Authorized Agents

To establish an authorized agent relationship, both the health care organization and the agent must be properly registered with the NPDB, and have a written contract in effect (with each authorizing health care organization) prior to the authorized agent's querying or reporting. Health care organizations and authorized agents complete different, separate registration forms.

Before an authorized agent submits queries on behalf of an eligible health care organization, the health care organization must designate the agent through the NPDB website. The designating organization can choose whether the queries and reports submitted by the agent are routed to the organization, the agent, or both. A health care organization that has designated an authorized agent can still query and/or report to the NPDB directly.

The initiating organization may also select how they wish to receive query and report output. For example, if an agent submits a successful query through the Querying and Reporting XML Service (QRXS), the initiating organization can elect to receive the query response through the NPDB website, or through QRXS.

It is important that health care organizations and their authorized agents follow the below rules and guidelines:

• The NPDB response to a query or report submitted by an authorized agent on behalf of a health care organization is based upon two eligibility standards:
  1. The initiating health care organization must be entitled to receive the information.
  2. The agent must be authorized to receive that information on behalf of that health care organization.
• An authorized agent should have only one DBID, even though more than one health care organization may designate that agent to query or report to the NPDB. If an authorized agent has been issued more than one DBID, he or she should immediately alert the NPDB, identify which DBID will be used, and request that any other DBIDs be deactivated.
• Authorized agents cannot share queries among their designating health care organizations. For example, if two different hospitals designate the same authorized agent to query the NPDB on their behalf, and both hospitals wish to request information on the same practitioner, the authorized agent must query the NPDB separately on behalf of each hospital. The response to a NPDB query submitted for one hospital cannot be disclosed to another hospital.

As part of the reporting and querying requirements, health care organizations are responsible for creating a written agreement between themselves and any authorized agents. The agreement should confirm the following:

• The agent is authorized to conduct business in the state.
• The agent's facilities are secure, ensuring the confidentiality of NPDB reporting and query responses.
• The agent is explicitly prohibited from using information obtained from the NPDB for any purpose other than that for which the disclosure was made.
• The agent is aware of the sanctions that can be taken against him/her if information is requested, used, or disclosed in violation of NPDB provisions.

Attestation

As part of the registration renewal process, authorized agents are asked to attest every 2 years. Attestation confirms that your organization has complied with all NPDB reporting, querying, and confidentiality requirements over the 2-year time frame. During attestation, your Data Bank administrator will confirm your organization's compliance.

How to Attest Attestation Infographic