Skip to Content

About Us

The National Practitioner Data Bank (NPDB), or "the Data Bank," is a confidential information clearinghouse created by Congress with the primary goals of improving health care quality, protecting the public, and reducing health care fraud and abuse in the U.S. See Table 1 for information on who can query and report to the Data Bank.

Background

The NPDB is primarily an alert or flagging system intended to facilitate a comprehensive review of the professional credentials of health care practitioners, health care entities, providers, and suppliers; the information from the Data Bank should be used in conjunction with, not in replacement of, information from other sources.

Prior to May 6, 2013, "the Data Bank" referred to two separately operated Data Banks: the NPDB and the Healthcare Integrity and Protection Data Bank (HIPDB). While the NPDB and the HIPDB were established for different purposes, overlap existed in some reporting and querying requirements. To eliminate this duplication, Congress passed Section 6403 of the Affordable Care Act of 2010 (ACA), Public Law 111-148. As a result of this legislation, NPDB operations were consolidated with those of the former HIPDB. Information previously collected and disclosed by the HIPDB is now collected and disclosed by the NPDB.

The three significant laws that currently govern NPDB operations are summarized below. NPDB regulations implementing these laws are codified at 45 CFR Part 60.

Three Statutes Described Below

Title IV of Public Law 99-660, the Health Care Quality Improvement Act of 1986, as amended

The NPDB was originally established by Title IV of the Health Care Quality Improvement Act of 1986, Public Law 99-660. The intent of Title IV was to improve the quality of health care by encouraging State Licensing Boards, professional societies, hospitals, and other health care entities to restrict the ability of incompetent physicians, dentists, and other health care practitioners to move from state to state without disclosure or discovery of previous medical malpractice payment and adverse action history. These adverse actions include certain licensure, clinical privileges, and professional society membership actions, as well as Drug Enforcement Agency controlled substance registration actions and exclusions from participation in Medicare, Medicaid, and other Federal health care programs.

Section 1921 of the Social Security Act

Congress passed Section 5 of the Medicare and Medicaid Patient and Program Protection Act of 1987, Public Law 100-93 (Section 1921 of the Social Security Act) to provide protection from unfit health care practitioners to beneficiaries participating in the Social Security Act's health care programs and to improve the anti-fraud provisions of these programs. Congress later amended Section 1921 with the Omnibus Budget Reconciliation Act of 1990, Public Law 101-508, and with Section 6403 of the Affordable Care Act of 2010.

Information currently collected and disclosed by the NPDB under Section 1921 includes state licensure and certification actions against health care practitioners, entities, providers and suppliers; negative actions or findings by peer review organizations and private accreditation organizations; as well as certain final adverse actions taken by state law enforcement agencies, State Medicaid Fraud Control Units, and state agencies administering or supervising the administration of state health care programs. These final adverse actions include exclusions from a state health care program, health care-related criminal convictions and civil judgments in state court, and other adjudicated actions or decisions specified in regulations.

Section 1128E of the Social Security Act

The original purpose of Section 221(a) of the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (Section 1128E of the Social Security Act) was to establish a national data collection program, formerly known as the HIPDB, to combat health care fraud and abuse. Congress later amended Section 1128E with Section 6403 of the Affordable Care Act of 2010, which consolidated NPDB and HIPDB operations.

Section 1128E information is now collected and disclosed by the NPDB and includes certain final adverse actions taken by Federal Government agencies and health plans against health care practitioners, providers, and suppliers. This information consists of Federal licensing and certification actions, exclusions from participation in a Federal health care program, health care-related criminal convictions and civil judgments, and other adjudicated actions or decisions specified in regulations.

Confidentiality of NPDB Information

Information reported to the Data Bank is considered confidential and shall not be disclosed except as specified in the Data Bank regulations. The U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) has the authority to impose civil money penalties on those who violate the confidentiality provisions of NPDB information. Persons or organizations that receive information either directly or indirectly are subject to the confidentiality provisions specified in the NPDB regulations and the imposition of a civil money penalty of up to $11,000 for each offense if they violate those provisions. When an authorized agent is designated to handle NPDB queries, both the initiating entity and the agent are required to maintain confidentiality.

