• National Provider Identifier Update
  • February 13, 2008
  • Law Firm: Pepper Hamilton LLP - Philadelphia Office
  • Pursuant to the National Provider Identifier (NPI) regulations, by May 23, 2007, most entities covered by HIPAA, including physicians, other health care professionals and payors, were required to begin using their National Provider Identifiers (NPI) in connection with the electronic transmission of all transactions covered by HIPAA. The NPI is a unique identification number for health care providers that will be used by all health plans. Anyone who uses standard electronic transactions, such as electronic claims, eligibility verifications, claims status inquiries and/or claim attachments will be required to include NPIs on electronic transactions. The NPI eliminates the need for multiple identifiers for the same provider and replaces all “legacy” identifiers, including, but not limited to, Medicaid Provider IDs, individual plan provider IDs and UPINs.

    In light of the delays experienced by many health care professionals and payors in connection with implementing the use of the NPI, the Workgroup for Electronic Data Interchange requested that the Centers for Medicare & Medicaid Services (CMS) implement a contingency plan to allow the health care industry to use old identification numbers for at least 12 months beyond the deadline.

    On April 2, 2007, after it became apparent that many covered entities would be unable to fully comply with the NPI standard by May 23, 2007, CMS announced a contingency plan for those covered entities that made a good faith effort to comply with the NPI provisions. This contingency plan allows covered entities to continue to use legacy provider numbers on HIPAA transactions through May 23, 2008, in order to maintain operations and cash flow, and to ease the transition to exclusive use of NPIs. This plan protects covered entities from enforcement action and penalties imposed by CMS if they continue to act in good faith to comply with the NPI provisions, and they have developed and implemented contingency plans to enable them and their trading partners (e.g. those heath care providers who bill them) to continue to make strides toward compliance.

    In accordance with the NPI contingency plan, CMS has imposed several key Medicare NPI implementation dates that providers must comply with leading up to the expiration of the contingency period.

    • January 1, 2008: As of January 1, 2008, NPIs are now required to identify primary providers, including billing and pay-to providers, in Medicare and electronic paper institutional claims. Providers may continue to use legacy identifiers in the primary provider fields as long as they also include the NPI. All claims submitted without an NPI will be rejected.
    • March 1, 2008: As of March 1, 2008, all claims with both an NPI and a Medicare legacy number will continue to be rejected if the pair is not found on the Medicare NPI Crosswalk. Additionally, all claims without an NPI, or with only a Medicare legacy number, in the primary provider field will be rejected.
    • May 23, 2008: As of May 23, 2008, the contingency period for NPI implementation will terminate and the use of legacy numbers will no longer be permitted on any HIPAA electronic transactions, paper claims, and SPR remittance advice. As of this date, Medicare will begin rejecting all claims that do not contain an NPI for all primary and secondary providers.

    Absent a complaint that leads to investigation, during the contingency period, CMS will not actively enforce the NPI standard. In the event that a covered entity is investigated and found to be non-compliant, CMS may grant such covered entity an NPI compliance “grace period” through May 23, 2008, if the non-compliant covered entity has a reasonable explanation for non-compliance and can demonstrate its good faith effort to comply. However, the contingency process and payment grace period are only available to covered entities that are diligently trying to achieve compliance and have adopted contingency plans to ensure proper payment. Accordingly, it is imperative that covered entities adhere to and comply with the implementation deadlines outlined by CMS and their adopted contingency plans throughout the contingency period.

    On May 24, 2008, following the termination of the contingency period, CMS will lift its enforcement-leniency policy. CMS will continue to employ a complaint-driven approach to enforcement and complaints will be investigated as they are during the contingency period. However, in the absence of enforcement protection provided by the contingency period, the imposition of penalties on non-compliant covered entities will be a legitimate resolution if the entity does not demonstrate compliance or corrective action. Finally, if violations are identified during the investigation, CMS will also take enforcement action.