Authorized Agents

Eligible entities may elect to have outside organizations query or report to the NPDB-HIPDB on their behalf. Such an outside organization is referred to as an authorized agent. In most cases, an authorized agent is an independent contractor used for centralized credentialing, for example, a county medical society or State hospital association. View the list of Authorized Agents by State.

If the entity decides to authorize an agent to query and/or report on its behalf, both the entity and the agent must be registered with the Data Banks. Any entity or agent organization that is not registered with the Data Banks must register on-line. See the Fact Sheet on On-Line Authorized Agent Registration PDF Document and the Fact Sheet on On-Line Entity Registration PDF Document for additional information.

Entities should ensure that certain guidelines are followed when designating an authorized agent to query or report on their behalf. The entity should establish a written agreement with an authorized agent confirming the following:

  1. The agent is authorized to conduct business in the State.
  2. The agent’s facilities are secure, ensuring the confidentiality of NPDB-HIPDB query responses.
  3. The agent is explicitly prohibited from using information obtained from the NPDB-HIPDB for any purpose other than that for which the disclosure was made.
  4. The agent is aware of the sanctions that can be taken against him/her if information is requested, used, or disclosed in violation of NPDB-HIPDB provisions.

Designating an Agent

Before an authorized agent may submit queries on behalf of an entity, the entity must designate the agent by completing an on-line Authorized Agent Designation, through the IQRS. The eligible entity must indicate if query responses should be sent to the entity or the authorized agent.

Since confidential NPDB-HIPDB information may be routed to authorized agents, they are assigned a Data Bank Identification Number (DBID). An authorized agent should have only one DBID, even though more than one entity may designate the agent to query the NPDB-HIPDB. If an authorized agent has been issued more than one DBID, he or she should immediately alert the NPDB-HIPDB, identify which DBID will be used, and request that any other DBIDs be deactivated.

An eligible entity that has designated an authorized agent is permitted to query the Data Banks directly. Responses to queries submitted by the entity will be sent to the entity, regardless of routing designation.

Agent Queries

The NPDB-HIPDB’s response to a query submitted by an authorized agent on behalf of an entity is based upon two eligibility standards: (1) the entity must be entitled to receive the information, and (2) the agent must be authorized to receive that information on behalf of that entity. Both the entity and the agent must be properly registered with the Data Banks prior to the authorized agent’s query submission.

Authorized agents cannot use a query response on behalf of more than one entity. The Data Banks regulations specify that information received from the NPDB-HIPDB must be used solely for the purpose for which it was provided. If two different hospitals designate the same authorized agent to query the Data Banks on their behalf, and both hospitals wish to request information on the same subject, the authorized agent must query the Data Banks separately on behalf of each hospital. The response to an NPDB-HIPDB query submitted for one hospital cannot be disclosed to another hospital.

For more information on authorized agents, see the Fact Sheet on Authorized Submitters and Agents PDF Document, the NPDB Guidebook, and the HIPDB Guidebook.