1. Biotech

Dr. Sheryene Tejeda

Disclaimer: This is a user generated content submitted by a member of the WriteUpCafe Community. The views and writings here reflect that of the author and not of WriteUpCafe. If you have any complaints regarding this post kindly report it to us.

Dr. Sheryene is a top service Provider.

Please Note: Issuance of an NPI does not ensure or validate that the Health Care Provider is Licensed or Credentialed. For more information please refer to NPI: What You Need to Know

The NPI Registry Public Search is a free directory of all active National Provider Identifier (NPI) records. Healthcare providers acquire their unique 10-digit NPIs to identify themselves in a standard way throughout their industry. 

Individuals or organizations apply for NPIs through the CMS National Plan and Provider Enumeration System (NPPES). After we supply an NPI, we publish the parts of the NPI record that have public relevance, including the provider's name, specialty (taxonomy) and practice address.

CMS provides this service based on federal law (45 CFR Part 162). We also supply this directory in a full download file, or through an Application Programming Interface (API).

If you are a provider with questions about your record, our Enumerator can assist you: 800.465.3203 | 800.692.2326 TTY | email 

NPI: What You Need to Know

You’ll find substantive content updates in dark red font.


Table of Contents

Introduction 3

Background 3

What’s an NPI? 3

What are HIPAA Standard Transactions? 4

Benefits of an NPI 4

What an NPI Doesn’t Do 4

How Do You Find an NPI? 5

Who May Get an NPI? 5

Who Must Get an NPI? 5

Do You Need an NPI to Enroll in Medicare? 6

Who May Not Get an NPI? 6

What are the Health Care Provider NPI Categories? 6

Entity Type 1: Individual Health Care Providers, Including Sole Proprietors 7

Entity Type 2: Organization Health Care Providers 7

What If You’re an Individual, Incorporated Health Care Provider? 7

How Do You Apply for an NPI? 8

What Must Covered Organizations Do When Applying for an NPI? 8

Organizations Applying for NPIs on Behalf of Employed Providers 8

Electronic File Interchange (EFI) 9

Resources 10



This booklet educates providers about the National Provider Identifier (NPI), who must get an NPI, and how to apply.


The NPI is a Health Insurance Portability and Accountability Act (HIPAA) Administrative Standard. An NPI is a unique identification number for covered health care providers, created to improve the efficiency and

effectiveness of electronic transmission of health information. Covered health care providers, all health plans, and health care clearinghouses must use NPIs in their administrative and financial transactions.

The HIPAA Administrative Simplification provisions required the adoption of a standard, unique health identifier for each health care provider. The NPI Final Rule, published on January 23, 2004, established the NPI as

this standard.

CMS developed the National Plan and Provider Enumeration System (NPPES) to assign these unique identifiers. For more information on how to apply for an NPI, refer to the NPPES webpage.

This booklet answers the following questions to help you become more familiar with the NPI:

  • What’s an NPI?
  • Who may get an NPI?
  • Who must get an NPI?
  • Who may not get an NPI?
  • What are the health care provider NPI categories?
  • How do you apply for an NPI?
  • Where can you find resources with additional information?

What’s an NPI?

An NPI is a 10-digit numeric identifier. It doesn’t carry information about you, such as the state where you practice, your provider type, or your specialization. Your NPI won’t change, even if your name, address, taxonomy, or other information changes.

In HIPAA standard transactions, providers must use the NPI in place of other provider identifiers, such as a Provider Transaction Access Number (PTAN), Quality Improvement Evaluation System (QIES), Certification and Survey Provider Enhanced Reporting (CASPER), and National Supplier Clearinghouse (NSC).


What are HIPAA Standard Transactions?

HIPAA standard transactions are exchanges involving the transfer of information between 2 parties for specific purposes. HIPAA regulations established the following standard transactions for Electronic Data Interchange (EDI) of health care data:

  • Claims and encounter information
  • Claims status
  • Coordination of benefits and premium payment
  • Eligibility, enrollment, and disenrollment
  • Payment and remittance advice
  • Referrals and authorizations

For more information, refer to the Transactions Overview webpage.

