Social Security numbers should not be reported in National Plan & Provider Enumeration System (NPPES) fields that the Centers for Medicare & Medicaid Services (CMS) needs to make publicly available under the Freedom of Information Act, CMS officials said in a Nov. 26 bulletin.
CMS reports that some providers have been listing their own or their employees’ Social Security numbers in NPPES fields such as “Other Provider Identification Numbers,” “License Number” or “Employer Identification Number.”
CMS urges providers to check their NPPES records to confirm that they did not input Social Security numbers in fields that will be made available to the public, or to delete their Social Security numbers from such fields immediately.
To view NPPES records, go to https://nppes.cms.hhs.gov. Providers should not use monthly downloadable NPPES files to check for Social Security numbers , because in those files, CMS has been suppressing all nine-digit numbers in all publicly accessible fields in order to safeguard providers’ personal information.