We are sometimes asked, “Why do you screen against the National Plan and Provider Enumeration System (NPPES).”  That is a great question.  Many healthcare providers are only familiar with the exclusion database maintained by the Department of Health and Human Services (HHS), Office of Inspector General (OIG) – known as the List of Excluded Individuals and Entities (LEIE).  Nevertheless, it is important to remember that the LEIE is only one of many Federal and State exclusion databases that a healthcare provider or supplier should be monitoring on a monthly basis.  For example, the U.S. General Services Administration (GSA) maintains the System of Award Management (SAM),^[1] a registry of individuals and entities that have been excluded or debarred from doing business with the government.  In addition to these Federal databases, approximately 42 states^[2] currently maintain lists of individuals and entities that have been excluded from participating in the Medicaid and CHIP^[3] programs.   At Exclusion Screening, we screen against these “core” exclusion databases (the LEIE, the GSA-SAM, and the complete list of State Medicaid exclusion lists).  Notably, we don’t stop there.  We also screen against a number of additional Federal databases (such as the NPPES), that we have identified as essential in:

• Reducing a healthcare provider’s level of CMP risk;
• Protecting Federal health care program beneficiaries; and,
• Safeguarding the financial integrity of these indispensable Federal health care programs.^[4]

This article examines the NPPES in more detail and discusses its program integrity role and functions in the overall screening process.

I. What is the NPPES?

Simply put, the NPPES is the national system managed by the Centers for Medicare and Medicaid Services (CMS) that is used to assign unique identifiers to health care providers and health plans through the use of a National Provider Identifier (NPI). In order to obtain an NPI, health care providers must register and apply through the NPPES.  Once approved, a health care provider is issued a unique 10-digit identifier by the NPPES.  Notably, the issuance of an NPI does not mean that an individual or organization has been credentialed by Medicare, Medicaid or any other health plan.  Health care providers must still go through a separate credentialing process in order to participate in a government or private payer health plan.

II. NPI Basics:

You may ask,“Why was it necessary for the NPPES to establish the NPI registry?”The long-standing need to establish a uniform, unique identifier system for health care providers and health plans was recognized and addressed when Congress enacted the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Among its many provisions, HIPAA required that a unique health identifier be used by HIPAA covered entities in standard electronic health care transactions. Almost a decade later, CMS published its Final Rule setting out the agency’s implementation of the NPI initiative.^[5]

From a practical standpoint, the issuance of an NPI was instrumental in facilitating the replacement of a number of legacy provider identifier systems. Pre-NPI provider identifiers replaced by the NPI system include the Unique Physician Identification Number (UPIN), the Personal Identification Number (PIN), the Online Survey Certification & Reporting (OSCAR) system, and the National Supplier Clearinghouse (NSC) number system used in connection with DMERC claims.  All HIPAA-covered individuals and entities were required to use NPIs as their national provider identifier when completing standard transactions by May 23, 2007.

Prior to enrolling in the Medicare program, a health care provider or entity is required to have an NPI.  There are two types of NPIs:

Type 1 is at the individual practitioner level. For example, physicians, mid-level providers, dentists and sole proprietors fall under this category.

Type 2 is at the organizational level. For example, physician groups, hospitals, nursing and corporations fall under this category.

Individual health care providers who desire to incorporate may need to obtain an NPI for himself / herself (Type 1) and an NPI for your corporation or LLC (Type 2).  HIPAA covered providers are required to share their NPI with other health care providers, health plans, clearinghouses, and other entities that need it for billing purposes.

III. What is the Statutory Basis for Screening Against the NPPES?

In accordance with 42 CFR §424.518, a Medicare contractor is required to screen all initial applications seeking enrollment in the Medicare program, along with any applications for reenrollment that arise.  Medicare contractors are required to conduct a variety of database checks to ensure that a provider or supplier meets all applicable Federal requirements for enrollment. While the extent of screening conducted varies, depending on the “risk” level presented, all applicants are screened against the Social Security Number (SSN) registry, the NPI identifier system, the National Practitioner Data Bank (NPDB) licensure database, the LEIE, and a number of other databases identified by CMS. 