Benefits of an NPI

Benefits of an NPI include:

  • Simple electronic transmission of HIPAA standard transactions
  • Standard unique health identifiers for health care providers, health care plans, and employers
  • Efficient coordination of benefit transactions

What an NPI Doesn’t Do

Getting an NPI won’t:

  • Change or replace your current Medicare enrollment or certification process
  • Enroll you in a health plan
  • Ensure you’re licensed or credentialed
  • Guarantee health plan payment
  • Require you to conduct HIPAA transactions


How Do You Find an NPI?

The National Plan and Provider Enumeration System (NPPES) assigns NPIs, maintains and updates information about health care providers with NPIs, and disseminates the NPI Registry and NPPES Downloadable File.

CMS discloses NPPES health care provider data under the Freedom of Information Act (FOIA). This data is disclosed in the NPI Registry and the NPI Downloadable File. Find more information on the NPI Data Dissemination webpage.

The NPI Registry is an online query system that allows users to search for a health care provider’s information.

The NPPES Downloadable File contains disclosable information about health care providers with NPIs.

Who May Get an NPI?

All health care providers (physicians, suppliers, hospitals, and others) may get an NPI. Health care providers are individuals or organizations that render health care as defined in 45 Code of Federal Regulations (CFR) 160.103.

Who Must Get an NPI?

All health care providers who are HIPAA-covered entities, whether individuals or organizations, must get an NPI.

A HIPAA-covered entity is a:

  • Health care provider that conducts certain transactions in electronic form
  • Health care clearinghouse
  • Health plan (including commercial plans, Medicare, and Medicaid)

Under HIPAA, you’re a covered health care provider if you electronically transmit health information in

connection with a HIPAA standard transaction, even if you use a business associate to do so. For more information, refer to the CMS Are You a Covered Entity? webpage.


Do You Need an NPI to Enroll in Medicare?

Yes. If you apply for enrollment in Medicare, you must have an NPI and put it on your enrollment application. The NPI Enumerator will reject enrollment applications without an NPI.

Health Care Providers Who are HIPAA-Covered Entities

Individuals Organizations

Examples of individual HIPAA-covered entity health care providers include:

  • Chiropractors
  • Dentists
  • Nurses
  • Pharmacists
  • Physical Therapists
  • Physicians
  • Psychologists Examples of organization HIPAA-covered entity health care providers include:
  • Ambulance Companies
  • Clinics
  • Group Practices
  • Health Maintenance Organizations (HMOs)
  • Home Health Agencies (HHAs)
  • Hospitals
  • Laboratories
  • Nursing Homes
  • Pharmacies
  • Residential Treatment Centers
  • Suppliers of Durable Medical Equipment (DME)

Who May Not Get an NPI?

Any entity that doesn’t meet the definition of a health care provider as defined in 45 CFR 160.103 may not apply for an NPI. Such entities include billing services, value-added networks, repricers, health plans, health care clearinghouses, non-emergency transportation services, and others.

What are the Health Care Provider NPI Categories?

Two categories of health care providers exist for NPI enumeration purposes: Entity Type 1 (Individual) and Entity Type 2 (Organization).


Entity Type 1: Individual Health Care Providers, Including Sole Proprietors

Individual health care providers may get NPIs as Entity Type 1. As a sole proprietor, you must apply for the NPI using your own SSN, not an Employer Identification Number (EIN) even if you have an EIN.

As a sole proprietor, you may get only 1 NPI, just like any other individual. For example, if a physician is a sole proprietor, the physician may get only 1 NPI (the individual’s NPI). The following factors don’t affect whether a sole proprietor is an Entity Type 1:

  • Number of different office locations
  • Whether you’ve employees
  • Whether the IRS issued an EIN to you so your employees’ W-2 forms can reflect the EIN instead of your Taxpayer Identification Number (which is your SSN)

Note: An incorporated individual is a single health care provider who forms and conducts business under a corporation. A sole proprietor isn’t an incorporated individual because the sole proprietor didn’t form a

corporation. If you’re a sole practitioner or solo practitioner, it doesn’t necessarily mean you’re a sole proprietor, and vice versa.

