Select Page

Chapter 20 Medical Practitioner Data Bank


Data Bank Statistics

Querying the Data Bank

Access to the Data Bank

Required Queries

Controlling Access

Disputing, Correcting, or Changing Reports

Physician Actions to Correct Data Bank Reports





The National Practitioner Data Bank (Data Bank) is a federal system of reporting and releasing reports on malpractice payments, peer review actions, and state licensure actions involving physicians and other health care practitioners. It was mandated by the federal Health Care Improvement Act of 1986 and became operational on September 1, 1990. The Data Bank is operated by the Division of Quality Assurance under contract with the U.S. Department of Health and Human Services (DHSS). Specific forms available from the Data Bank are used for reporting and querying. The fee for a query ranges from $2.00 to $10.00 depending on the payment method used, even if the query produces no results. Physicians making a query about themselves will not be charged the fee.

The Data Bank has issued a 1998 edition of the National Practitioner Data Bank Guidebook. The Guidebook may be viewed online or downloaded at the Division of Quality Assurance website,

The address for the Data Bank is: National Practitioner Data Bank, PO Box 10832, Chantilly, VA 22021. The Data Bank help line phone number is (800) 767-6732.

There are three mandatory reporting obligations to the Data Bank:

1)         Malpractice Payments: Any amount paid by an entity (such as an insurance company) on behalf of a physician or other health care practitioner in full or partial settlement or judgment of a written professional liability claim must be reported by that entity to the Data Bank within 30 days of the date the first payment after September 1, 1990, was made. Only payments originating after the above date are reported; therefore payments pursuant to an annuity which began before September 1, 1990, are not reportable even though payments are made after that date. Other that professional liability companies, self-insured entities or other entities that directly make a payment to a patient on a written claim of malpractice must also report that payment. (42 U.S.C. 11131)

2)         Peer Review Actions: Certain adverse peer review determinations involving physicians or dentists, including actions affecting clinical privileges and professional society review actions which adversely affect membership in that society must be reported to the Data Bank. (42 U.S.C. 11133)

3)         Licensure Sanctions: State licensing boards are required to report any action taken which revokes or suspends (or otherwise restricts) a physicians license or censures, reprimands, or places on probation a physician, for reasons relating to the physician’ss professional competence or conduct. (42 U.S.C. 11132)


The Data Bank also includes information on Medicare Exclusions and DEA Revocations. Medicare exclusions are placed in the Data Bank under an agreement with the Office of the Inspector General and are updated monthly. Reinstatements are also posted. Whenever the Drug Enforcement Agency takes action to revoke the DEA registration of a practitioner, this information is added to the Data Bank.

Data Bank Statistics

From September 1, 1990 to December 31, 1990, there were a total of 176,603 reports filed with the Data Bank. Malpractice reports accounted for 136,624 or about 77% of these. Medicare exclusions accounted for 7,831 reports or about 4%, and 32,148 reportable actions accounted for the approximately remaining 18% of the reports. Of these reportable actions, 24,803 were for licensure actions, 6,892 were for clinical privileges, 277 were for professional society membership, and 176 were for DEA actions.

Querying the Data Bank

Hospitals must request information on all health care practitioners, not just physicians, who are on the medical staff or have privileges. Other health care entities may request information concerning health care practitioners with whom they have or are contemplating employment or affiliation arrangements. Professional societies may request information concerning applicants or members involved in disciplinary actions. Also, all interested federal agencies and enforcement branches may have the ability to query the Data Bank.

Malpractice plaintiffs may obtain access to the Data Bank, but only when they are able to provide proof that the hospital or medical staff has failed to contact the Data Bank in response to an application or recredentialing request. That proof cannot come from the Data Bank itself, but must be obtained from the hospital through normal discovery channels. When access is authorized, a fairly rare instance, it is limited to a one-time disclosure. Further, when used by malpractice plaintiffs, the physicians file can be used against the hospital only, and any other use subjects the plaintiffs attorney and the plaintiff to severe civil penalties.

Finally, physicians may access the Data Bank to query their own files. Whenever a report is processed by the Data Bank, the named physician will be sent a notification, and thus should be aware of the contents of his Data Bank file. The Data Bank issues a Practitioner Identification Number and password to all practitioners who have been entered into the Data Bank by an eligible reporting entity. Physicians do not have to pay a fee to access their own files.

To self-query the Data Bank, a physician may call the toll free number at (800) 767-6732. A physician may also submit a self-query through an entity, state board, or authorized agent who uses the Data Bank software. Self-query forms may also be obtained from the Data Banks website at

The self-query process takes 15-20 days to process before the response is mailed to the physician.