IV. State Medicaid Screens of the NPPES:

As required by 42 CFR §424.436,^[6] State Medicaid agencies are required to perform a number of Federal database checks to ensure that no excluded individuals or entities or permitted to enroll or reenroll in their state’s Medicaid program.^[7] As the regulations mandate:

“. . . The State Medicaid agency must do all of the following:

(a) Confirm the identity and deter-mine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.

(b) Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other data
bases as the Secretary may prescribe.

(c)(1) Consult appropriate databases to confirm identity upon enrollment and reenrollment; and (2) Check the OIG LEIE and EPLS no less frequently than monthly.” (emphasis added).

State Medicaid agencies typically make a search of the NPPES a component of their monthly exclusion screening process of participating providers and suppliers.

V. Why is an NPPES-Issued NPI an Important Exclusion Identification Tool?

Let’s face it, mistakes happen.  As long as an individual’s basic identification information is available and accurate, it is relatively easy to screen against the LEIE.  Unfortunately, that isn’t always the case. In fact, it can be extremely difficult to effectively screen an individual solely using the  OIG LEIE and the GSA-SAM databases if even a single identifier is incorrect. We have seen a wide variety of scenarios where excluded parties have managed to either:

Stay under the proverbial radar and either avoid being reported to the OIG for inclusion in the OIG LEIE registry. OR

Avoid detection when screening under the LEIE due to a clerical mistake by a reporting entity or by the OIG when placing an individual or entity on the registry.

Misspelled names, the use of maiden names, the incorrect placement of hyphens and a host of other clerical errors can make it difficult to verify whether an individual or entity has been excluded from participation in the Medicare or Medicaid programs.  Using the NPPES and its associated NPI registry as a supplemental screening tool can greatly enhance the screening process.

VI. What Can Happen if You Fail to Properly Screen Your Employees, Vendors, agents and Contractors?

The effect of an OIG exclusion is extremely broad and is intended to prohibit all participation in Federal health care programs by excluded parties.^[8] This “payment prohibition” extends to all items or services that are furnished, either directly or indirectly, by an excluded individual or entity, OR at the medical direction or on the prescription of an excluded person.^[9]

Should you fail to properly screen and inadvertently employ or contract with an excluded party, you are responsible for repaying any overpayments that may be owed.  You may also face the imposition of CMPs by the OIG.  Good intentions will be given little credit if you fail in this regard. Frankly, there really is no good reason to hire or contract with an excluded person or entity.

An exclusion violation occurs whenever a provider acts in contravention of the payment prohibitions described in 42 CFR §1001.1901. Some of the specific acts which give rise to the OIG’s authority to impose CMPs for exclusion-related violations are listed below:

United States Code Citation	Code of Federal Regulations Citation	Exclusion Violation
42 USC §1320a-7a(a)(1)(D)	42 CFR §1003.200(a)(3)	Knowing presentation of an item or service by an excluded individual or entity.
42 USC §1320a-7a(a)(4)	42 USC §1003.200(b)(3)	An excluded party owns or controls 5% or more of an entity, or is an officer or manager.
42 USC §1320a-7a(a)(6)	42 USC §1003.200(b)(4)	Employs or contracts with excluded party that he knows, or should know, is excluded.
42 USC §1320a-7a(a)(8)	42 USC §1003.300(b)(6)	Orders or prescribes medicine from a person that he knows, or should know, is excluded.
42 USC §1395w-27(g)(2)(A)	42 USC §1003.400(b)(2)	Medicare Contracting Organization (MCO) employs or contracts with an excluded party.
42 USC §1395mm(i)(6)(B)(i)	42 USC §1003.400(c)(5)	Medicare Advantage or Part D contracting org. employs or contracts with an excluded party.