Entity Type 2: Organization Health Care Providers

Organization health care providers are group health care providers eligible for NPIs as Entity Type 2. Organization health care providers may have a single employee or thousands of employees. For example, an incorporated individual may be an organization’s only employee.

Some organization health care providers are made up of components that function somewhat independently from their parent organization. These components may provide different types of health care or provide health care in separate physical locations. These components and their physical locations aren’t themselves legal entities but are part of the organization health care provider (which is a legal entity). The NPI Final Rule refers to the components and locations as subparts.

An organization health care provider can get its subparts their own NPIs. If a subpart conducts any HIPAA standard transactions on its own (separately from its parent), it must get its own NPI.

Subpart determination ensures that entities within a covered organization are uniquely identified in HIPAA standard transactions they conduct with Medicare and other covered entities. For example, a hospital offers acute care, laboratory, pharmacy, and rehabilitation services. Each of these subparts may require its own NPI because each sends its own standard transactions to 1 or more health plans.

What If You’re an Individual, Incorporated Health Care Provider?

If you’re an individual health care provider who’s incorporated, you may need to get an NPI for yourself (Entity Type 1) and an NPI for your corporation or LLC (Entity Type 2).

Note: Subpart delegation doesn’t affect Entity Type 1 health care providers. As individuals, these health care providers can’t designate subparts and can’t be considered subparts.


How Do You Apply for an NPI?

Health care providers may apply for an NPI in 1 of 3 ways:

Option 1: Apply through National Plan and Provider Enumeration System (NPPES) with a web-based application. Individual providers must create a username and password through the Identity & Access Management (I&A) System and log in to NPPES using that username and password.

Option 2: Complete, sign, and mail a paper application Form CMS-10114, NPI Application/Update Form to the NPI Enumerator address listed on the form. To request a hard copy application through the NPI Enumerator, call 800-465-3203 or TTY 800-692-2326, or send an email to customerservice@npienumerator.com.

Option 3: Give permission to an Electronic File Interchange Organization (EFIO) to submit application data

through bulk enumeration process.

What Must Covered Organizations Do When Applying for an NPI?

An organization health care provider that is a HIPAA-covered health care provider must:

  • Get an NPI
  • Determine if it has subparts and if those subparts need to have their own NPIs
  • Ensure its subparts that need to have their own NPIs do so by either getting the NPIs for them or

instructing the subparts to get their NPIs themselves

  • Ensure the subparts comply with the NPI Final Rule requirements placed on HIPAA-covered health care


Organizations Applying for NPIs on Behalf of Employed Providers

The steps below give guidance for organization health care providers who want to apply for NPIs or submit updates to the NPPES on behalf of their employed health care providers.

Note: The process described below isn’t the process for Electronic File Interchange (EFI) for bulk enumeration. Instead, an organization that’s a health care provider should follow these steps when applying for an employee’s NPI on an individual record-by-record basis.

  1. Confirm Employee’s Current NPI Status

Ensure the health care providers for whom the organization will apply don’t already have NPIs.

  1. Verify Agreement with Health Care Provider Employees

Determine if an agreement exists between the organization health care provider and its health care provider employees that give the organization the appropriate legal authority to act on behalf of those health care providers in taking actions such as completing NPI applications and updating transactions on their behalf. You may need legal counsel to determine if an existing agreement covers these types of actions. If such an agreement exists, it may not be necessary for the organization to take the actions described in items 3–5 below.


  1. Notify Health Care Provider Employees of Collected Information

Ensure the health care providers know about the information collected on the NPI Application/Update  Form (CMS-10114). Ensure they read the Penalties for Falsifying Information on the National Provider Identifier (NPI) Application/Update Form, Certification Statement, and Privacy Act Statement sections of that form and agree to all relevant requirements.

