NPI warning: Don’t give out your Social Security number

Monday, December 31, 2007

WASHINGTON – Providers should double-check their information in the National Provider Identifier (NPI) registry or risk having sensitive information like Social Security numbers disclosed to others, warned Medicare in late November.
Concerns were raised last fall when it became apparent that some providers had entered social security numbers in fields labeled “other provider identification numbers,” “employer identification number (EIN)” and “license numbers.”
CMS has been suppressing all nine-digit numbers found in any disclosable field except for ZIP code and telephone/fax number fields.
Overall, the system seems to be working fine, although it’s cumbersome, said Kim Brummett, vice president of contracting and reimbursement for Greensboro, N.C.-based Advanced Home Care.
“The challenge is keeping your stuff up-to-date,” she said. “I have 20 NPIs and we have to have separate log-ins for each number. So if something changes, like an address, I’ve got to go in and fix every single one of them.”
Beginning Jan. 1, 2008, 8371 electronic claims and UB-04 paper claims without NPIs for primary providers will be rejected. Starting March 1, 2008, that expands to the FFS 837P and CMS 1500 claims.
NPI and legacy number pairs will still be accepted, until May 23, 2008, at which time only the NPI will be accepted on all HIPAA electronic and paper claims.