For whom the NPI tolls: Deadline for HIPAA compliance closes in

November 1, 2006

The deadline draws near for the healthcare industry to comply with one of the final regulations mandated by the Health Insurance Portability and Accountability Act (HIPAA) in the ongoing industrywide effort to get all arms on the same electronic page.

THE DEADLINE DRAWS NEAR for the healthcare industry to comply with one of the final regulations mandated by the Health Insurance Portability and Accountability Act (HIPAA) in the ongoing industrywide effort to get all arms on the same electronic page.

May 23, 2007, is the date that's been set for providers to adopt a single National Provider Identifier (NPI), a unique 10-digit numerical identifier that replaces current legacy provider identification numbers. The move was mandated by the Department of Health and Human Services in 1996 when HIPAA became law. The mandate says that by May 23, all providers must obtain and use NPIs for all covered transactions and that all health plans must identify providers by those NPIs. The Centers for Medicare & Medicaid Services (CMS) has developed the National Plan and Provider Enumeration System (NPPES) to assign these unique identifiers.

For the individual or small-group provider, acquiring the NPI will be a fairly easy process.

"I got my NPI in about 30 minutes," said Peter Kongstvedt, MD, a practicing internist and senior executive for consulting firm Accenture's Health and Life Science division. "For large provider groups, it's a different story in that it's a much more complex process. Big organizations are likely to get different NPIs for various components-for instance, an organization may apply for one NPI for its nursing-home component, another for its cancer center and so forth. A large organization must also make sure its software for billing, reporting and other functions is in compliance with HIPAA requirements that will link that organization to all payers."

For plans, says Dr. Kongstvedt, the process may be just as complex.

"By law, the NPI cannot contain what's known as 'imbedded intelligence,' that is, those parts of the old legacy identifiers that contain certain information-that's gone with NPI," he says. "Another complexity is that many individual providers as well as groups have several ID numbers now-I have more than one, for instance, because I'm licensed to practice in two states-and that will all go away as well. Another complexity plans have to deal with is that the NPI is numerical, while current identifiers are not solely numerical but use letters as well. All this different data has to be gathered and sifted."

Joel Portice agrees. Portice is founder and chief operating officer of Enclarity Inc., an Aliiso Viejo, Calif.-based software firm that's one of many vendors marketing products targeted at helping both plans and providers comply with the HIPAA-mandated NPI program.

"There are tremendous challenges to managing this data consistently, and the way data has been collected is wrought with problems," he says. "The real burden of the NPI program rests on the plans, because it's another field that has to be added to their already complex systems."

Portice says a major problem is the quality of the NPPES data.

"The nature and quality of the NPPES are limited and lacking," he says. "The challenge is to link to and match all of this data in the payer's system. This is not a trivial event-payers will have to bring all this information together and make sure it's accurate and organized."