Press Releases


For Immediate Release: Monday, April 02, 2007
Contact: CMS Media Relations


Today, the Centers for Medicare & Medicaid Services (CMS) announced that it is implementing a contingency plan for covered entities (other than small health plans) who will not meet the May 23, 2007, deadline for compliance with the National Provider Identifier (NPI) regulations under the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

The final rule establishing the NPI as the standard unique health provider identifier for health care providers was published in 2004 and requires all covered entities to be in compliance with its provisions by May 23, 2007, except for small health plans, which must be in compliance by May 23, 2008.

“The enforcement guidance released today clarifies that covered entities that have been making a good faith effort to comply with the NPI provisions may, for up to 12 months, implement contingency plans that could include accepting legacy provider numbers on HIPAA transactions in order to maintain operations and cash flows.” said CMS Acting Administrator Leslie V. Norwalk, Esq. 

The NPI is an identifier that will be used by covered entities to identify health care providers, eliminating the current need for multiple identifiers for the same provider.  The NPI replaces all “legacy” identifiers that are currently being used, such as Medicaid provider IDs, individual plan provider IDs, UPINs, etc., and will be required for use on health care claims and other HIPAA transactions.

CMS made the decision to announce this guidance on its enforcement approach after it became apparent that many covered entities would not be able to fully comply with the NPI standard by May 23, 2007.  This guidance would protect covered entities from enforcement action if they continue to act in good faith to come into compliance, and they develop and implement contingency plans to enable them and their trading partners to continue to move toward compliance. HHS recognizes that transactions often require the participation of two covered entities and that non-compliance by one covered entity may put the second covered entity in a difficult position.

The enforcement process is complaint driven and will allow covered entities to demonstrate good faith efforts and employ contingency plans. If a complaint is filed against a covered entity, CMS will evaluate the entity's "good faith efforts" to comply with the standards and would not impose penalties on covered entities that have deployed contingencies to ensure that the smooth flow of payment continues.  Each covered entity will determine the specifics of its contingency plan.  Contingency plans may not extend beyond May 23, 2008, but entities may elect to end their contingency plans sooner.  Medicare will announce its own contingency plan shortly.

CMS encourages health plans to assess the readiness of their provider communities to determine the need to implement contingency plans to maintain the flow of payments while continuing to work toward compliance.  Likewise, we encourage health care providers that have not yet obtained NPIs to do so immediately, and to use their NPIs in HIPAA transactions as soon as possible.  Applying for an NPI is fast, easy and free.  Visit the National Plan/Provider Enumeration System (NPPES) website at   

A critical aspect of implementing the NPI is the ability for covered entities to match a provider’s NPI with the many legacy provider identifiers that have been used to process administrative transactions.  CMS plans to make data available from the NPPES system that will assist covered entities in developing these “crosswalks.”

Further information concerning this issue is available on the CMS Web-site at  The site also contains contingency plan guidance for the industry in a document titled “Guidance on Compliance with the HIPAA National Provider Identifier Rule.”



Page Last Modified: 12/02/2011 12:00 PM
Help with File Formats and Plug-Ins

Submit Feedback