In most cases, the OIG has the authority to impose a penalty of up to $10,000 for each individual violation.  However, this is increased to $25,000 for violations with respect to Managed Care Organizations, Medicare Advantage Plans and Part D Contractors.^[10]

The government’s enforcement efforts have also focused on the requirement that providers ensure that physicians, pharmacies and labs at the point of service are not excluded. In other words, if a practice makes a referral to an excluded therapist, the practice may be held as responsible as the therapist for any overpayments that may be owed. This has resulted in a number of settlements with pharmacies based on their employment of excluded pharmacists or excluded support personnel. In one case, a pharmacy chain paid $21.5 million in settlement because it had employed a large number of
excluded pharmacists.  In a state-based exclusion penalties action, the Attorney General of New York settled with a pharmacy for $442,000 to resolve allegations that the pharmacy had been fulfilling prescriptions ordered by an excluded physician.

VII. The Vetting of a Provider’s NPI by Exclusion Screening Reduces Your Level of Risk:

From a practical standpoint, it is next to impossible for a health care provider, supplier or health plan to properly screen the members of their staff, contractors, agents and vendors against the full scope of Federal and State program integrity databases monitored by our company.  The government has readily recognized that health care providers may seek to delegate their screening obligation to a qualified vendor such as Exclusion Screening.  For most health care providers, this is a cost-effective way of fulfilling their screening obligations. Having Exclusion Screening regularly screen your list can also provide a strong defense against the imposition of any CMPs.  Need help?  Call the experienced professionals at Exclusion Screening for a complimentary consultation to discuss your sanction monitoring needs. Exclusion Screening is the ONLY screening company developed by nationally recognized former Federal prosecutors^[11] with your regulatory compliance needs in mind.  We can be reached at:  1 (800) 294-0952.

^[1] The SAM combined the former Central Contractor Registration (CCR) system, CCR’s Federal Registration (FedReg) module, the Online Representation and Certification Application (ORCA) and the Excluded Parties List System (EPLS).

^[2] For a current list of the ever-changing roster of states with a Medicaid exclusion list, please see Exclusion Screening’s article on this subject.

^[3] The Children’s Health Insurance Program (CHIP).

^[4] The OIG describes a Federal health care program as:

“. . . any plan or program that provides health benefits, whether directly, through insurance, or otherwise, which is funded directly, in whole or in part, by the United States Government or a State health care program (with the exception of the Federal Employees Health Benefits Program) (section 1128B(f) of the Act). The most significant Federal health care programs are Medicare, Medicaid, Tricare and the Veterans programs.”

^[5] The Centers for Medicare and Medicaid Services (CMS) published its Final Rule covering the NPI initiative in January 2004.

^[6] 42 CFR §424.436 — Federal database checks.

^[7] Despite the fact that all State Medicaid agencies are required to conduct these screening activities, experience has shown that a number of states have yet to implement their obligations under 42 CFR §424.436.

^[8] The OIG has twice published guidance of the effect of an OIG Exclusion. A Special Advisory Bulletin on the Effects of Exclusion from Federal Health Care Programs” was issued September 2, 1999 and an “Updated Special Advisory Bulletin on the Effect of Exclusions from Participation in Federal Health Care Programs” was issued May 8, 2013.

^[9] See 42 C.F.R. 1001.1901(b), 42 C.F.R. § 1001.10.

^[10] This is a listing of the CMP authorities related to exclusion violations. A complete listing of the OIGs CMP authorities can be found on the OIG’s website or at 42 CFR §1003.210.

^[11] Both Robert W. Liles and Paul Weidenfeld, the founders of Exclusion Screening served as Assistant U.S. Attorneys.  Additionally, both of these individuals served as “National Health Care Fraud Coordinator” for the 94 U.S. Attorney’s Offices around the country, while at the Executive Office for U.S. Attorneys, Department of Justice.