Back to Top Skip to main content

Health.mil: the official website of the Military Health System (MHS) and the Defense Health Agency (DHA)

Utility Navigation Links

TRICARE Operations Manual 6010.59-M, April 1, 2015
Health Insurance Portability and Accountability Act (HIPAA) of 1996
Chapter 19
Section 4
Health Insurance Portability And Accountability Act (HIPAA) Standard Unique Health Identifier For Health Care Providers Final Rule
Revision:  
1.0  Background And Provisions
On January 23, 2004, Health and Human Services (HHS) published the Final Rule 45 CFR Part 162, known as “HIPAA Administrative Simplification: Standard Unique Health Identifier for Health Care Providers,” establishing the National Provider Identifier (NPI) as the standard unique health identifier for health care providers (both individuals and organizations). The implementation specifications contained in the rule shall be met by “covered entities” which include health plans, clearinghouses, and providers who submit HIPAA-compliant standard electronic transactions, as defined by the HIPAA regulations at 45 CFR 160.103. The compliance date for all covered entities was May 23, 2007.
2.0  Providers
2.1  HHS defines a health care provider in Section 1861(u) of the Act, 42 United States Code (USC) 1395X(u), as a provider of medical or health services, which is also defined in section 1861(s) of the Act, 42 USC 1395X(s). Generally, a provider is a person or organization who furnishes, bills, or is paid for health care in the normal course of doing business.
2.2  For the purposes of the applicability of the rule to Defense Health Agency (DHA), see the TRICARE Policy Manual (TPM), Chapter 11, Section 1.1, for a listing of authorized provider types.
2.3  Health Care Providers are defined in two categories for enumeration purposes:
•  Entity Type 1. Individual. Includes, but is not limited to, those human beings who provide care such as, physicians, Nurse Practitioners (NPs), dentists, chiropractors, pharmacists, and physical therapists.
•  Entity Type 2. Organizational. Includes, but is not limited to, non-person providers such as hospitals, Home Health Agencies (HHAs), clinics, laboratories, suppliers of Durable Medical Equipment (DME), pharmacies, and groups.
2.4  Foreign Providers
2.4.1  A foreign provider is defined as a provider who is not a citizen of the United States (U.S.), regardless of the country in which the provider is practicing. Foreign providers may be authorized TRICARE providers, They, however, are not required to obtain an NPI (due to limited ability to comply with the application requirements), but may choose to do so voluntarily. Electronic transactions (e.g., claims transactions) submitted by foreign providers for adjudication may be submitted using legacy identifiers for provider identification purposes, however, if a foreign provider obtains an NPI, they are encouraged to use the NPI as the primary provider identifier on the electronic transaction.
2.4.2  Providers who are citizens of the U.S., practicing outside the U.S. (e.g., Puerto Rico), are not considered to be “foreign providers”. If the provider practicing outside the U.S. is a U.S. citizen and meets the HHS definition of a “covered entity”, the provider is required to obtain an NPI for the submission of HIPAA-compliant electronic standard transactions and comply with the Final Rule. Electronic transactions submitted by “covered entities”, who are U.S. citizens, that are not HIPAA-compliant shall be denied as appropriate.
2.5  Subpart Enumeration
Subpart Enumeration is the responsibility of the Organizational Provider. In accordance with the Final Rule, Organizational Providers will determine to what extent subpart enumeration is required and identify which of the subparts, if any, of their organizational entity will be identified via a separate enumerator. The Organizational Provider will also determine how the various enumerators obtained will be used for billing purposes.
3.0  Contractor Responsibilities
3.1  Contractors shall comply with provisions of the HIPAA Final Rule for HIPAA Administrative Simplification: Standard Unique Health Identifier for Health Care Providers Final Rule.
3.2  Contractors shall accept NPIs when submitted by providers and use the NPI as the primary identifier to identify health care providers in all HIPAA-compliant electronic standard transactions in accordance with the transaction Implementation Guide.
3.3  Contractors shall deny all claims transactions that do not meet the requirements of the Final Rule.
3.4  Since the National Uniform Billing Committee (NUBC) and the National Uniform Claims Committee (NUCC) have modified the Centers for Medicare and Medicaid Services (CMS) 1450 UB-04 and the CMS 1500 Claim Form to accommodate the use of the NPI on the paper forms, contractors are required to accept and use the NPI if submitted on the paper form for provider identification and claims adjudication.
3.5  Contractors shall verify NPIs using the check digit algorithm in accordance with the Final Rule, 45 CFR Part 162.
3.6  Contractors shall maintain the NPI in their internal provider file. Upon direction of the PCO and future revision of the TRICARE Systems Manual (TSM), Chapter 2 to address the NPI requirements for the TRICARE Encounter Provider (TEPRV) records and TRICARE Encounter Data (TED) record, contractors shall create and submit to DHA a new TRICARE Encounter Provider (TEPRV) record when a provider submits their NPI to the contractor.
•  Type 1 NPI for professional providers.
•  Type 2 NPI for organizational providers.
•  Type 2 NPI for subparts of organizational providers that have been separately enumerated, e.g., different NPIs for different departments within an institution, the contractor shall list the Type 2 NPI for each subpart identified by the provider.
3.7  Contractors shall:
3.7.1  Covered Individual (Type 1) Health Care Providers
•  Ensure HIPAA transactions received identify the provider’s NPI on all HIPAA-compliant electronic standard transactions in accordance with the Implementation Guide for the transaction.
•  Ensure electronic transactions submitted by business associates of the individual provider use their NPIs and NPIs of other health care providers and subparts appropriately for the submission of HIPAA-compliant electronic standard transactions in accordance with the Implementation Guide for the Transaction.
3.7.2  Covered Organizational (Type 2) Health Care Providers
•  Ensure that transactions submitted by the organizational entity and/or its subparts use the NPI on HIPAA-compliant electronic standard transactions.
•  Ensure that transactions submitted by the organizational subparts comply with the NPI implementation specifications.
