Authorized Agents
Eligible entities may elect to have outside organizations query
or report to the NPDB-HIPDB on their behalf. Such an outside organization
is referred to as an authorized agent. In most cases, an authorized
agent is an independent contractor used for centralized credentialing,
for example, a county medical society or State hospital association. View the list
of Authorized Agents by State.
If the entity decides to authorize an agent to query and/or report
on its behalf, both the entity and the agent must be registered
with the Data Banks. Any entity or agent organization that is not
registered with the Data Banks must register on-line. See the Fact
Sheet on On-Line Authorized Agent Registration  and the Fact
Sheet on On-Line Entity Registration for additional information.
Entities should ensure that certain guidelines are followed when
designating an authorized agent to query or report on their behalf.
The entity should establish a written agreement with an authorized
agent confirming the following:
- The agent is authorized to conduct business in the State.
- The agent’s facilities are secure, ensuring the confidentiality
of NPDB-HIPDB query responses.
- The agent is explicitly prohibited from using information obtained
from the NPDB-HIPDB for any purpose other than that for which
the disclosure was made.
- The agent is aware of the sanctions that can be taken against
him/her if information is requested, used, or disclosed in violation
of NPDB-HIPDB provisions.
Designating an Agent
Before an authorized agent may submit queries on behalf of an entity,
the entity must designate the agent by completing an on-line Authorized
Agent Designation, through the IQRS. The eligible entity must
indicate if query responses should be sent to the entity or the
authorized agent.
Since confidential NPDB-HIPDB information may be routed to authorized
agents, they are assigned a Data Bank Identification Number (DBID).
An authorized agent should have only one DBID, even though more
than one entity may designate the agent to query the NPDB-HIPDB.
If an authorized agent has been issued more than one DBID, he or
she should immediately alert the NPDB-HIPDB, identify which DBID
will be used, and request that any other DBIDs be deactivated.
An eligible entity that has designated an authorized agent is permitted
to query the Data Banks directly. Responses to queries submitted
by the entity will be sent to the entity, regardless of routing
designation.
Agent Queries
The NPDB-HIPDB’s response to a query submitted by an authorized
agent on behalf of an entity is based upon two eligibility standards:
(1) the entity must be entitled to receive the information, and
(2) the agent must be authorized to receive that information on
behalf of that entity. Both the entity and the agent must be properly
registered with the Data Banks prior to the authorized agent’s query
submission.
Authorized agents cannot use a query response on behalf of more
than one entity. The Data Banks’ regulations specify that information
received from the NPDB-HIPDB must be used solely for the purpose
for which it was provided. If two different hospitals designate
the same authorized agent to query the Data Banks on their behalf,
and both hospitals wish to request information on the same subject,
the authorized agent must query the Data Banks separately on behalf
of each hospital. The response to an NPDB-HIPDB query submitted
for one hospital cannot be disclosed to another hospital.
For more information on authorized agents, see the Fact
Sheet on Authorized Submitters and Agents , the NPDB
Guidebook, and the HIPDB Guidebook.
|