  1. Validate NPI Application Data

Share the NPI application data with the health care providers represented in the application to ensure complete and correct data. The same applies to updating information.

  1. Retain NPI Documents

Ask the health care providers to sign a document indicating that you took the above actions and retain those documents as proof the health care providers knew about the actions taken on their behalf.

  1. Designate Contact Person for NPI Confirmation

The NPPES sends an email to the Contact Person entered on a health care provider’s NPI application. This email informs the Contact Person of the enumerated health care provider’s NPI and contains some of the identifying information about the health care provider (including provider name, address, and Healthcare Provider Taxonomy Code and description).

If the organization submits an NPI application on behalf of a health care provider employee, the Contact Person designated by the organization gets the NPI notification email from the NPPES. The Contact Person must forward that NPI notification (or a copy) to the health care provider employee. This notification confirms that the NPPES assigned the health care provider employee an NPI and contains the NPI.

Organizational health care providers may feel it appropriate to have their legal counsel review this process.

Electronic File Interchange (EFI)

EFI is an alternative process for health care providers applying for an NPI. Each EFIO can submit NPI application information for hundreds or even thousands of health care providers all at once in a single electronic file or in a series of electronic files.

EFI benefits both the health care providers and CMS. By allowing an EFIO to apply on its behalf, a health care provider itself doesn’t have to apply for an NPI. This saves the health care provider time and resources. CMS benefits by saving the time and resources it would have expended if the NPI Enumerator (contractor that processes NPI applications) and the web-based system had to process NPI applications 1 at a time.

In addition to getting NPIs for health care providers, some EFIOs may also send changes or updates to the NPPES on behalf of enumerated health care providers to keep the providers’ NPPES records current. To send changes or updates, the EFIO needs to get the permission of the health care providers. Whether to make changes or updates to a health care provider’s NPPES record is a decision made between an EFIO and its associated health care providers.



If the provider and EFIO agree for the EFIO to submit future changes on the provider’s behalf, it’s still ultimately the provider’s responsibility to make sure that any updated information is supplied to the NPI Enumerator.


For more information about the NPI, refer to the National Provider Identifier (NPI) Standard webpage.

  • Are You a Covered Entity?
  • Data Dissemination
  • EFI
  • I&A System
  • Medicare NPI Implementation

Medicare Learning Network® Content Disclaimer, Product Disclaimer, and Department of Health & Human Services Disclosure

The Medicare Learning Network®, MLN Connects®, and MLN Matters® are registered trademarks of the U.S. Department of Health & Human Services (HHS).

This week we switch gears from claims (don't worry, they will be back, with a vengeance) to look at validating a U.S.-based healthcare professionals' national identifier. The NPI, or National Provider Identifier has been the preeminent identifier for U.S.-based providers since 2006, and there are over 6.2 million NPIs (individuals and organizations). Alternatives to the NPI are ME Numbers, which are managed by the AMA, but are not inclusive of many entities that the NPI covers, state license numbers, which are not consistent from state to state in terms of whom they cover and how they are formatted or validated, a DEA number for prescribing which does not apply to many providers, and the UPIN number used by Medicare until the early 2000s.

As far as code, today we'll be using JavaScript/AppScript, with an understanding most of that can be transcoded to other languages depending on the application.

Why check the NPI?

Validating an NPI may be useful for a number of circumstances, including:

 properly documenting care by healthcare providers

ensuring patients can receive care from referred providers, medications or tests

reimbursing parties for care provided

helping industry comply with the Sunshine Act

aiding medical communications to appropriately identify participants and target content

helping patient locate providers and services

There is actually quite a bit of complexity around this topic (I have been working on a book that covers just this topic). A provider may have multiple NPIs to address themselves as an individual but also NPIs of various organizations that bear their name or where they provide care. The NPI provides no intelligence itself, so you can't tell from the NPI if it is a person, a place, a physician, a pharmacist, or even a driver or student. An NPI may be supplied to someone based outside of the U.S. or to someone that doesn't provide routine patient care. NPIs do not expire, but they can be updated, deactivated, replaced, or reactivated.