•  Ensure that business associates of the organizational entity and/or its subparts use their NPIs and NPIs of other health care providers and subparts appropriately for the submission of HIPAA-compliant electronic standard transactions.
3.8  Application Of NPI To TRICARE Processes And Systems
3.8.1  The NPI shall be used as the primary provider identifier for all TRICARE authorized providers who meet the HHS definition of “covered entities” and submit HIPAA-compliant electronic standard transactions. The contractor shall also accept the NPI as the primary identifier on paper claims from providers who obtain an NPI and use it.
3.8.2  The NPI shall be used, as appropriate, for the identification of providers in the Defense Enrollment and Eligibility Reporting System (DEERS).
3.8.3  Upon direction of the PCO and future revision of the TSM, Chapter 2, the NPI shall be used as the primary provider identifier for TEPRV and TED records, for health care providers who meet the HHS definition of covered entity and submit HIPAA-compliant electronic standard transactions. The NPI will also be used as the primary provider identifier on the TEPRV and TED record for providers who obtain an NPI and submit paper claim forms.
3.8.4  TED records will identify both the individual and/or organizational provider NPI as appropriate. For providers who are part of a group or clinic practice, the TED record will reflect the NPI for the group or clinic as well as the NPI of the individual provider. TED records submitted for Institutional claims shall include the NPI for the Organizational (Type 2) entity. Individual NPIs shall not be submitted on institutional TED records.
3.8.5  NPI shall be used for the identification of providers on referrals and authorizations as appropriate.
3.9  NPI Usage In HIPAA Adopted Standard Transactions
The contractor shall collect, use, and retain NPI’s for activities such as the processing and resolution of claims, duplicate claims identification, medical utilization, fraud investigation, third party claim submissions and claim reporting.
•  Accredited Standards Committee (ASC) X12N 837 - Health Care Claim: Professional, Institutional, Dental. The NPI shall be employed in accordance with the usage specifications of the HIPAA Implementation Guide, guide addenda or errata, and any companion documents.
•  ASC X12N 270/271 - Health Care Eligibility Benefit Inquiry and Response. The NPI shall be employed in accordance with the usage specifications of the HIPAA Implementation Guide, guide addenda or errata, and any companion documents. DEERS will capture and maintain the NPI for individual providers to facilitate Health Care Eligibility Inquiry and Response transactions and has the capability to capture and maintain the NPI for organizational providers.
•  ASC X12N 278 - Health Care Services Review - Request for Review and Response. The NPI shall be employed in accordance with the usage specifications of the HIPAA Implementation Guide, guide addenda or errata, and any companion documents.
•  ASC X12N 276/277 - Health Care Claims Status Request and Response. The NPI shall be employed in accordance with the usage specifications of the HIPAA Implementation Guide, its addend, errata, and any companion documents. When required, the NPI shall be used in the electronic standard exchange between entities requesting health care claim status, organizations sending the health care claim status response and other business partners affiliated with the health care claim status request and response.
•  ASC X12N 834 - Benefit Enrollment and Maintenance. DMDC will modify Government furnished web-based system/application to include the NPI where appropriate and in compliance with the HIPAA Implementation Guide, its addenda, errata, and any companion documents.
•  ASC X12N 835 - Health Care Claim Payment/Advice. The NPI shall be submitted in accordance with the usage specifications of the HIPAA Implementation Guide, its addenda, errata, and any companion documents. The NPI will be used when communicating the status of a health care claim payment. Contractors shall be able to use NPI and any other pertinent identifiers to correctly credit and debit the provider.
•  National Council for Prescription Drug Program (NCPDP) latest HIPAA adopted version. This NCPDP transaction and the latest HIPAA adopted NCPDP Batch Standard version may be used for eligibility checking as well as for claims-related transmissions. Contractors shall be able to utilize the NPI in the transaction as defined in NCPDP guidance for the implementation and use of the transactions. For retail pharmacy, the contractor shall comply with the standards adopted in the implementation specifications, as directed in current HIPAA adopted Final Rules.
•  Companion Guides. Contractors shall modify Companion Guides to provide specific guidance with regard to the NPI and its corresponding entity type code for use as the primary provider identifier, as appropriate.
3.10  Web Server Technology
Contractors may choose to utilize the NPI for other provider identification purposes, at no cost to the Government and at their own discretion, on contractor developed and maintained web applications. However, this is not to be construed as instruction from DHA to develop, operate, modify, or maintain contractor web applications. Use of the NPI on contractor web applications shall be in accordance with the requirements of the HIPAA Final Rules.
- END -

Utility Navigation Links

DoD Seal

tricare.mil is the official website of the Defense Health Agency (DHA) a component of the Military Health System

TRICARE is a registered trademark of the Department of Defense (DoD), DHA. All rights reserved.

CPT only © 2006 American Medical Association (or such other date of publication of CPT). All Rights Reserved.

If you have a question regarding TRICARE benefits, please go to the TRICARE Contact Us page page.
If you need help with technical/operational issues, please go to the TRICARE Manuals Online Frequently Asked Questions page.

The appearance of hyperlinks to external websites does not constitute endorsement by the DHA of these websites or the information, products or services contained therein. For other than authorized government activities, the DHA does not exercise any editorial control over the information you may find at other locations. Such links are provided consistent with the stated purpose of this DoD website.

v4.6.7755.23747

DHA Address: 7700 Arlington Boulevard | Suite 5101 | Falls Church, VA | 22042-5101

Some documents are presented in Portable Document Format (PDF). A PDF reader is required for viewing. Download a PDF Reader or learn more about PDFs.