Safeguards needed for doctor ID numbers

The National Provider Identifier makes for an easier time filling out forms, but if CMS doesn't look out, it could make for an easier time preying on physicians.

Posted Oct. 2, 2006.

Print  |   Email  |   Respond  |   Reprints  |   Like Facebook  |   Share Twitter  |   Tweet Linkedin

The good news is, soon physicians will need to use only one identification number on all of their government and private-sector claims. The bad news is, this convenience for doctors could make it more convenient for those who want to subject physicians to unwanted business pitches, fraud and identity theft.

The National Provider Identifier is a creation of the Health Insurance Portability and Accountability Act. It is a welcome alternative to the hassle of obtaining and keeping straight the jumble of different numbers required for every different plan.

Implementation of NPI is the responsibility of the Centers for Medicare & Medicaid Services. It is CMS that will be doing a great disservice to physicians and other health care professionals if it doesn't put the strictest of requirements on who gets access to this number.

On May 23, 2007, physicians will be required to have their NPIs in hand and to use them then on virtually all claims. Doctors can apply for an NPI right now from CMS, electronically or by mail. Some insurers already are allowing physicians to use the new number while other plans, such as Medicare, will accept it as of Jan. 1, 2007. The transition ends in 2008, when certain small plans come on board.

As of yet, CMS has not said who will get access to the National Provider and Payer Enumeration System (NPPES), which assigns the NPIs. Nor has it said how that information will be protected. CMS was expected to have issued some guidelines -- called a data dissemination notice -- by the summer, but that has been delayed for reasons not explained.

Physicians are right to worry about privacy and security concerns when it comes to NPI.

For one thing, look at the experience with the use of Drug Enforcement Administration numbers. The federal government permits access to DEA numbers, required for prescribing, to anybody who requests them. As a result, DEA numbers have served as an easy entree to unwanted marketing and identity theft directed at physicians -- which is why the AMA has called for opposition to the sale of DEA numbers. It's also why the AMA is opposed to the sale of NPI numbers, as well as any attempt to "crosswalk" any of a physician's old ID numbers with NPI numbers. Crosswalking is a technique in which marketers or others take the old ID numbers and try to match them up with the new ones.

For another thing, look at what happened at the Dept. of Veterans Affairs, where this year a computer containing the names, Social Security numbers and dates of birth of veterans was stolen from an employee's house. The computer was returned and no identity theft appeared to have taken place, but it highlighted how easy it is for sensitive information to fall into the wrong hands.

In May, the AMA wrote to CMS Administrator Mark McClellan, MD, PhD, to underscore physician concerns. In the letter, AMA Executive Vice President and Chief Executive Officer Michael D. Maves, MD, MBA, pointed out a Government Accountability Office report that found "significant weaknesses in information security controls at HHS and at CMS in particular put at risk the confidentiality, integrity and availability of their sensitive information and information systems." For this reason, the AMA asks that the CMS adequately safeguard the data in the NPPES, which includes not only the NPI but also physicians' Social Security numbers, addresses and other sensitive information.

Access to this information should be restricted to those who really need it: physicians, others within the clinical system, payers, health plans, clearinghouses and third-party business partners that must comply with HIPAA. The data should be authorized only for the purposes of identifying individuals -- not for commercial uses.

All this care about security and privacy is especially paramount because Medicare is already requiring an NPI before enrollment or re-enrollment -- something the AMA is concerned about because of the abrupt manner in which CMS instituted the change.

The NPI can be a great leap forward in convenience for physicians. It's up to CMS to make sure there are not some unintended beneficiaries who don't have physicians' best interests at heart.

Back to top




Read story

Confronting bias against obese patients

Medical educators are starting to raise awareness about how weight-related stigma can impair patient-physician communication and the treatment of obesity. Read story

Read story


American Medical News is ceasing publication after 55 years of serving physicians by keeping them informed of their rapidly changing profession. Read story

Read story

Policing medical practice employees after work

Doctors can try to regulate staff actions outside the office, but they must watch what they try to stamp out and how they do it. Read story

Read story

Diabetes prevention: Set on a course for lifestyle change

The YMCA's evidence-based program is helping prediabetic patients eat right, get active and lose weight. Read story

Read story

Medicaid's muddled preventive care picture

The health system reform law promises no-cost coverage of a lengthy list of screenings and other prevention services, but some beneficiaries still might miss out. Read story

Read story

How to get tax breaks for your medical practice

Federal, state and local governments offer doctors incentives because practices are recognized as economic engines. But physicians must know how and where to find them. Read story

Read story

Advance pay ACOs: A down payment on Medicare's future

Accountable care organizations that pay doctors up-front bring practice improvements, but it's unclear yet if program actuaries will see a return on investment. Read story

Read story

Physician liability: Your team, your legal risk

When health care team members drop the ball, it's often doctors who end up in court. How can physicians improve such care and avoid risks? Read story

  • Stay informed
  • Twitter
  • Facebook
  • RSS
  • LinkedIn