HIPAA action
HIPAA dvisory
HIPAAdvisory > HIPAAction > FAQs Phoenix Health Systems
news
regs
action
tech
wares
alert
live
latest
online HIPAA training
HIPAAstore
HIPAA help desk
search
contact us
site map

HIPAA FAQ: Unique Identifiers

(updated 3/26/04)

Employer Identifier Questions & Answers

Why is a standard employer identifier needed for electronic health transactions?

Employers, as sponsors of health insurance for their employees, often need to be identified in healthcare transactions, and a standard identifier for employers would be beneficial for transactions exchanged electronically. Healthcare providers may need to identify the employer of the participant on claims submitted to health plans electronically. Employers need to identify themselves in electronic transactions when they enroll or disenroll employees in a health plan or make premium payments to health plans on behalf of their employees. Employers and healthcare providers may need to identify an employer as the source or receiver of information about a participant’s eligibility.

What standard is being proposed as the employer identifier for use in electronic health transactions?

We are proposing the Employer Identification Number (EIN), the taxpayer identifying number for employers that is assigned by the Internal Revenue Service. This identifier has nine digits with the first two digits separated by a hyphen, as follows: 00-0000000.

Has the Internal Revenue Service agreed to the use of the EIN as the standard employer identifier for use in electronic health transactions?

Yes, on January 16, 1998 the Internal Revenue Service agreed to the use of the EIN as the identifying number for employers in all electronic healthcare transactions under the Health Insurance Portability and Accountability Act of 1996.

How does an employer obtain an EIN?

The Internal Revenue Service maintains the process for assigning EINs. An employer obtains an EIN by submitting IRS Form SS-4, Application for Employer Identification Number, to the IRS. Any business that pays wages to one or more employees is required to have an EIN as its taxpayer identifying number. There would be few, if any, employers that would not already have an EIN for taxpayer identifying purposes.

Some employers have more than one EIN. Which one should be used for electronic health transactions?

In the Notice of Proposed Rule Making we ask for public comment on whether one of the employer’s EINs should be used consistently in electronic health transactions and how that one EIN should be selected.

Who is required by HIPAA to use the EIN in electronic health transactions?

HIPAA does not require employers to use the standard employer identifier or standard health care transactions. However, we believe that many employers will want to take advantage of this standardization. Providers, health plans, and healthcare clearinghouses are required to use the standard employer identifier in electronic transactions, such as healthcare claims or eligibility inquiries, if the transactions require an employer identifier.

How would a provider, health plan, or health care clearinghouse obtain the EIN of an employer for use in electronic health care transactions?

Healthcare providers, health plans, or healthcare clearinghouses would obtain an employer’s EIN directly from the employer. The proposed rule would require an employer to disclose its EIN, upon request, to any entity that conducts standard electronic transactions that require that employer’s identifier. The authority to require this disclosure is implicit in HIPAA’s directive to the Secretary to adopt an employer identification number for use in the healthcare system. We have identified no reason for an employer to refuse to furnish the number. The EIN, unlike the Social Security Number, is not information about a person. EINs are not considered private and they may be freely exchanged by employers and others.

Go to TOP

Provider Identifier Questions & Answers

What is the standard that was adopted as the unique health identifier for health care providers?

The National Provider Identifier (NPI) was adopted as the standard unique health identifier for health care providers to carry out a requirement in the Health Insurance Portability and Accountability Act of 1996 (HIPAA) for the adoption of such a standard. The NPI did not exist previously; it was developed as the unique identifier for health care providers because no existing standard met the criteria required of a national standard.

What is the purpose of the NPI? Who must use it, and when?