Access to the Data Bank

The information in the Data Bank is confidential and intended for authorized entities only. The regulations governing the Data Bank were intended to guard against unwanted invasions of privacy and potential misinterpretations of information which could adversely affect a practitioners reputation or his ability to practice. Therefore, all of the entities who are authorized to access the Data Bank must have in place a formal peer review process that would afford a practitioner due process in connection with any adverse action that might be taken based on information received from the Data Bank. It is probably inappropriate that physicians be requested to self-query the Data Bank on behalf of a health care plan, as the entity likely does not conduct formal peer review and the report may not be immune from discovery, if used.

Federal law prohibits the disclosure of Data Bank reports in response to a subpoena. (42 C..F.R. 1003.102(c)(2)) However, other disclosures which are authorized by state law are permitted. Physicians are advised, therefore, to disclose these reports only to entities that are immune from discovery under applicable state law, if any. Even possession of a self-queried report may open a physician to discovery of the report, as the state of the law is unclear, and physicians who self-query may not benefit from federal confidentiality protections.

Physicians who are asked to provide any entity with a copy of a Data Bank self-query report should first ask the entity to provide them with written documentation of the following: 1) that the requirement of a self-query will be in compliance with the intent and protections of the Data Bank; 2) That the report will be used strictly for quality assurance purposes; 3) that the report will be kept and maintained exclusively as part of the peer review committee records; 4) the peer review committee will exert all protections available under state law in the event that anyone tries to obtain discovery of the document; 5) the plan will protect the confidentiality of the report to the fullest extent permitted by the Health Care Quality Improvement Act.

Required Queries

A hospital must request information from the Data Bank when a physician or other health care practitioner applies for a position on its medical staff or for clinical privileges and every two years thereafter for all its health care practitioners who are on its medical staff or have clinical privileges at the hospital. Queries need not be submitted for trainees in structured programs of supervised graduate medical education, but must be submitted for house staff who obtain clinical privileges to engage in patient care outside the residency program. Hospitals must also query the Data Bank each time a physician requests additional privileges.

Hospitals are not required to maintain records of their requests for information. Nonetheless, they should maintain such records to protect themselves from liability, particularly if they grant temporary privileges before receiving a full report. Responses from the Data Bank should be maintained in the credential files, even when the response received stated that there were no Data Bank reports on the practitioner.

The Data Bank is only one tool to be used in the credentialing process, and should not be viewed as a replacement for other forms of review, including extensive independent investigations of the qualifications of health care providers. Although hospitals are required to query the Data Bank, they are not explicitly required to wait for a response before making their decision. If, however, privileges are granted before the Data Banks response is received and a negative Data Bank report is subsequently received, those facts may warrant taking action to restrict or terminate privileges granted, which may give the physician rights to a hearing and appeal under state laws. Even if appropriate steps are taken to restrict or terminate privileges after receipt of an adverse Data Bank report, the hospital may face an increased risk of liability if a patient is injured by the practitioner before the restriction or termination occurs. Therefore, hospitals should be aware that there is likely some risk involved with granting privileges and taking all credentialing steps before receiving a response from the Data Bank.

In general, most medical groups, HMOs and PPOs are not required to query the Data Bank. However, if they have a formal peer review process, they will likely have access to the Data Bank. Because recent trends shows an expansion in the types of entities liable for tort damages, these entities should query the Data Bank if they have a formal peer review process in place.

Most health care entities can use an authorized agent to query the Data Bank for them. The authorized agent must be registered with the Data Bank, must be designated by the entity as the authorized agent to interact with the Data Bank on its behalf, and must submit a separate request for each entity. Entities who intend to use an agent should have the agent agree in writing to all of the following:

1)         the agent is authorized to conduct business in the state.

2)         the agents facilities are secure and procedures are in place to ensure confidentiality of Data Bank information.

3)         the agent is explicitly prohibited from using information obtained from the Data Bank for any purpose other than that for which the disclosure was made.

4)         the agent has reviewed the Data Bank regulations and most recent Guidebook and is aware of the sanctions for violations of the confidentiality requirements.

Controlling Access

The Data Bank issues Entity Identification Numbers, access passwords, electronic mailbox numbers, and access codes to entities when they register with the Data Bank. Each entity has a representative responsible for certifying the legitimacy of the information reported to or requested from the Data Bank. Access is granted based on the certification of the entity that it is authorized to request and receive information from the Data Bank. Although significant penalties apply to entities who access the Data Bank without authorization, unauthorized access remains an issue to be resolved.

