| TD: Bona Fides for Health Care Provider

Bona Fides for Health Care Provider, v1.0

Defines the requirement for verifying that an organization is a health care provider under HIPAA law by verifying the National Provider Identifier requirement.

At least one NPI must be provided by the health care provider to the assessor and must be verified at the NPPES NPI Registry at https://npiregistry.cms.hhs.gov/ or similar resource.

Assessment Step

1 Verify NPI (VerifyNPI) Does the health care provider have one or more valid and verified HIPAA National Provider Identifiers? Artifact A1 Provide a document provided by the health care provider, retrieved from the NPI Registry or generated by the assessor that shows the organization's name, address, and associated NPI number(s).

The standard unique health identifier for health care providers is the National Provider Identifier (NPI). The NPI is a 10-position numeric identifier, with a check digit in the 10th position, and no intelligence about the health care provider in the number.

Conformance Criteria (1)

NPI Verification Health care provider must have one or more National Provider Identifier (NPI) per the provisions of the HIPAA act and assigned by the Centers for Medicare & Medicaid Services (CMS) National Plan and Provider Enumeration System (NPPES). An Individual Provider has only a single unique NPI, while an organization may have multiple unique NPIs for their subparts. Citation HIPAA-Administrative-Requirements 45 CFR Section 162.406

Show Metadata, Sources & Terms

Hide Metadata, Sources & Terms

Metadata

Identifier

https://artifacts.trustmarkinitiative.org/lib/tds/bona-fides-for-health-care-provider/1.0/

Publication Date

2017-02-17

Issuing Organization

Trustmark Initiative (https://trustmarkinitiative.org/) View Contact

Trustmark Support

help@trustmarkinitiative.org

555-555-5555

No Mailing Address

Keywords

Health Care, HIPAA

Issuance Criteria

yes(ALL)

Target Stakeholder

Health care related organizations that use protected health information (PHI) in a manner that is subject to regulations in the Health Insurance Portability and Accountability Act (HIPAA).

Target Recipient

Health care related organizations that want to demonstrate that they use, disclose, process and store protected health information (PHI) in a manner that complies with HIPAA regulations 45 CFR Parts 160 - 164.

Target Relying Party

Health care related organizations and individuals that require their trusted partners' privacy and security policies and procedures to comply with the Health Insurance Portability and Accountability Act (HIPAA).

Target Provider

Organizations that audit or evaluate health care related organizations for compliance with privacy and security policies and procedures in the Health Insurance Portability and Accountability Act (HIPAA).

Provider Eligibility Criteria

Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.

Assessor Qualifications

Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.

Trustmark Revocation Criteria

For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.

Extension Description

This Trustmark Definition requires no extension data.

Legal Notice

This artifact is published by the Georgia Tech Research Institute (GTRI) as part of the Trustmark Initiative. This artifact and the information contained herein is provided on an "AS IS" basis, and GTRI disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, GTRI disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.

Sources (1)

HIPAA-Administrative-Requirements	HIPAA Administrative Requirement, published by U.S. Dept of Health and Human Services, available at http://www.hhs.gov/hipaa/for-professionals

Also available as XML or JSON