters.
Each individual implementation team weighted the criteria described in section I.D., Process for Developing National Standards, in terms of the standard it was addressing. As we assessed the various options for a provider identifier against the criteria, it became apparent that many of the criteria would be satisfied by all of the provider identifier candidates. Consequently, we concentrated on the four criteria (1, 2, 3, and 10) that were not satisfied by all of the options. These criteria are described below in the specific context of the provider identifier.
#1. Improve the efficiency and effectiveness of the health care system.
In order to be integrated into electronic transactions efficiently, standard provider identifiers must be easily accessible. Health plans must be able to obtain identifiers and other key data easily in order to use the identifier in electronic transactions. Existing health care provider files have to be converted to the new standard. In addition, health care providers will need to know other health care providers’ identifiers (for example, a hospital needs the identifiers of all physicians who perform services in the facility). To meet this criterion, we believe the identifier should not be proprietary; that is, it should be possible to communicate identifiers freely as needed. Moreover, the issuer must be able to reliably issue each health care provider only one identifier and to issue each identifier only once.
#2. Meet the needs of the health data standards user community.
The identifier must be comprehensive. It must accommodate all health care provider types or must be capable of being expanded to do so. Based on our definition of “health care provider”, this includes individual health care providers who are employed by other health care providers and alternative practitioners who may not be currently recognized by health plans. The identifier must have the capacity to enumerate health care providers for many years without reuse of previously-assigned identifiers. To meet this criterion, we believe that, over time, the identifier must be capable of uniquely identifying at least 100 million entities.
#3. Be consistent and uniform with other HIPAA and other private and public sector health data standards in providing for privacy and confidentiality.
Confidentiality of certain health care provider data must be maintained. Certain data elements (for example, social security number and date of birth) needed to enumerate an individual health care provider reliably should not be made available to the public.
#10. Incorporate flexibility to adapt more easily to changes.
To meet this criterion, the identifier must be intelligence- free (the identifier itself should not contain any information about the health care provider). Intelligence in the identifier would require issuing a new identifier if there is a change in that information. For example, an identifier containing a State code would no longer be accurate if the health care provider moves to another State.
We assessed a number of candidate identifiers to see if they met the four specific criteria discussed above. We first assessed the identifiers listed in the inventory of standards prepared for the Secretary by the Health Informatics Standards Board. Those standards are the unique physician identification number (UPIN), which is issued by HCFA; the health industry number (HIN), which is issued by the Health Industry Business Communications Council; the National Association of Boards of Pharmacy (NABP) number, which is issued by the National Council for Prescription Drug Programs in cooperation with the NABP; and the national provider identifier (NPI), which is being developed by HCFA.
Unique physician identification numbers are currently issued to physicians, limited license practitioners, group practices, and certain noninstitutional providers (for example, ambulance companies). These numbers are issued to health care providers through Medicare carriers, and generally only Medicare providers have them. The unique physician identification number is used to identify ordering, performing, referring, and attending health care providers in Medicare claims processing. The computer system that generates the numbers is maintained by HCFA and is able to detect duplicate health care providers. The unique physician identification number is in the public domain and could be made widely accessible to health care providers and health plans. These numbers do contain intelligence (the first position designates a provider type, e.g., physician) and are only six positions long, which would not be able to accommodate a sufficient number of future health care providers. The unique physician identification number does not meet criteria 2 and 10.
The health industry number is used for contract administration in the health industry supply chain, as a prescriber identifier for claims processing, and for market analysis. It consists of a base 7-position alpha-numeric identifier and a 2-position alpha-numeric suffix identifying the location of the prescriber. The suffix contains intelligence. Health industry numbers can enumerate individual prescribers as well as institutional providers. They are issued via a proprietary system maintained by the Health Industry Business Communications Council, which permits subscriptions to the database by data re-sellers and others. In addition, it does not collect sufficient data for thorough duplicate checking of individuals. The health industry number does not meet criteria 1, 3, and 10.
