Can someone truly steal your NPI number?

medical doctor detail

This 10-digit number functions much like a social security number and is used to streamline the medical billing process. NPIs are also vulnerable to theft, just like social security numbers. In addition, NPI is not confidential and can be viewed by the public using the National Plan and Provider Enumeration System, your employees, and cyberattacks. In the United States, the Medical Practice states that thousands of NPIs are stolen and used each year for fraud, particularly Medicare and Medicaid fraud.

NPIs cannot be kept private per federal regulations, but physicians can take steps to protect themselves from identity theft, medical fraud, and other liabilities. Medical practices should remain vigilant and aware of how they use NPIs. Who has access to them? NPIs are mandatory, but practices should avoid putting them on documents, use NPI Lookups, and avoid transactions. Coders and billers should only be given NPIs within a practice if they need them. Make sure your practice uses proper identifiers and that former employers do not continue to use your number after you leave. When doctors stop practicing, they should notify the CMS to flag their NPI as invalid.

In addition to a written policy to prevent and detect fraud and misuse, medical practices should ask their patients to report any erroneous or suspicious billing statements. Both practices and physicians should routinely review Medicare and Medicaid statements and follow up on any discrepancies. You may also want to examine your credit report to look for unusual behavior that may indicate a compromised NPI.

While improved security policies may not prevent NPI misuse and identity theft, they can provide valuable information to help detect and locate criminal activity. NPI fraud is most often perpetrated by someone inside a practice or by a vendor or laboratory they do business with. Scammers sometimes exploit doctors’ data, however, to achieve scams. 

As doctors and practices alike need to guard against NPI-related theft and fraud, formal investigation can destroy a practice or career, often accompanied by bad publicity, halted Medicare and Medicaid payments, and seized records.

The public use of medical NPIs by medical professionals cannot be concealed. Still, practitioners and organizations should be aware of this growing trend as a potential security threat and be alert to any suspicious activities or alarming discrepancies. To protect your NPI from being stolen and misused, there are some things you can do.

Stay aware

Share your NPI only with those who need it and with whom you trust. Ensure you know why someone is asking for your NPI and who will use it.

Stay alert

Make sure your income matches your claims and reimbursements when they arrive. Someone may be stealing your reimbursements if these numbers do not agree. Your credit report may reflect someone stealing your NPI, so you should keep checking it. 

Stay up-to-date

Ensure that your enrollment information is up-to-date periodically. If you move or change employers, you have 30 days after the change to report any change to information used to create your NPI.

The Center for Program Integrity can be reached if you suspect your NPI has been stolen. This center was established to assist NPI theft victims. In the event of fraud, you will have to reach out to anyone who accessed the affected patient records and report the breach.

As the fraud perpetrators have essentially stolen your identity, you may also want to consider filing a lawsuit against them. They may also have breached the contract if they committed fraud.