Mini image of an American Flag An official website of the United States government.

Icon of a government buiding.

Official websites use .gov

A .gov website belongs to an official government organization in the United States.

Icon of a lock box for secure website.

Secure .gov websites use HTTPS

A lock (  ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NPDB Insights - September 2023

Multi-Factor Authentication is Coming to the NPDB

The NPDB will soon invite you to sign into your NPDB account using multi-factor authentication, or MFA. Using MFA provides an extra layer of security, and you won't need a DBID or user ID to sign in! Learn more about enabling MFA.

Is It Reportable image

Is It Reportable?

After conducting a professional review of a surgeon's competence, a hospital assigned a surgical proctor for 60 days. The surgeon could not perform surgery without being granted approval by the surgical proctor. Is the hospital required to report this action to the NPDB?

Yes. Since the surgeon cannot practice surgery without approval from the proctor, this restriction of clinical privileges for more than 30 days must be reported.

NPDB Security Image

Help the NPDB Keep Your Information Secure!

The NPDB is committed to protecting the privacy and personally identifiable information, or PII, of all the NPDB's users and query and report subjects. As a federal program, the NPDB is required to protect the information we collect. Sending us unencrypted PII via email or fax makes your information vulnerable to hackers. In addition, it is never appropriate to send us protected health information, or PHI, such as patient records. The NPDB has extensive security controls that are tested and reviewed continually, which allow us to protect your PII and the PII of your query and report subjects.

All PII sent to the NPDB must be transmitted securely. Contact our Customer Service Center to discuss secure messaging or encryption options before sending PII or sensitive information to the NPDB.

Review the HHS Privacy Policy Notice and our NPDB Privacy Policy for more information on how the NPDB safeguards your information.

Remember! The NPDB will only ask you for your PII when you are already logged in to our secure system.

What is PII?

PII is any information that can be used to distinguish or trace an individual's identity, when used alone or in conjunction with other information. Specific PII examples include:

  • Social security number (even if partially masked)
  • Patient identification number
  • Personal address
  • Date of Birth
  • Taxpayer identification number
  • Financial account number or credit card number
  • Passport information
  • Driver's license number
  • Date of Death or Death Certificate number

Keeping your information safe and secure is vital to both your organization and the NPDB. Without proper security measures, PII can fall into the hands of hackers, putting both you and those you serve at risk.

Here are some information security do's and don'ts to help the NPDB keep your data and information safe.

  • Do submit PII only when logged into the NPDB's secure system.
  • Do make sure all of your passwords are unique to each of your logins and difficult for hackers to guess.
  • Do start using multi-factor authentication.
  • Don't send anything containing PII to anyone using standard, unsecured email.
  • Don't send any attachments that include an NPDB report or query results.
  • Don't send anything to anyone whose identity you cannot confirm.

By following our PII best practices, together we can keep NPDB information safe and secure!

Fast Fact

Prepay for Your Queries by Purchasing Query Credits!

Query credits allow your organization to pay for queries using prepaid credits, instead of paying on a transaction-by-transaction basis. Query credits can be used for One-Time Queries and Continuous Query enrollments or renewals.

How do I Use Query Credits?

Using your query credits is simple. When you have query credits, they are automatically used as your first form of payment and will be used until your credit balance is depleted. If your credits covered all of your queries in that transaction, your remaining balance will be applied to your next transaction.

Visit our How to Use Query Credits page for information on how to check your query credit balance or purchase query credits.

Note: Query credits must be exhausted before any other form of payment can be used; however, you still must enter a valid payment method in order to submit a query, even if your query credit balance covers the cost of your transaction.



How Do I Set Up a New Ambulatory Surgery Center with the NPDB?

Your health care entity must determine its eligibility before registering with the NPDB.

Ambulatory Surgery Centers may register with the NPDB as an other health care organization if they have a formal peer review process for the purpose of furthering health care quality. As defined at 45 CFR § 60.3 of the NPDB regulations, a formal peer review process is "the conduct of professional review activities through formally adopted written procedures which provide for adequate notice and an opportunity for a hearing."

Does my ASC need to set up a new DBID to register with the NPDB?

A newly registered ASC will almost always require a unique DBID. If a Hospital and ASC have the same governing body and medical staff (i.e., if you have privileges at the hospital you automatically have privileges at the ASC), or if you are registering your ASC in conjunction with another ASC, both can share the same DBID.

Have a Question or Suggestion for NPDB Insights?   

The latest updates and resources are available at

Previous editions of NPDB Insights are available in our archive.