Sharing information

March 22, 2007
Credentialing Resource Center Digest - Volume 8 Issue 11

This past week, members of HCPro's medical staff talk group raised the question of whether the medical staff office (MSO) can share National Provider Identifier (NPI) numbers with other organizations.  After some searching (most of the time I am glad there is an Internet), I found the following statement on the CMS Web site:

Get It. Share It. Use It.
Once providers have received their NPIs, they should share their NPIs with other providers with whom they do business, and with health plans that request their NPIs.  In fact, as outlined in current regulation, providers must share their NPI with any entity that may need it for billing purposes -- including those who need it for designation of ordering or referring physician.  Providers should also consider letting health plans, or institutions for whom they work, share their NPIs for them.

Although the above CMS statement addresses whether a provider can share his or her NPI number, it does not answer the question of whether the hospital MSO can/should provide a practitioner's NPI number to health plans, business entities, and other interested parties. It seems like a good time to turn to our old friend, the "5 P's"--It is our policy to have a policy.  In the absence of a policy, it is our policy to create a policy.

Your organization should have a policy that specifies the practitioner-specific information your MSO can provide to outside organizations and individuals. Does your organization have such a policy?  If not, create one. The policy should:

  • Acknowledge that the practitioner signed a waiver and release when he or she applied for medical staff membership and/or clinical privileges.  This waiver and release should cover the release of routine information.
  • Describe the data maintained in the credentialing database, including the practitioner's name, office address, home address, cell phone number, birth date, social security number, and NPI number.
  • Specify what information can be shared (data element by data element) and with whom it can be shared.  It may be easier to list the information that can be shared only in specific cases, such as a practitioner's social security number or a copy of the NPDB report. For example, many organizations routinely provide other healthcare organizations with information about a medical staff member without first securing a specific signed release of information from that practitioner.  This practice was virtually unheard of 10 or 15 years ago, but it is now quite customary to provide information about medical staff members in "good standing."
  • Address the information that is posted on the organization's intranet or in other locations, such as privileges granted, contact information (related to emergency room call schedules), etc.

MSOs maintain both routine and highly confidential information about medical staff members. It is important that the MSO have a policy, approved by the medical executive committee after review by legal counsel, which makes clear what information can and cannot be released.

Until next week,

Vicki L. Searcy, CPMSM
Practice Director, Credentialing & Privileging
The Greeley Company
vsearcy@greeley.com
www.greeley.com