An official website of the United States government.
When Can Query Responses Be Shared Within a Health Care System?
The information contained in NPDB reports is considered confidential, and may not be disclosed except as specified in NPDB regulations. The confidentiality provisions of Title IV, Section 1921, and Section 1128E allow an eligible entity receiving information from the NPDB to disclose the information to others who are part of the investigation or peer review process, as long as the information is used for the purpose for which it was provided. As an example, self-insured hospitals with separate accounts for the credentialing and risk departments have different purposes. If your organization queried a practitioner for credentialing purposes, the query response should only be used for credentialing purposes.
For example, NPDB query responses may be shared between health care sites within a health care system, provided the health care system:
- Provides for centralized credentialing;
- Has a centralized peer review process;
- Has one decision-making body; and
- Has one unified medical staff.
However, query responses may not be shared within a health care system if the health care sites comprising it:
- Make their own credentialing decisions;
- Grant privileges only at their own facilities; or
- Have an independent medical staff and decisionmaking body.
Sharing query responses and any accompanying reports with individuals or organizations outside of the querying organization's review process is prohibited. The strong security rules and limited access exist to not only protect the privacy of the individuals whose information resides within the NPDB, but also to help ensure the integrity of the information reported to the NPDB.
Related Guidebook Q&As
- During a hospital's credentialing process, an NPDB query is included in the materials presented to the credentialing committee for peer review. A health care practitioner appeals a decision made by the credentialing committee, and the appeal goes to a separate review body that was not involved in the original decision. Is providing the NPDB query result to the appeal body a violation of NPDB confidentiality rules?
- A hospital merged with another hospital, and both have medical staff offices. Should they continue to query separately using two different DBIDs?
