Why is it Necessary to Screen Against the NPPES and its NPI Registry Database?

Share this article

Are you meeting your screening obligations and including the NPI registry in your searches?

 We are sometimes asked, “Does Exclusion Screening perform NPI1 screening services?”  That’s a great question. The answer is “YES.” As discussed below, unique NPIs are assigned to covered health care providers and are maintained as part of the National Plan & Provider Enumeration System (NPPES).  Many health care providers are only familiar with the exclusion database maintained by the Department of Health and Human Services (HHS), Office of Inspector General (OIG) – known as the List of Excluded Individuals and Entities (LEIE).  Nevertheless, it is important to remember that the LEIE is only one of many Federal and State exclusion databases that a healthcare provider or supplier should be monitoring on a monthly basis.

For example, the U.S. General Services Administration (GSA) maintains the System of Award Management (SAM)2, a registry of individuals and entities that have been excluded or debarred from doing business with the government. 

In addition to these Federal databases, approximately 42 states3 currently maintain lists of individuals and entities that have been excluded from participating in the Medicaid and CHIP4 programs.  At Exclusion Screening, we screen against these “core” exclusion databases (the LEIE, the GSA-SAM, and the complete list of State Medicaid exclusion lists).  Notably, we don’t stop there.  We also screen against a number of additional Federal databases (such as the NPPES), that we have identified as essential in:

  • Reducing a healthcare provider’s level of Civil Monetary Penalty (CMP) risk;
  • Protecting Federal health care program beneficiaries; and,
  • Safeguarding the financial integrity of these indispensable Federal health care programs.5

This article examines the NPPES in more detail and discusses its program integrity role and functions in the overall screening process.

I. What is the Relationship Between the NPPES and a Provider’s NPI?

 It is essential that you screen against the NPPES and its NPI registry database.

Simply put, the NPPES is the national system managed by the Centers for Medicare and Medicaid Services (CMS) that is used to assign unique identifiers to healthcare providers and health plans through the use of a National Provider Identifier (NPI). In order to obtain an NPI, healthcare providers must register and apply through the NPPES.  Once approved, a healthcare provider is issued a unique 10-digit identifier by the NPPES.  Notably, the issuance of an NPI does not mean that an individual or organization has been credentialed by Medicare, Medicaid, or any other health plan.  Healthcare providers must still go through a separate credentialing process in order to participate in a government or private-payer health plan.

II. NPPES NPI Registry Basics:

You may ask, “Why was it necessary for the NPPES to establish the NPI registry?”  The long-standing need to establish a uniform, unique identifier system for health care providers and health plans was recognized and addressed when Congress enacted the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Among its many provisions, HIPAA requires that a unique health identifier be used by HIPAA-covered entities in standard electronic healthcare transactions. Almost a decade later, CMS published its Final Rule setting out the agency’s implementation of the NPI initiative.

From a practical standpoint, the issuance of an NPI was instrumental in facilitating the replacement of several legacy provider identifier systems. Pre-NPI provider identifiers replaced by the NPI system include the Unique Physician Identification Number (UPIN), the Personal Identification Number (PIN), the Online Survey Certification & Reporting (OSCAR) system, and the National Supplier Clearinghouse (NSC) number system used in connection with DMERC claims.  All HIPAA-covered individuals and entities were required to use NPIs as their national provider identifier when completing standard transactions by May 23, 2007. Prior to enrolling in the Medicare program, a healthcare provider or entity is required to have an NPI.  There are two types of NPIs:

  • Type 1 is at the individual practitioner level. For example, physicians, mid-level providers, dentists and sole proprietors fall under this category.
  • Type 2 is at the organizational level. For example, physician groups, hospitals, nursing and corporations fall under this category.

Individual healthcare providers who desire to incorporate may need to obtain an NPI for himself / herself (Type 1) and an NPI for their corporation or LLC (Type 2).  HIPAA-covered providers are required to share their NPI with other healthcare providers, health plans, clearinghouses, and other entities that need it for billing purposes.


