With the distribution of national provider identifier numbers likely to occur next month, provider organizations are registering protests about the release of data
Earlier this month, the American Medical Association wrote the Department of Health and Human Services, expressing "serious concerns" about the distribution of physician demographic information over the Internet.
Others in the industry have questioned the short timeframe physicians have to view and correct data related to their NPIs; the fact that there are no controls on who could apply for a national provider identifier; and the lack of controls or auditing over who is viewing physician data. The release could be a springboard to fraud and abuse, or enable identity theft, they contend.
In fact, current plans call for 2.2 million NPIs – and the associated demographic information of the providers – to be available for download from the Centers for Medicare & Medicaid Services Web site. Visitors to the Web site also will be able to search information through the use of an NPI registry search engine, CMS has announced.
In a June 14 roundtable call on the NPI data release, CMS said it is releasing the data because it is protected under the Freedom of Information Act. A June 20 memorandum from CMS specifies the data elements it plans to release.
CMS is asking providers to review the data they've submitted to the National Plan & Provider Ennumeration System in applying for their NPIs. Providers can go online and delete any and all information in optional fields and begin the process of correcting other information. The agency, which had an original deadline of June 28 for such review, said it is considering a 30-day extension to give providers more time to review their data. Its most recent memorandum was dated June 20, making a delay in releasing the information likely.
That's important because some providers may have inadvertently included personal information in applying for an NPI, said Patricia Peyton, health insurance specialist in the office of financial management for CMS. For example, they may have listed the address of a personal residence instead of their business address or mailing address, she said.
Of much concern is the information contained in the "optional" field of the NPI data. Physicians have been asked to include "legacy" identifying numbers from current payers, as a way to facilitate the connection of these numbers to the new NPIs. The numbers were supposed to go into wide use on May 23, but because the industry was not ready to make the switch away from legacy identifiers, the government issued a one-year delay as a contingency plan.
While providers can delete any optional information, removing legacy identifiers could cause significant problems because, outside of a huge volume of provider to insurer communication, there's no easy way to facilitate the massive sharing of NPIs and legacy numbers to facilitate crosswalks between the two.
Other data required on the NPI application that cannot be disclosed under FOIA include: the applicant's Social Security Number; taxpayer identification number; and date and state or country of birth. Such information won't be released, CMS said.
CMS officials say that much of the information being released with the NPI is publicly available already, such as DEA numbers. In the June 14 roundtable, they encouraged providers to include legacy identifiers to help trading partners link NPIs to existing numbers.
There should be concern about whether physicians will be able to review data associated with their NPIs, said Michael L. Nelson, director of business development for Health Market Science, a King of Prussia, Pa.-based company offering NPI services and applications.
Nelson noted that there was no qualifying process for obtaining an NPI, and anyone could get a number. "It's not legal to do so, but anyone could get around the system," he said. "All they check is the name, Social Security Number, and date and place of birth."
However, Nelson believes that the information expected to be released with the NPI is "pretty innocuous" and "fairly easy to look up."