The purpose of the National Provider Identifier (NPI) is to uniquely identify a health care provider in standard transactions, such as health care claims. NPIs may also be used to identify health care providers on prescriptions, in internal files to link proprietary provider identification numbers and other information, in coordination of benefits between health plans, in patient medical record systems, in program integrity files, and in other ways. HIPAA requires that covered entities (i.e., health plans, health care clearinghouses, and those health care providers who transmit any health information in electronic form in connection with a transaction for which the Secretary of Health and Human Services has adopted a standard) use NPIs in standard transactions by the compliance dates. The compliance date for all covered entities except small health plans is May 23, 2007; the compliance date for small health plans is May 23, 2008. As of the compliance dates, the NPI will be the only health care provider identifier that can be used for identification purposes in standard transactions by covered entities.

Is a health care provider required to obtain an NPI?

Under the National Provider Identifier Regulation (that was published in the Federal Register on January 23, 2004), a health care provider who is a covered entity, as defined at 45 C.F.R. § 160.103, is required to obtain a National Provider Identifier (NPI) by May 23, 2007.

Who is eligible to receive an NPI?

Entities who meet the definition of “health care provider”, as defined at 45 C.F.R. § 160.103, are eligible to receive National Provider Identifiers (NPIs). Health care providers include hospitals, nursing homes, durable medical equipment suppliers, clinical laboratories, pharmacies, and many other “institutional” type providers; physicians, dentists, pharmacists, nurses, and many other health care practitioners and professionals; group practices, health maintenance organizations, and others.

How will a health care provider obtain an NPI?

A health care provider will obtain a National Provider Identifier (NPI) by submitting an application for an NPI—either on paper through the postal service or electronically over the Internet. After the application is successfully processed, the health care provider will be notified of its NPI. The CMS web site (www.cms.hhs.gov/hipaa/hipaa2) will contain information on when, where and how the NPI application can be obtained.

How long will it take to get an NPI?

We cannot predict the amount of time it will take to obtain a National Provider Identifier (NPI) because several factors come into play. Such factors include the volume of applications being processed at a given time, whether the application was submitted electronically or on paper, and whether the application was complete and passed all edits. We expect that a health care provider who submits a properly completed electronic application could have its NPI in 10 days.

Will a health care provider have to pay for an NPI?

No. A health care provider will not be charged, nor have to pay, a fee in order to obtain an National Provider Identifier (NPI).

If a health care provider with an NPI moves to a new location, must the health care provider notify the enumerator of its new address?

A covered health care provider must notify the enumerator of changes in any of the information that it furnished on its application for a National Provider Identifier (NPI), and must do so within 30 days of the change. We encourage health care providers who have been assigned NPIs, but who are not covered entities, to do the same.

Will a health care provider continue to use other numbers besides the NPI
to identify itself in standard transactions after the compliance date?

Upon the compliance dates, only the National Provider Identifier (NPI) may be used for identification purposes for a health care provider in standard transactions; legacy identifiers (such as the Unique Physician Identification Number (UPIN), Medicaid Provider Number, Medicare Provider Number, and others) may not be used. Where a health care provider must be identified in standard transactions for tax purposes, it would use its Taxpayer Identifying Number as required by the implementation specifications. Health care provider identification numbers other than the NPI may continue to be used in the internal processes and files of health plans or health care clearinghouses if they wish to continue to use those identification numbers in those internal processes and files.

Who will assign NPIs to health care providers?

The Department of Health and Human Services will contract with an organization, known as the enumerator, to do this work. In addition to receiving and processing National Provider Identifer (NPI) applications and notifying health care providers of their NPIs, the enumerator will: use the National Provider System (NPS) to ensure the unique identification of a health care provider; answer questions about the processes of applying for and obtaining NPIs and furnishing updates; collect information, via the applications and updates, and maintain the NPS database containing NPIs and information about the health care providers to which they are assigned; and furnish information upon request and in accordance with established guidelines.

Will a health care provider’s NPI ever change?

The National Provider Identifier (NPI) is meant to be a lasting identifier, and would not change based on changes in a health care provider’s name, address, ownership, membership in health plans, or Healthcare Provider Taxonomy classification. There may be situations where use of an NPI for fraudulent purposes results in a health care provider requesting a different NPI; such situations will be investigated and a different NPI may be assigned to the requesting health care provider.

