National Provider Identifiers (NPIs) are vulnerable to identity theft, according to an article published in Physicians Practice.
Thousands of health care providers’ NPIs are stolen each year and are used for further fraudulent schemes, including Medicaid and Medicare fraud. NPIs are vulnerable because they are not confidential and are publicly available on the National Plan and Provider Enumeration System. In addition, NPIs in electronic health records are accessible by rogue employees and possible cyberattacks.
To prevent NPI theft and resulting health care fraud, there are steps providers can take. These include sharing NPIs sparingly and knowing who is using the NPI and why. Providers can monitor claims and reimbursements to verify that billed services match actual income and that reimbursements are not being diverted elsewhere. They also can monitor enrollment information and report any changes, such as practice location.
“If your NPI is compromised, make the proper reports and notifications; investigate and identify the cause of the theft; and when appropriate, file suit,” according to the article. “The sooner you take action the better.”