Just having an NPI on hand doesn't mean you have the right NPI, or the NPI that is fit for your purpose.

Simplest case: Is it even a possible NPI number?

The easiest way to check if the NPI itself is a potential valid NPI number is to perform a Luhn check, which is similar to a check to validate a credit card number. This is accomplished by prepending 80840 to the NPI, doubling the value of alternate digits, adding these to the undoubled numbers, and subtract that from the number rounded up to the nearest 10s. Here is some JavaScript that can be used to validate a number passed to the function isValidNPI(), returning true if it is a valid number.


Let's say, however, that you needed to validate if a number was currently assigned to an individual, an organization, or a certain type of provider. For this, in low quantities, you could consider using the API provided by National Plan and Provider Enumeration System (NPPES), the keeper of NPIs.

The endpoint for the API is as follows, with a sample NPI in place for a pharmacy in California, is: https://npiregistry.cms.hhs.gov/api/?number=1003000258&version=2.1

The response is in JSON form, and you can ascertain most of what you need for validation from this: who or what the NPI refers to, where, and some credentials indicating what they do (the “taxonomy”) and how they are licensed (state and number). Note that NPPES doesn't keep current whether that license number itself is valid and current; that requires an additional step of verifying with the appropriate authority in each jurisdiction.

What can the API provide? Names, addresses, fax, telephone, specialties / taxonomies, licensure, other identifiers (generally used by specific payor networks), health information exchange data (emails or API endpoints), contacts at organizations, parent organization NPIs if the organization is part of a larger organization.

If you have worked with the large, weekly updated downloadable datasets, you might wonder if there are differences between those and the API. There are. For one, the API is slightly more up to date, but it also contains a dozen or so fields that are not available in the downloadable file, and also provides for some “fuzzy logic” to look up names of providers, as we shall see.

Complex case: Is it the right kind of provider?

So let's say I needed to validate that an NPI belonged to a medical doctor, that they had a lim another cell.

This is great for Google Sheets, but what about Excel? Yes, a WebQuery with some VBA or a Power Query could achieve similar results.

Looking up the NPI

So imagine another scenario, the first and last name and practice state of a provider is given, can the individual NPI for them be found? Yes, the API provides for this. The following returns a result where the first name is Will (as short for William), the last name is Hsu, and the taxonomy (specialty, in this case) description is like “Endocrinology”. The asterisk can be used after two initial characters to widen the search for names, postal codes, or specialties that match.

https://npiregistry.cms.hhs.gov/api/?version=2.1&first_name=WILL&last_name=HSU&state=MA&address_purpose=location& taxonomy_description=Endocrinology*

The following Google AppScript will look up the NPI based on first name, last name, specialty (based on the taxonomy description) and the first three digits of a practice location. Results are limited to individuals (NPI-1) in the US. If more than one NPI matches, it will indicate multiple matches, if none, then no matches, and if a single match, it will provide the NPI.

So to use this app script, you would type =getNPI(“first”,”last”,”zip”,”specialty”) in a cell, where each of those parameters is a cell in your sheet.

Some API limitations. By default it only provides 10 NPI entries at a time, and only up to 200 if specified. Paging is possible. There are some limits in queries per minute. There may still be a good reason to download and maintain the NPI tables within your own database, and I'll discuss in a future episode some of the most efficient ways to lay out that data for querying.

I hope these can inspire a few solutions of your own to improve the integrity of your NPI collection for whatever application you have. In the next episode, I'll be discussing using the NPI and some other queries for geolocation queries.



Welcome to WriteUpCafe Community

Join our community to engage with fellow bloggers and increase the visibility of your blog.
Join WriteUpCafe