Text Size

A A A  


Hospitals are health care entities that provide inpatient services as described in paragraphs (1) and (7) of Section 1861(e) of the Social Security Act. Hospitals are the only health care entities mandated by federal law to query the NPDB. Hospitals must query when physicians, dentists, and other health care practitioners apply for medical staff appointment (courtesy or otherwise) or for clinical privileges, and then every two years thereafter.

Attestation for Hospitals and the NPDB

Attestation is our national education and outreach effort to ensure that all eligible entities are meeting their reporting and querying requirements. During attestation, Data Bank administrators attest that their organization has submitted all reportable actions to the NPDB and queried as required by law.

Every 2 years hospitals will update their profiles and complete attestation during the registration renewal process. Attestation confirms that hospitals have submitted all required reports over the previous 2-year time frame.

Hospitals are notified by email when it is time to renew their registrations, update their profiles, and complete attestation. The NPDB sends a 60-day reminder email to the Data Bank administrator prior to the organization's registration and attestation due date. If your hospital does not receive a notification, then your renewal is not currently due. If your hospital is asked to attest, detailed instructions for attestation are available when you sign in to your account to renew.

To find your specific registration renewal date, complete the following steps:

  1. Sign in to the NPDB.
  2. The renewal date is displayed on the lower left hand side of the Entity Registration Confirmation page.

All information submitted to the NPDB is considered confidential. This information may not be disclosed except as specified in the NPDB statutes and regulations. The confidential receipt, storage, and disclosure of information are essential to NPDB operations.

Do you have a question about Attestation?    

Learn More


Maintaining complete, accurate, timely and reliable information in the NPDB is only possible with the involvement of healthcare organizations. Your hospital has a vital role in ensuring that adverse information about practitioners' competence and conduct is readily available to the health care community through the NPDB. Timely submission of reports to the NPDB helps protect patient safety and the public.

Note: Hospitals may be subject to additional reporting requirements if they also meet the definition of another entity type such as a medical malpractice payer, health plan, or government agency.

Clinical Privileges Actions

Hospitals must report to the NPDB certain actions taken against health care practitioners, entities, providers, or suppliers. Hospitals are required to report to the NPDB under the authority of Title IV of Public Law 99-660.

Hospitals must report:

  • Professional review actions that adversely affect a physician's or dentist's clinical privileges for a period of more than 30 days, and
  • Acceptance of a physician's or dentist's surrender or restriction of clinical privileges while under investigation for possible professional incompetence or improper professional conduct, or in return for not conducting such an investigation, or not taking a professional review action that otherwise would be required to be reported to the NPDB.

Refer to the NPDB Guidebook: Chapter E, Reports, Reporting Adverse Clinical Privilege Actions for more information.

Medical Malpractice Payments

If a hospital is self-insured, medical malpractice payments must also be reported under Title IV of Public Law 99-660.

To be reported to the NPDB, a medical malpractice payment must be the result of a written complaint or a written claim demanding monetary payment for damages. The NPDB interprets this requirement to include any form of writing, including pre-litigation written communications. The NPDB, not any other entity, determines whether a written claim has occurred for purposes of filing a report.

A medical malpractice payment report (MMPR) is submitted on a particular health care practitioner, not an organization. In order for an MMPR to be submitted to the NPDB on a particular health care practitioner, the practitioner must be named, identified, or otherwise described in both the written complaint or claim demanding monetary payment for damages and the settlement release or final adjudication, if any.

A waiver of a debt is not considered a payment and should not be reported to the NPDB.

For a full description of the kinds of medical malpractice payments that must be reported to the NPDB, please review the NPDB Guidebook: Chapter E: Reports, Reporting Medical Malpractice Payments.

Civil Judgments, Panel Membership/Network Participation Actions, and Other Adjudicated Actions

If the hospital also functions as a health plan, or is a federal or state government agency, it may have additional reporting requirements. Please refer to the following sections of the NPDB Guidebook for assistance:

Health plans and federal and state government agencies report to the NPDB under the appropriate regulations.

Quick Links


Query Infographic Guides

Querying Infographics

Learn about querying the NPDB through our infographics.

How Many Queries Do I Need to Run?

How Many Queries Do I Need to Run?

An infographic that explains how many queries your organization needs to run.

Each hospital must request information from the NPDB as follows:

  • When a physician, dentist, or other health care practitioner applies for medical staff appointment (courtesy or otherwise) or for clinical privileges at the hospital, including temporary privileges.
  • Every 2 years on all physicians, dentists, and other health care practitioners who are on its medical staff (courtesy or otherwise), or who hold clinical privileges at the hospital.

The confidentiality provisions of Title IV, Section 1921, and Section 1128E allow an eligible entity receiving information from the NPDB to disclose the information to others who are part of an investigation or peer review process, as long as the information is used for the purpose for which it was provided. In those instances, everyone involved in the investigation or peer review process is subject to the confidentiality provisions of the NPDB.

Quick Links


All hospitals with a formal peer review process should be registered with the NPDB. Even if your hospital uses an agent or Credentials Verification Organization (CVO) to query the NPDB, your hospital must first register with the NPDB. After the registration process is complete, you may designate the agent or CVO to act on behalf of your organization.

Note: If your hospital is not owned and operated by a government agency, you should select "Private Sector Organization" on the Organization Information page, even if your organization receives federal or state funds.

Once your hospital is registered, each individual using the NPDB must have a unique user ID assigned by their administrator in the NPDB system. Users cannot share user IDs and/or passwords.

Quick Links


NPDB Guidebook Q&As