Disputing, Correcting, or Changing Reports

Federal law allows only limited opportunities to change information contained in the Data Bank and almost no opportunity to remove a Data Bank record. When the Data Bank receives a report, it sends the reporting entity a verification document and sends the physician who is the subject of the report a notification report. Physicians who note any inaccuracies should immediately bring those to the attention of the reporting entity and ensure that the entity submits a correction. If corrections are made, the Data Bank will notify those who received incorrect information of the corrected record.

Health care entities may request the reports be voided at any time. For instance, an entity can void a report if it is filed on the wrong practitioner, filed prematurely on a proposed action which is subsequently not taken, or filed by an entity that is ineligible. When a report is voided, the Data Bank will notify those who have received the incorrect information.

Persons or entities that report information are mandated by law to report corrections or additions as soon as possible after an error is discovered. Reporting entities should carefully review the verification document as soon as it is received and correct errors, preferably by annotating the verification document. They must also report revisions to previous actions in a timely manner.

An individual or entity that reported information on licensure or clinical privileges also must report any revision of the initially reported action. These revisions include reinstatement of a license, clinical privileges, or professional society membership, and reversal of a professional review action. Revisions by these entities are subject to the same reporting deadlines, procedures, and sanctions as the original actions.

Revisions may occur as a result of a physicians legal challenge to the original reported action. The court that issues the order does not report the revision if the physician prevails; instead the entity that reported the action bears that responsibility. Moreover, the original action will not be expunged from the Data Bank even if the physician obtains a full reversal in court. All that occurs is that the report of the revision is added to the physicians file. Unlike corrected and voided reports, revision reports are not sent to those who previously queried a physicians file, so physicians who obtain a reversal of the action against them may wish to notify interested parties of the revision.

Physician Actions to Correct Data Bank Reports

Only reporting entities are permitted to make changes to information reported to the Data Bank. A physician who wishes to dispute the accuracy of a report should therefore first attempt to persuade the entity to correct the report. If he is unsuccessful, the physician may: (1) add a practitioner statement; (2) initiate a formal dispute; or (3) add a practitioner statement and initiate a formal dispute.

A physician may dispute the accuracy of a report, including whether the report was filed in accordance with correct reporting requirements, with sixty days from the process date shown on the notification report. The dispute may include challenging the eligibility of the reporting entity to make a Data Bank report, and challenging the accuracy of the reporting code and the narrative description. However, the practitioner may not dispute a decision by an insurer to settle a claim or to appeal the underlying reasons for an adverse action affecting his clinical privileges, license, or professional society membership.

The physician must then attempt to discuss the dispute with the reporting entity. They should also carefully document their attempts to resolve the matter with the reporting entity in a letter sent to the Secretary and to the reporting entity, although this is not specifically required by law. If the information is corrected by the entity in response to the physicians dispute, the Secretary will notify all other entities to whom reports have been sent. Also, if a report corrected by the reporting entity is still inaccurate, the physician may initiate another dispute of the corrected report by using the Document Control Number assigned to the corrected report.

The regulations do not require health care entities to establish a specific procedure for resolving physicians disputes with Data Bank reports. Physicians may meet the requirement for dispute resolution by merely attempting to discuss the reasons for the dispute with the entity, even though the entity refuses to discuss the matter with the physician. Medical staffs and other professional review bodies may wish to incorporate into medical staff bylaws, policies and procedures establishing a standard procedure governing discussions with practitioners regarding Data Bank reports. A standard procedure ensures that the disputes are uniformly handled, protecting the individual and reducing the possibility that the entity will be accused of discrimination in handling individual disputes.

If the reporting entity does not revise the information, the Secretary will, upon the physicians request, review the information submitted by both parties. The physician must wait at least thirty days after initiating discussions with the reporting entity before bringing the case to the Secretary. The Secretary will either revise the information, or, if it concludes that the original report was accurate, include in the physicians Data Bank file a brief statement by the physician describing the dispute and an explanation of the basis for the conclusion that the report was accurate.

To initiate a review with the Secretary, the physician must sign and return the Report Revised, Voided or Status Changed document related to the disputed report and also submit:

1)         A statement of which facts are in dispute and what the physician believes to be the correct facts;

2)         Pertinent documentation, not to exceed ten pages, including attachments and exhibits, substantiating the physicians position (a copy of the judicial review committees or Boards final decision, the settlement, judgment, etc.); and

3)         Proof that the physician attempted to, but was unsuccessful in resolving the dispute with the reporting entity (copies of relevant correspondence).

If the physician disagrees with the Secretarys resolution of the matter, he may request in writing that the Secretary reconsider the determination.

Entirely separate from, and in addition to, the formal dispute process, is a physicians ability to submit a statement on his own behalf to his file. A physician may submit an explanatory statement up to 2000 characters in length that explains any report of which he is the subject, including reports filed in the past. These statements will become a permanent part of the practitioners file. Physicians who intend to file a formal dispute may also wish to file an explanatory statement for their Data Bank file.


