An official website of the United States government.
NPDB Insights - February 2024
Is It Reportable?
When does the review of an application for reappointment become an investigation if the physician resigns before final action is taken on the reappointment application? For example, if a physician discloses on an application for reappointment that she has been a defendant in three malpractice cases during the last 2 years, and the credentials committee requests additional information about the cases, has an ongoing "routine review" become an "investigation?"
It depends. A routine or general review is not considered an investigation. So, for example, if all practitioners are automatically or routinely asked for additional information when they are defendants in a certain number of malpractice cases, this type of request probably would not be considered an investigation. Therefore, the resignation would not be reportable. However, if officials at the reappointing hospital had specific concerns about this practitioner's competence based on the number or severity of the medical malpractice cases, then the inquiry appears to deviate from routine review, is focused on a particular practitioner, and concerns competence and conduct issues. In this situation, the activity may be seen as an investigation, and, if so, the resignation would be reportable.
Identity Verification Is Coming to the NPDB
To meet current cybersecurity standards, the NPDB will require identity verification for all user accounts. Identity verification means you must provide a valid government-issued ID and prove your identity. Beginning April 25th, 2024, users must enable MFA in order to access the NPDB. Additionally, organization users may complete identity verification beginning that same day. Identity verification will be required later this year. We will notify you before it becomes mandatory.
Identity verification helps to ensure that only authorized users are able to access their NPDB accounts, making it more difficult for hackers and bad actors to access user accounts and information.
How to Verify Your Identity
In order to verify your identity, you must first enable multi-factor authentication, or MFA, if you have not done so.
If you access MFA through ID.me, you will verify your identity through ID.me. If you use a PIV card or CAC to sign into your account, the MFA credential you linked already includes your verified identity, and no additional action is required.
ID.me offers several options for identity verification. For most users, the fastest option takes only a few minutes to complete. To finish the identity verification, you will need three items:
- A mobile phone that belongs to you and has a camera, or a computer with a webcam
- A government-issued photo ID (U.S. driver's license, state ID, U.S. passport, or U.S. passport card)
- Your Social Security Number
To complete identity verification, you will take a photo of your ID and then take a photo of yourself. ID.me will validate your ID and compare it to the photo. Next, you will enter your Social Security Number. ID.me will verify that it matches your validated ID. A success message is displayed once everything is complete.
Sharing Query Responses
The NPDB has strict confidentiality provisions in place to ensure report content is protected. These allow entities to share information they receive from the NPDB only with those involved in the investigation or peer review process for which the query result was provided.
One Query Per Decisionmaking Body
Centralized health systems operate with one unified medical staff and decision-making body. If a health system has one credentialing office, but separate decision-making bodies, it is not a centralized health system.
When there is one decisionmaking body, a single query can be run for a practitioner for the entire health system. To be considered a centralized health system, your organization must have all of the following:
- Centralized credentialing
- A centralized peer review process
- One decision-making body
- One unified medical staff
When a health system operates with independent medical staff and decision-making bodies, each medical staff is a distinct entity and must query separately on a single practitioner. Each facility is prohibited from sharing query responses or any related reports with anyone not involved in the process for which the query response was requested.
Shared Query Responses with the Query Subject
An organization may share the results of a query response with the subject after redacting all of the organization's information from the response.
Other Sharing Examples
A health plan delegates its credentialing to a hospital. The hospital may not provide a query response to the health plan because the health plan is neither responsible for the credentialing nor part of the hospital's decision-making process.
Looking for more examples? Check out these NPDB Guidebook Q&As:
- During a hospital's credentialing process, an NPDB query is included in the material presented to the credentialing committee for peer review. A health care practitioner appeals a decision made by the credentialing committee, and the appeal goes to a separate review body that was not involved in the original decision. Is providing the NPDB query result to the appeal body a violation of NPDB confidentiality rules?
- A hospital merged with another hospital, and both have medical staff offices. Should they continue to query separately using two different DBIDs?
Dear NPDB
How Does Continuous Query Help Patient Safety?
The NPDB developed Continuous Query to help promote patient safety. Continuous Query supports organizations' ability to meet accreditation standards that require querying practitioners.
Continuous Query provides your organization with an initial query response AND alerts your organization to new reports regarding your enrolled practitioners for an entire year. The NPDB typically notifies you of a new report within minutes of receiving it. Users receive report notifications an average of 10 months sooner using Continuous Query!
A one-year Continuous Query enrollment is $2.50 per practitioner, the same cost as a single One-Time Query. If your organization is not using Continuous Query, consider activating it today.
Designating Successors
There are many reasons why an entity may want to deactivate a DBID; for example, the entity may have merged with another organization.
If your entity is sold to another organization, you may need to update your registration profile. This may include designating a successor, registering a new DBID, or updating other information in your profile.
To deactivate your DBID and designate a successor, you must send a letter to the NPDB via email or mail on your company letterhead with the following information:
- Specify the DBID that needs to be deactivated and state the reason
- Provide the successor account's name and DBID
- Include the signature and contact information for your certifying official
Note: The successor entity must already be registered with the NPDB before beginning the deactivation and succession process.
Contact the Customer Service Center for questions about deactivating a DBID and designating a successor.
The latest updates and resources are available at https://www.npdb.hrsa.gov.
Previous editions of NPDB Insights are available in our archive.
