§162.410 Implementation specifications: Health care providers.
(a) A covered entity that is a covered health care provider must:
(1) Obtain, by application if necessary, an NPI (National Provider Identifier) from the National Provider System (NPS) for itself or for any subpart of the covered entity that would be a covered health care provider if it were a separate legal entity. A covered entity may obtain an NPI for any other subpart that qualifies for the assignment of an NPI.
(2) Use the NPI it obtained from the NPS to identify itself on all standard transactions that it conducts where its health care provider identifier is required.
(3) Disclose its NPI, when requested, to any entity that needs the NPI to identify that covered health care provider in a standard transaction.
(4) Communicate to the NPS any changes in its required data elements in the NPS within 30 days of the change.
(5) If it uses one or more business associates to conduct standard transactions on its behalf, require its business associate(s) to use its NPI and other NPIs appropriately as required by the transactions that the business associate(s) conducts on its behalf.
(6) If it has been assigned NPIs for one or more subparts, comply with the requirements of paragraphs (a)(2) through (a)(5) of this section with respect to each of those NPIs.
(b) A health care provider that is not a covered entity may obtain, by application if necessary, an NPI from the NPS.
Make sure you are Omnibus Rule Compliant: HIPAA Privacy Checklist.