Last updated: February 2026 ·
Applies to: NPIVerify Chrome Extension v1.0
NPIVerify does not collect, store, or transmit any personal data.
All lookup history is stored locally on your device only and is
never sent to any server operated by NPIVerify.
What NPIVerify Does
NPIVerify is a Chrome browser extension that allows healthcare professionals
to look up provider information from the CMS NPPES (National Plan and Provider
Enumeration System) NPI Registry. It is a read-only tool — it only reads
publicly available data from the NPPES public API.
Data We Access
NPIVerify accesses the following data during normal use:
Text you select on web pages — only when you right-click
selected text and choose "Look up NPI in NPPES". The selected text is validated
locally (on your device) and, if it is a valid NPI number, sent to the CMS NPPES
public API. We do not read any other content from the page.
NPI numbers you type into the extension — when you manually
type or paste an NPI into the search field. These are sent to the CMS NPPES
public API to retrieve provider data.
NPPES API responses — provider data returned by the CMS NPPES
API (name, specialty, address, taxonomy, etc.). This data is publicly available
and belongs to CMS / HHS, not NPIVerify.
Data We Store Locally (On Your Device)
NPIVerify stores the following data in your browser's local storage
(chrome.storage.local) on your device only:
A list of up to 25 recently looked-up NPI numbers, provider names, and timestamps.
This data never leaves your device and is not accessible to NPIVerify or any third party.
You can delete this data at any time by clicking "Clear all" in the History tab,
or by removing the extension from Chrome.
Data We Do NOT Collect
We do not collect your name, email address, or any account information.
We do not track which NPIs you look up.
We do not use analytics, telemetry, or crash reporting in v1.0.
We do not sell, share, or transmit any data to any third party.
We do not use cookies or tracking pixels.
We do not read the content of web pages you visit (beyond the specific text
you have selected and chosen to look up).
Third-Party Services
NPIVerify makes network requests to one external service:
CMS NPPES NPI Registry API
(npiregistry.cms.hhs.gov) —
a free public API operated by the U.S. Department of Health and Human Services.
When you look up an NPI, the NPI number is sent to this API to retrieve provider data.
CMS's own privacy policy governs this request. NPIVerify does not control or
have access to CMS's server logs.
NPIVerify makes no other network requests. It does not contact any NPIVerify-owned
servers at any time.
Permissions Used and Why
contextMenus — to add the "Look up NPI in NPPES" option to the right-click menu.
storage — to save your lookup history locally on your device.
downloads — to allow you to export provider data as CSV or JSON files.
activeTab — to read selected text on the page you are viewing when you use the right-click menu.
scripting — to open the extension popup after a right-click lookup.
clipboardWrite — to copy the NPI number to your clipboard when you click "Copy NPI".
host_permissions (npiregistry.cms.hhs.gov) — to make API requests to the NPPES registry.
Data Retention
Lookup history is stored on your device indefinitely until you clear it manually
(via the "Clear all" button in the History tab) or uninstall the extension.
Uninstalling the extension removes all locally stored data.
Children's Privacy
NPIVerify is a professional tool intended for use by adults in healthcare
credentialing, network management, and related roles. It is not directed at
children under 13 and we do not knowingly collect data from children.
Changes to This Policy
If we update this policy, we will update the "Last updated" date at the top
of this page. Significant changes will be noted in the extension's Chrome Web
Store listing changelog.
Contact
If you have questions about this privacy policy or how NPIVerify handles data,
please contact us via the Chrome Web Store support page for NPIVerify.