Regulatory Requirements | 09.19.24
The Role of Data Bank Administrators for Organizations Registered With the National Practitioner Data Bank
By Donald Illich
Healthcare organizations, like hospitals, that interact with the National Practitioner Data Bank (NPDB) are required to perform several tasks. They include submitting reports to the NPDB, querying on healthcare practitioners, and approving users so that they can perform these tasks on the organizations’ behalf. None of these duties can be done unless the organizations have Data Bank administrators. Many organizations and their administrators are not aware of the breadth of their NPDB responsibilities. This article will discuss who Data Bank administrators are, how they manage user accounts, how they are different from other users, and why it is important for organizations to have more than one Data Bank administrator.
The National Practitioner Data Bank
The NPDB is a web-based repository of reports containing information on medical malpractice payments and certain adverse actions related to healthcare practitioners, providers, and suppliers. Established by Congress in 1986, it is a workforce tool that prevents practitioners from moving state to state without disclosure or discovery of previous damaging performance.
Federal regulations authorize eligible organizations to report to and/or query the NPDB. Individuals and organizations who are subjects of these reports have access to their own information. The reports are confidential and not available to the public.
The NPDB assists in promoting quality healthcare and deterring fraud and abuse within healthcare delivery systems.
I. NPDB Roles for Organization Officials
Who Is a Data Bank Administrator?
A registered organization's Data Bank administrator manages user accounts and gives authority to individuals in each organization to manage NPDB activities. Administrators are responsible for maintaining your organization's NPDB profile and performing several vital functions to uphold your organization's uninterrupted and secure access to the NPDB, such as:
- Maintaining user accounts, creating new accounts, deleting inactive accounts, and assigning user account roles.
- Providing account security by reviewing and approving user registrations.
- Completing attestation, maintaining electronic funds transfer (EFT) authorization and credit cards, and designating agents on behalf of the entity.
The administrator must first complete an online administrator training in order to create and assign NPDB user accounts.
Difference Between a Data Bank Administrator and a Certifying Official
Certifying officials are individuals selected and empowered by organizations to certify the legitimacy of registration for participation in the NPDB. They are responsible for signing the organization registration form and deactivating the organization’s registration by notifying the NPDB. Certifying officials do not automatically have a user account, unless given one by a Data Bank administrator. The certifying official and the Data Bank administrator are two distinct roles. However, one person can serve as both the certifying official and the Data Bank administrator.
Data Bank Administrators and Authorized Users
Authorized users (also known as authorized submitters) are the individuals selected and empowered by a registered organization to certify the legitimacy of information provided in a query or report to the NPDB. In most cases, authorized users are employees of the organization submitting reports or queries, such as HR personnel, risk managers, or members of the medical services department. One person can serve as both an authorized user and as a Data Bank administrator. Authorized user roles include (users can have multiple roles):
- Query (query, renew, and search for subjects, and view query responses and report updates)
- Report (submit reports and view report certification)
- Billing Lookup (search for and view billing transactions)
- Administrator (manage user accounts, payment methods, and agent relationships)
II. Data Bank Administrators and User Accounts
Selecting, Identity Proofing, and Deactivating Users
Organizations are responsible for selecting one or more authorized users. For example, an organization through its Data Bank administrator may designate separate individuals within the organization to be authorized users for reporting or querying, or one individual may be the authorized user for both querying and reporting. Data Bank administrators are responsible for confirming that users are authorized when creating user IDs. Each authorized user is required to have a unique user account with a unique user ID. Sharing an account is not permitted. Authorized users must acknowledge the NPDB Rules of Behavior, which require that they protect and maintain sole possession and control of the account. Authorized users must certify their eligibility each time their account is utilized.
Organizations may change authorized users' query and reporting privileges or deactivate authorized users at any time without notifying the NPDB. Data Bank administrators must deactivate any authorized user accounts when the authorized user is no longer affiliated with the organization, no longer needs access, or if the user account has been compromised.
NPDB Organization Accounts
Organizations must certify their eligibility to submit queries and/or reports. Some healthcare organizations, such as hospitals, are required to register with the NPDB in order to carry out their mandatory querying and reporting responsibilities. Each registered organization receives a Data Bank Identification Number (DBID). Each DBID can have as many user accounts as necessary for the organization’s operations. For more information, visit How to Register Online as an Organization.
III. Multiple Administrators and Replacing Administrators
Multiple Administrators and User Accounts
Each registered healthcare organization must have one and preferably more than one Data Bank administrator in the event that one administrator is unavailable.
Maintaining multiple administrators and regularly reviewing your user registrations ensure that your NPDB account is as accurate and up to date as possible. Existing administrators must maintain their user accounts for security when personnel changes occur.
Replacing Current Data Bank Administrators
A new administrator cannot use the user account of a previous administrator. Users need their own accounts and cannot “borrow” the account that belonged to a prior administrator. New administrators can be designated by an existing administrator. This helps the new administrator avoid getting locked out if the other administrator leaves.
To assign an administrator role to one of your users, sign in to your administrator account and complete the following steps:
- The current administrator may grant administrator privileges by selecting Maintain User Accounts on the Administrator Options page.
- They will then choose the relevant user account on the Maintain User Accounts page.
- Under Roles on the User Account Request page, select Administrator. Select Save.
If your organization is already registered but the administrator has left and you don't have a user account, you will need to recomplete the registration process. This long process is necessary to ensure the security of the entity’s accounts, including the Data Bank administrator’s account. We will review the information you provide to confirm your organization is registered and verify your affiliation. The NPDB will review your submission and will email you instructions on how to access your organization's account as the new administrator. For specific steps, visit The NPDB - How to Become the New Administrator (hrsa.gov).
Before starting the process, please make sure you have the following:
- Do you know the tax identification number for your organization?
You will need to know the employer identification number (EIN) assigned to your organization by the IRS. If your organization is not required to have an EIN (e.g., a sole proprietorship), enter your Social Security Number (SSN) or Individual Tax Identification Number (ITIN) instead.
- Are there other identification numbers assigned to your organization?
If your organization has a National Provider Identifier (NPI), you will need to provide it. Hospitals should also add their CMS Certification Number (CCN), the provider number assigned for Medicare.
Using the NPDB More Securely and Efficiently
The information discussed in this article is invaluable for organizations that want to use the NPDB properly. The key to doing so is the Data Bank administrator who has a very important role, from designating user IDs to ensuring there is at least one additional Data Bank administrator. The ability of organizations to report to and query the NPDB is enabled by this administrator’s work. Don’t take it for granted that nothing has changed. Making sure there are Data Bank administrators properly ensuring the organizations’ responsibilities is vital. For more information visit the NPDB web site or the Data Bank Administrator web page. You can email any questions to the customer service center (CSC) at help@npdb.hrsa.gov or call the CSC at 1-800-767-6732.