HIPAA Rules

Software for HIPAA

Other Resources

Last updated


HIPAA Unique Identifier Rule (45 CFR Part 162)

As per CFR Title 45, PART 162-ADMINISTRATIVE REQUIREMENTS regulation, there are several unique identifiers required. The use of these identifiers will promote standardization, efficiency and consistency.

The unique identifiers under HIPAA regulations are:

Standard Unique Employer Identifier (EIN)
This is the same as the Employer Identification Number (EIN) used on an organization's federal IRS Form W-2. This identifies an employer entity in HIPAA transactions.

National Provider Identifier (NPI)
The NPI identifier is a unique 10-digit number assigned by the National Plan and Provider Enumeration System (NPPES) to covered health-care providers and health-care clearinghouses.

Health Plan Identifier (HPID)
The HPID is assigned by the Health Plan and Other Entity Enumeration System (HPOES) to all health plans. For other entities that do not meet the definition of a health plan under HIPAA, such as third-party administrators, an Other Entity Identifier (OEID) is is assigned. Controlling Health Plans (CHP) and Subhealth Plans (SHP) are also assigned an OEID by the HPOES.

Unique Patient Identifier (UPI)
While HIPAA requires a Unique Patient Identifier (UPI) for patients, HHS has not issued any regulations yet for adopting this identifier.