Text Size

A A A  


Hospitals are health care entities that provide inpatient services as described in paragraphs (1) and (7) of Section 1861(e) of the Social Security Act. Hospitals are the only health care entities mandated by federal law to query the NPDB. Hospitals must query when physicians, dentists, and other health care practitioners apply for medical staff appointment (courtesy or otherwise) or for clinical privileges, and then every two years thereafter.

Attestation for Hospitals and the NPDB

Attestation is our national education and outreach effort to ensure that all registered organizations are meeting their NPDB reporting, querying, and confidentiality requirements.

During attestation, hospitals' Data Bank administrators attest that their organization has submitted all reportable actions and medical malpractice payments to the NPDB. Administrators also confirm that their organization has completed all querying requirements as required by the federal laws governing the NPDB.

As part of the registration renewal process, every 2 years hospitals will update their hospital profile and complete attestation. The hospital profile​ confirms which professions the hospital grants privileges to and if the hospital provides self-insured, in-house medical malpractice coverage. Attestation confirms that the hospital has submitted all required reports and completed all querying requirements over a 2-year time frame.​​

Hospitals are notified by email when it is time to renew their registration, update their profile, and complete attestation. The NPDB will send a 60-day reminder email to the Data Bank administrator prior to the hospital's NPDB registration renewal/attestation due date. If your hospital has not received notification, then your renewal is not currently due. Detailed instructions for attestation will be available when you sign in to your NPDB account to renew.

To find the specific registration renewal date for your hospital:

  1. Sign in to the NPDB.
  2. The renewal date will display on the lower left hand side of the Entity Registration Confirmation page.

Do you have a question about Attestation?    

Learn More


Maintaining complete, accurate, timely and reliable information in the NPDB is only possible with the involvement of healthcare organizations. Your hospital has a vital role in ensuring that adverse information about practitioners' competence and conduct is readily available to the health care community through the NPDB. Timely submission of reports to the NPDB helps protect patient safety and the public.

Note: Hospitals may be subject to additional reporting requirements if they also meet the definition of another entity type such as a medical malpractice payer, health plan, or government agency.

Clinical Privileges Actions

Hospitals must report to the NPDB certain actions taken against health care practitioners, entities, providers, or suppliers. Hospitals are required to report to the NPDB under the authority of Title IV of Public Law 99-660.

Hospitals must report:

  • Professional review actions that adversely affect a physician's or dentist's clinical privileges for a period of more than 30 days, and
  • Acceptance of a physician's or dentist's surrender or restriction of clinical privileges while under investigation for possible professional incompetence or improper professional conduct, or in return for not conducting such an investigation, or not taking a professional review action that otherwise would be required to be reported to the NPDB.

Refer to the NPDB Guidebook: Chapter E, Reports, Reporting Adverse Clinical Privilege Actions for more information.

Medical Malpractice Payments

If a hospital is self-insured, medical malpractice payments must also be reported under Title IV of Public Law 99-660.

To be reported to the NPDB, a medical malpractice payment must be the result of a written complaint or a written claim demanding monetary payment for damages. The NPDB interprets this requirement to include any form of writing, including pre-litigation written communications. The NPDB, not any other entity, determines whether a written claim has occurred for purposes of filing a report.

A medical malpractice payment report (MMPR) is submitted on a particular health care practitioner, not an organization. In order for an MMPR to be submitted to the NPDB on a particular health care practitioner, the practitioner must be named, identified, or otherwise described in both the written complaint or claim demanding monetary payment for damages and the settlement release or final adjudication, if any.

A waiver of a debt is not considered a payment and should not be reported to the NPDB.

For a full description of the kinds of medical malpractice payments that must be reported to the NPDB, please review the NPDB Guidebook: Chapter E: Reports, Reporting Medical Malpractice Payments.

Civil Judgments, Panel Membership/Network Participation Actions, and Other Adjudicated Actions

If the hospital also functions as a health plan, or is a federal or state government agency, it may have additional reporting requirements. Please refer to the following sections of the NPDB Guidebook for assistance:

Health plans and federal and state government agencies report to the NPDB under the appropriate regulations.

Quick Links


Query Infographic Guides

Querying Infographics

Learn about querying the NPDB through our infographics.

How Many Queries Do I Need to Run?

How Many Queries Do I Need to Run?

An infographic that explains how many queries your organization needs to run.

Each hospital must request information from the NPDB as follows:

  • When a physician, dentist, or other health care practitioner applies for medical staff appointment (courtesy or otherwise) or for clinical privileges at the hospital, including temporary privileges.
  • Every 2 years on all physicians, dentists, and other health care practitioners who are on its medical staff (courtesy or otherwise), or who hold clinical privileges at the hospital.

The confidentiality provisions of Title IV, Section 1921, and Section 1128E allow an eligible entity receiving information from the NPDB to disclose the information to others who are part of an investigation or peer review process, as long as the information is used for the purpose for which it was provided. In those instances, everyone involved in the investigation or peer review process is subject to the confidentiality provisions of the NPDB.

Quick Links


All hospitals with a formal peer review process should be registered with the NPDB. Even if your hospital uses an agent or Credentials Verification Organization (CVO) to query the NPDB, your hospital must first register with the NPDB. After the registration process is complete, you may designate the agent or CVO to act on behalf of your organization.

Note: If your hospital is not owned and operated by a government agency, you should select "Private Sector Organization" on the Organization Information page, even if your organization receives federal or state funds.

Once your hospital is registered, each individual using the NPDB must have a unique user ID assigned by their administrator in the NPDB system. Users cannot share user IDs and/or passwords.

Quick Links


NPDB Guidebook Q&As