The National Association of Boards of Pharmacy number is a 7-digit numeric identifier assigned to licensed pharmacies. It is used to identify pharmacies to various payers. Its first two digits denote the State, the next four positions are assigned sequentially, and the last position is a check digit. We cannot assess data accessibility or privacy and confidentiality at this time because of the very limited applicability of the number. A 7-digit numeric identifier would not yield a sufficient quantity of identifiers, and there is intelligence in the number. This number does not meet criteria 2 and 10.
The NPI is intended to be a universal identifier, which can be used to enumerate all types of health care providers, and the supporting data structure incorporates a comprehensive list of provider types developed by an ANSI Accredited Standards Committee X12N workgroup. It is an intelligence-free 8-position alpha- numeric identifier, with the eighth position being a check digit, allowing for approximately 20 billion possible identifiers. The NPI would not be proprietary and would be widely available to the industry. The system that would enumerate health care providers would be maintained by HCFA, and data would therefore be safeguarded under the Privacy Act (5 U.S.C 552a). The system would also incorporate extensive search and duplicate checking routines into the enumeration process. The NPI meets all four of these criteria.
In addition, we examined the social security number issued by the Social Security Administration, the DEA number issued by the Drug Enforcement Administration, the employer identification number issued by the Internal Revenue Service, and the national supplier clearinghouse number issued by the Medicare program and used to identify suppliers of durable medical equipment and other suppliers. Neither the social security number nor the DEA number meets the accessibility test. The use of the social security number by Federal agencies is protected by the Privacy Act, and the DEA number must remain confidential in order to fulfill its intended function of monitoring controlled substances. The employer identification number does not meet the comprehensiveness test, because some individual health care providers do not qualify for one. The length of the national supplier clearinghouse number is 10 positions; to expand it would make it too long. Also, it is not intelligence-free, since the first portion of the identifier links health care providers together into business entities. The last four positions are reserved for subentities, leaving only the first six positions to enumerate unique health care provider entities.
Based on this analysis, we recommend the NPI be designated as the standard identifier for health care providers. It is the only candidate identifier that meets all four of the criteria above. In addition, the NPI would be supported by HCFA to assure continuity. As discussed in section VII. of this preamble, on collection of information requirements, the data collection and paperwork burdens on users would be minimal, and the NPI can be used in other standard transactions under the HIPAA. In addition, as discussed in sections III.B., Enumerators, and IX., Impact Analysis, implementation costs per health care provider and per health plan would be relatively low, and we would develop implementation procedures. The NPI would be platform and protocol independent, and the structure of the identifier has been precisely stated. The NPI is not fully operational, but it is undergoing testing at this time, and comprehensive testing will be completed before the identifier is implemented.
In the development of the NPI, we consulted with many organizations, including those that the legislation requires (section 1172(c)(3)(B) of the Act). Subsequently, the NPI has been endorsed by several government and private organizations:
a. The NCVHS endorsed the NPI in a Federal Register notice on July 24, 1997 (62 FR 39844).
b. The NUBC endorsed the NPI in August 1996.
c. The ADA indicated its support, in concept, of the development of a unique, singular, national provider identifier for all health care providers in December 1996.
d. The NUCC supported the establishment of the NPI in January 1997, subject to the following issues being fully addressed:
e. WEDI indicated support for “the general concept of the NPI as satisfying the national provider identifier requirement of HIPAA” in a May 1997 letter to the Secretary. WEDI further stated that the NPI is equal to or better than alternative identifiers, but noted that it cannot provide an unqualified opinion until operational and technical details are disclosed in this regulation.
f. The State of Minnesota endorsed the NPI in Minnesota Statutes Section 62J.54, dated February 1996.
g. The Massachusetts Health Data Consortium’s Affiliated Health Information Networks of New England endorsed the NPI as the standard provider locator for electronic data interchange in March 1996.
h. The USA Registration Committee approved the NPI as an International Standards Organization card issuer identifier in August 1996, for use on magnetic cards.
i. The National Council for Prescription Drug Programs indicated support for the NPI effort in an October 1996 letter to the Secretary.