III. What is the Statutory Basis for Screening Against the NPI Registry?

In accordance with 42 CFR §424.518, a Medicare contractor is required to screen all initial applications seeking enrollment in the Medicare program, along with any applications for re-enrollment that arise.  Medicare contractors are required to conduct a variety of database checks to ensure that a provider or supplier meets all applicable Federal requirements for enrollment. While the extent of screening conducted varies, depending on the “risk” level presented, all applicants are screened against the Social Security Number (SSN) registry, the NPI identifier system, the National Practitioner Data Bank (NPDB) licensure database, the LEIE, and a number of other databases identified by CMS. 

IV. State Medicaid Screens of the NPPES and its NPI Registry:

State Medicaid agencies are required to perform a variety of Federal database checks to ensure that no excluded individuals or entities are permitted to enroll or reenroll in their State’s Medicaid program. As these regulations mandate:

“. . . The State Medicaid agency must do all of the following:

(a) Confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.

(b) Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals / Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.

(c)(1) Consult appropriate databases to confirm identity upon enrollment and re-enrollment; and (2) Check the OIG LEIE and EPLS no less frequently than monthly.” (Emphasis added). 6

While many State Medicaid agencies have incorporated a search of the NPPES, and its NPI database, into their monthly exclusion screening process, a number of State Medicaid agencies have yet to implement their mandatory database check obligations under 42 CFR §424.436.

V.  Why is an NPPES-Issued NPI an Important Exclusion Identification Tool?

Let’s face it, mistakes happen.  If an individual’s basic identification information is available and accurate, it is relatively easy to screen against the LEIE.  Unfortunately, that isn’t always the case. In fact, it can be extremely difficult to effectively screen an individual solely using the OIG’s LEIE and the GSA’s SAM database if even a single identifier is incorrect. We have seen a wide variety of scenarios where excluded parties have managed to:

  • Stay under the proverbial radar and either avoid being reported to the OIG for inclusion in the OIG LEIE registry; OR
  • Avoid detection when screening under the LEIE due to a clerical mistake by a reporting entity or by the OIG when placing an individual or entity on the registry; OR
  • Benefited from the use of misspelled names, the use of maiden names, the incorrect placement of hyphens and a host of other clerical errors that made it difficult to verify whether an individual or entity has been excluded from participation in the Medicare or Medicaid programs.  Using the NPPES and its associated NPI registry as a supplemental screening tool can greatly enhance the screening process.

While screening against the NPPES (and its NPI registry database) is an essential compliance step, it is important to recognize that even the NPPES may be far from perfect.  Although no new studies have been conducted, when the OIG last examined the accuracy of the information maintained in CMS’s enrollment systems, it found numerous mistakes and inconsistencies. 

“Medicare provider data in NPPES and PECOS7 were often inaccurate and occasionally incomplete and were generally inconsistent between the two databases.  In NPPES, provider data were inaccurate in 48 percent of records, and complete for nearly all required variables but incomplete for conditionally required variables in 9 percent of records.  In PECOS, provider data were inaccurate in 58 percent of records and incomplete in almost 4 percent.  Additionally, provider data were inconsistent between NPPES and PECOS for 97 percent of records.”  (Emphasis added).8

VI.  What Can Happen if You Fail to Properly Screen Your Employees, Vendors, Agents and Contractors and Improperly Employ an Excluded Individual?

The effect of an OIG exclusion is extremely broad and is intended to prohibit all participation in Federal health care programs by excluded parties.9

This “payment prohibition” extends to all items or services that are furnished, either directly or indirectly, by an excluded individual or entity, OR at the medical direction or on the prescription of an excluded person.10

Should you fail to properly screen and inadvertently employ or contract with an excluded party, you are responsible for repaying any overpayments that may be owed.  You may also face the imposition of CMPs by the OIG.  Good intentions will be given little credit if you fail in this regard. Frankly, there really is no good reason to hire or contract with an excluded person or entity.

An exclusion violation occurs whenever a provider acts in contravention of the payment prohibitions described in 42 CFR §1001.1901. The government’s enforcement efforts have also focused on the requirement that providers ensure that physicians, pharmacies and labs at the point of service are not excluded. In other words, if a practice makes a referral to an excluded therapist, the practice may be held as responsible as the therapist for any overpayments that may be owed. Several recent cases brought against health care providers are outlined below:

  • Texas.  In this case, a health care holding company agreed to pay more than $115,000 to resolve allegations that it violated applicable CMP law when it employed an excluded individual as a registered nurse who provided items or services that were billed to Federal health care programs. 
  • Minnesota.   A Minnesota group home for adults with disabilities agreed to pay $150,000 for allegedly violating applicable law when it employed an excluded individual (as a direct support professional) whose services were billed to Federal health care programs. 
  • New York.  In this case, a New York based home attendant program agreed to pay $866,000 to resolve allegations that it improperly employed an individual to work as a personal assistant who had been excluded from participation in New York Medicaid.  While improperly employed, the personal assistant’s services were improperly billed to the New York Medicaid program. 