Reportable Actions


A malpractice settlement or court judgment even if it includes a stipulation that the terms are kept confidential.

Structured settlements where initial payment was made on or after September 1, 1990.

Payment made on each practitioner involved in a multiple claim of malpractice.

Malpractice payment on behalf of house staff.

Peer Review

Court ordered reversal of professional review action (reportable as a revision)

Denial of some of the clinical privileges requested, if based on professional competence or conduct

Revision of action involving an allied health professional if original action was previously reported

Reinstatement of privileges after suspension expires (reportable as a revision)

Actions adversely affecting temporary privileges, if based on professional competence or conduct

Error discovered in the original report filed regarding an adverse action taken against a health care practitioner

Voluntary restriction or surrender of clinical privileges while under investigation or in return for not conducting an investigation

Denial of a physicians application for a medical staff appointment based on professional competence or conduct

Denial or restriction of a physicians request for clinical privileges based on an assessment of current competence

Denial of temporary privileges based on professional competence or conduct

Corrections of revisions of information already reported

Plea bargained resignation of privileges or membership while under investigation

The assignment of a proctor who must grant approval before certain medical care is administered by a physician because of competence concerns.

Non-Reportable Actions


Waiver or refund of a patients bill or fees, even if such action is done out of concern that the patient might otherwise sue for malpractice

Malpractice payments made in the name of a group, clinic, or professional corporation consisting of more than one practitioner

Structured settlement where the initial payment is made pursuant to an annuity before September 1, 1990

Payment made only on oral demands from a patient or claimant


Peer Review

Peer review investigations

Physician impairment or therapy for impairment if no professional review action is taken

Adverse peer review recommendations which are not adopted as final actions by the hospital board

Summary suspensions unless they last more than thirty days and are considered professional review actions under the bylaws

If a proctor is assigned to a physician recently granted privileges as a matter of routine policy, or if a proctor is assigned because of competency concerns, but the proctors approval is not required before care is provided

Voluntary restriction or surrender of clinical privileges while not under investigation

Denial of privileges because the entity already has too many specialists in the discipline

Suspension of privileges because of the failure to complete charts in accordance with facility policy

Automatic denial or suspension due to failure to maintain malpractice insurance, pay medical staff dues, or attend medical staff meetings

Withdrawal of application before final decision.


The Health Insurance Portability and Accountability Act of 1996 mandates reporting by state and federal government agencies and private health plans of final adverse actions against physicians and other practitioners to a new health care fraud national data bank. The same agency that operates the National Practitioner Data Bank, the Division of Quality Assurance of the U.S. Department of Health and Human Services, is responsible to maintain this new data bank, called the Healthcare Integrity and Protection Data Bank (HIPDB). Federal and state agencies and private health plans will have access to final adverse actions reported to the HIPDB. The reports required under this fraud and abuse data collection program are extremely varied, and they must be made regardless of whether the adverse action being reported in any way pertained to fraud and abuse activity. The reports include the following:

  1. a) civil or criminal judgments against a health care provider, supplier, or practitioner related to the delivery of a health care item or service.
  2. b) federal or State criminal convictions related to the delivery of a health care item or service.
  3. c) formal or official actions by state or federal agencies responsible for licensure, such as revocation of licensure, suspensions for any length of time, reprimand, censure, or probation.
  4. d) any loss of the right to apply for or renew a license, whether by operation of law, voluntary surrender, nonrenewability or otherwise.
  5. e) any other negative action by federal or state agencies that is publicly available.
  6. f) exclusion from participation in state of federal health care programs.
  7. g) any other adjudicated actions or decisions that DHHS establishes by regulation.

(42 U.S.C. 1320a-7e(g)(1)(A))

The report must contain the name and identity of the health care provider, the health care entity with whom the practitioner is affiliated (if any), the nature of the final adverse action (and whether it is on appeal), and a description of the acts or omissions and injuries upon which the action was based. Peer review actions by hospitals and other private entities do not fall within the Acts description of final adverse action, although these are not expressly excluded. Final adverse actions include settlements, but do not include settlements in which no findings or admissions of liability have been made. Actions taken with respect to a malpractice claim are excluded from this reporting requirement. (42 U.S.C. 1320a-7e(g)(1))

The Act provides immunity for persons who provide specified information regarding final adverse actions pursuant to the Act, unless the information was false and the person providing the information had reason to believe that the information was false. Because the Act is only still beginning to be implemented as of 1999, much information as to the specific uses of the data and dispute resolution will likely be forthcoming in federal regulations and decisions, and physicians should seek competent representation when involved in this area of the law.