What is the format of the NPI?

The National Provider Identifier (NPI) is all numeric and is 10 positions in length: the first 9 positions are the identifier and the last position is a check digit. The check digit helps detect invalid NPIs. There is no embedded intelligence in the NPI with respect to the health care provider that it identifies.

How can a health care provider obtain an NPI?

After the standard is announced in the Final Rule in the Federal Register, the NPS will begin assigning NPIs to health care providers based on information they supply on NPI applications. Because there are so many providers, HHS recommended in the Notice of Proposed Rule Making that assignment of the NPI be done in phases. We expect that providers that conduct any of the transactions specified in HIPAA would be among the first to be enumerated.

When can a health care provider apply for an NPI?

Health care providers can apply for National Provider Identifiers (NPIs) beginning on the effective date of the final rule, which is May 23, 2005.

Will there be a crosswalk of UPINs to NPIs?

The extract file that will be produced by the National Provider System will contain the information required for a Unique Physician Identification Number (UPIN) crosswalk. The extract file may also include other health care provider identification numbers (such as Medicaid numbers and drug enforcement administration (DEA) numbers) if those numbers were furnished by health care providers when they applied for National Provider Identifiers (NPIs).

Will there be enough NPIs to enumerate all health care providers? Will we ever run out?

The format of the National Provider Identifier (NPI) and the assignment strategy will enable the enumeration of over 200 million health care providers. At the current rate of increase in the number of providers in the United States, this should enable the Department of Health and Human Services to enumerate health care providers for 200 years.

Go to TOP

Plan Identifier Questions & Answers

Is there a difference between the PlanID and the NPI or are they the same?

They are different. The PlanID will be assigned to health plans. NPIs will be assigned to health care providers. On some occasions, an organization will receive a PlanID and an NPI. One instance where this could occur is when a managed care organization is both a health plan and a health care provider.

What is the difference between the health plan identifier (PAYERID) and PlanID?

PlanID was formerly known as PAYERID.

Go to TOP

Individual Identifier Questions & Answers

What is a Unique Identifier for Individuals?

It is exactly what the term indicates. Each individual would be identified with one identifier that would be unique to that person.

What is happening with the Individual Identifier? Will we have one or not?

Currently the funding for development of a national individual identifier is on hold. According to HHS, opinion about the unique identifier for individuals is deeply divided. The Clinton-Gore Administration deemed it wise to wait on the establishment of an individual identifier until after the other HIPAA security and privacy provisions were in place. Since the intent of the individual identifier is to positively identify the individual's health information across the care continuum, adequate security and privacy measures will need to be in place first to ensure no loss in privacy or security occurs with the use of the individual identifier.

Why would an Individual Identifier be needed?

HIPAA recognized the need for a unique individual identifier as part of the administrative simplification process. Today, the various health care providers assign individuals numbers for purposes of their own identification process and obviously these numbers are not cross-referenced. A unique individual identifier will allow for the reduction of administration workload and costs, enable faster access to critical health information, and increase the efficiency in the exchange of electronic data.

Duplicate medical record numbers and disparate medical files have plagued the health care industry, due to many reasons. Individuals may not present themselves accurately or in the same manner for each individual episode of care, such as the use of nicknames, name changes due to marriage or divorce, or misspelling of one's name. Health care staff may not select or retrieve the appropriate record due to the previous reasons, misfilings, or inadvertent error. Studies have documented intentional misrepresentation by the patient as a mechanism to protect their privacy.

A secure and privacy-protected individual identifier would allow for positive identification, collection and retrieval of the medical record and ensure that health care professionals have access to the complete set of patient information. Quality health care depends upon the ability to aggregate the patient's information to synthesize an accurate complete profile of the patient's health status.

Everyone has a Social Security Number, why not use that as the unique identifier?

There is concern by many individuals and groups that if the Social Security Number is used there will be extended linking not only for health information but also credit and financial information. That is definitely not the intent of the individual unique identifier.

Go to TOP