VII. The Vetting of a Provider’s NPI, Along with Other Core Databases by Exclusion Screening, Can Significantly Reduce Your Level of Risk:

From a practical standpoint, it is next to impossible for a health care provider, supplier or health plan to properly screen the members of their staff, contractors, agents and vendors against the full scope of Federal and State program integrity databases monitored by our company.  The government has readily recognized that health care providers may seek to delegate their screening obligation to a qualified vendor such as Exclusion Screening.  For most health care providers, this is a cost-effective way of fulfilling their screening obligations. Having Exclusion Screening regularly screen your list can also provide a strong defense against the imposition of any CMPs. 


Need help?  Call the experienced professionals at Exclusion Screening for a complimentary consultation to discuss your sanction monitoring needs. Exclusion Screening is the ONLY screening company developed by nationally recognized former Federal prosecutors11 with your regulatory compliance needs in mind.  We can be reached at:  1 (800) 294-0952.


[1] The Nation Provider Identifier (NPI) is a one of the many standards set up under the Health Insurance Portability and Accountability Act of 1996).  Under this system, a unique identification number has been established for covered health care providers. For more information, see the Final Rule titled “HIPAA Administrative Simplification: Standard Unique Health Identifier for Health Care Providers,” published in the Federal Register in January 2004.

[2] The SAM combined the former Central Contractor Registration (CCR) system, CCR’s Federal Registration (FedReg) module, the Online Representation and Certification Application (ORCA) and the Excluded Parties List System (EPLS).

[3] For a current list of the ever-changing roster of states with a Medicaid exclusion list, please see Exclusion Screening’s article on this subject.

[4] The Children’s Health Insurance Program (CHIP) provides health care coverage for Medicaid and CHIP program eligible children around the country.  Eligibility requirements vary from State to State.  The CHIP program is primarily funded by the Federal government, with varying contributions provided by each State.  At last count, more than 9.6 million children were enrolled in CHIP programs around the country

[5] As OIG describes, in its “Special Advisory Bulletin: The Effect of Exclusion from Participation I Federal Health Care Programs” (September 1999), a Federal health care program as: “. . . any plan or program that provides health benefits, whether directly, through insurance, or otherwise, which is funded directly, in whole or in part, by the United States Government or a State health care program (with the exception of the Federal Employees Health Benefits Program) (section 1128B(f) of the Act). The most significant Federal health care programs are Medicare, Medicaid, Tricare and the Veterans programs.” (See footnote 1).

[6] See 42 CFR §455.436.

[7] Provider Enrollment, Chain and Ownership System (PECOS).

[8] See OIG’s report titled “Improvements Needed to Ensure Provider Enumeration and Medicare Enrollment Date are Accurate, Complete and Consistent.”  OEI-07-09-00440 (May 2013).

[9]  The OIG has twice published guidance of the effect of an OIG Exclusion. A Special Advisory Bulletin on “The Effect of Exclusion from Participation in Federal Health Care Programs” was issued September 2, 1999, and an Updated Special Advisory Bulletin on the Effect of Exclusions from Participation in Federal Health Care Programs” was issued May 8, 2013.

[10]  See 42 C.F.R. 1001.1901(b); 42 C.F.R. § 1001.10.

[11] Both Robert W. Liles and Paul Weidenfeld, the founders of Exclusion Screening served as Assistant U.S. Attorneys.  Additionally, both of these individuals served as “National Health Care Fraud Coordinator” for the 94 U.S. Attorney’s Offices around the country, while at the Executive Office for U.S. Attorneys, Department of Justice.

Pricing Inquiry:

For an individual assessment of your needs and costs, please provide the information requested below and someone from our team will follow up with you.

Request a demo, inquire about Pricing, or to ask about our services,

Share this article