Pursuant to the requirements of the Privacy Act of 1974 (5 U.S.C. 552a), the U.S. Department of Health and Human Services has published a Privacy Act Systems of Record Notice (09-15-0054) describing the National Practitioner Data Bank (NPDB) system of records. As is indicated by 45 CFR Section 5b.11, the NPDB system of records has been exempted from certain Privacy Act access and amendment requirements and access and correction rights are governed by the NPDB regulations. The confidentiality provisions prohibit the release of the report submitted to the Data Bank. These provisions, though, do not apply to the original documents or records from which the reported information is obtained. The NPDB's confidentiality provisions do not impose any new confidentiality requirements or restrictions on those documents or records. Thus, the confidentiality provisions do not bar or restrict the release of the underlying documents, or the information itself, by the entity taking the adverse action or making the payment in settlement of a written medical malpractice complaint or claim. So, for instance, if a state FOIA law requires the release of records, while it may require the release of the records underlying the report, it would not permit the release of the NPDB report itself. The enabling statutes for the Data Bank do not allow disclosure to the general public. The general public may not request information from the Data Bank that identifies a particular health care practitioner, provider, or supplier from the NPDB.

NPDB Security

The NPDB maintains a comprehensive security system. Consistent with recognized standards and guidelines, the Data Bank has rigorous operational, management, and technical controls that ensure the security of the system and protect the data in the system. Controls are also in place to ensure transactions over the Internet are secure and that sensitive financial and personal information is properly protected from unauthorized access. Safeguarding that confidential information includes proper and secure retrieval, handling, and disposal of the information. Taking the following actions helps to ensure Data Bank security.

Table 1. Summary of NPDB Reporting Requirements and Query Access
Legislation Who Reports? What Information is Reported? Who is Reported? Who May Query/ Request Information?
Title IV
  • Medical malpractice payers
  • Medical malpractice payments
  • Practitioners
  • Hospitals (required by law)
  • Other health care entities with formal peer review
  • Professional societies with formal peer review
  • State Medical and Dental Boards and other State Licensing Boards
  • Plaintiff's attorney/pro se plaintiffs (limited circumstances)
  • Health care practitioners (self-query)
  • Researchers (De-identified statistical data only)
  • State Medical and Dental Boards
  • Adverse licensure actions (including but not limited to network participation and panel membership)
  • Physicians and dentists
  • Hospitals
  • Other health care entities with formal peer review
  • Adverse clinical privileges actions
  • Physicians and dentists
  • Other practitioners (optional)
  • Professional societies with formal peer review
  • Adverse professional society membership actions
  • Physicians and dentists
  • Other practitioners (optional)
  • Drug Enforcement Administration
  • DEA controlled substance registration actions
  • Practitioners
  • HHS Office of Inspector General
  • Exclusions from Medicare, Medicaid and other Federal health care programs
  • Practitioners
Section 1921
  • Peer review organizations
  • Negative actions or findings by peer review organizations
  • Practitioners
  • Hospitals and other health care entities*
  • Professional societies with formal peer review*
  • Quality Improvement Organizations*
  • State Licensing and Certification Authorities
  • Agencies administering Federal health care programs, including private entities administering such programs under contract
  • Federal Licensing and Certification Agencies
  • Health plans
  • State law enforcement agencies***
  • State Medicaid Fraud Control Units***
  • State agencies administering or supervising the administration of state health care programs***
  • Federal law enforcement officials and agencies
  • Health care practitioners, health care entities, providers, suppliers (Self-Query)
  • Researchers (de-identified, statistical data only)
  • Private accreditation organizations
  • Negative actions or findings by private accreditation organizations
  • Health care entities, providers, suppliers
  • State Licensing and Certification Authorities
  • State licensure and certification actions
  • Practitioners, health care entities, providers, suppliers
  • State law enforcement agencies***
  • State Medicaid Fraud Control Units***
  • State agencies administering or supervising the administration of state health care programs***
  • Exclusions from a state health care program
  • Health care-related civil judgments in state court
  • Health care-related state criminal convictions
  • Other adjudicated actions or decisions
  • Practitioners, providers, suppliers (all actions)
Section 1128E
  • Federal Government agencies
  • Health plans
  • Federal licensure and certification actions **
  • Exclusions from a Federal health care program**
  • Health care-related Federal or state criminal convictions**
  • Health care-related civil judgments in Federal or state court
  • Other adjudicated actions or decisions
  • Practitioners, providers, suppliers (all actions)

*These entities have access to all information reported under Section 1128E and limited information under Section 1921.
**Reported by Federal Government agencies only.
***The NPDB regulations define "state law or fraud enforcement agency" to include but not to be limited to these entities.

The NPDB is prohibited by law from disclosing information on a specific practitioner, provider, or supplier to a member of the general public. However, persons, researchers, or organizations can request information in a form that does not identify any particular organization or practitioner. Descriptive and summary statistical information is readily available on the Data Bank website to assist researchers and other interested individuals or organizations. To learn more, see Public Information.

Customer Service Center

Useful Links

Viewers & Players | Privacy Policy | Disclaimers | Accessibility

HRSA | HHS | Freedom of Information Act | USA.gov | WhiteHouse.gov | Recovery.gov