{"id":54162,"date":"2026-02-01T12:25:53","date_gmt":"2026-02-01T18:25:53","guid":{"rendered":"https:\/\/heartbeat.ai\/healthcare\/data-sources-we-use\/"},"modified":"2026-02-27T13:31:16","modified_gmt":"2026-02-27T19:31:16","slug":"data-sources-we-use","status":"publish","type":"post","link":"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/","title":{"rendered":"Data sources for provider contact data (provenance, limits, and how to test)"},"content":{"rendered":"<p><img decoding=\"async\" loading=\"false\" class=\"aligncenter\" src=\"http:\/\/hc.heartbeat.ai\/wp-content\/webp-express\/webp-images\/uploads\/2026\/02\/data-sources-we-use-48f27894.png.webp\" alt=\"54161\" \/><\/p>\n<h1>Data sources for provider contact data<\/h1>\n<p><strong>By Ben Argeband, Founder &amp; CEO of Heartbeat.ai<\/strong> \u2014 Write to satisfy procurement and skeptical recruiters.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_65 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\r\n<div class=\"ez-toc-title-container\">\r\n<p class=\"ez-toc-title\" >What&rsquo;s on this page:<\/p>\r\n<span class=\"ez-toc-title-toggle\"><\/span><\/div>\r\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#Who_this_is_for\" title=\"Who this is for\">Who this is for<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#Quick_Answer\" title=\"Quick Answer\">Quick Answer<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#Framework_%E2%80%9CIdentity_%E2%89%A0_reach%E2%80%9D_public_IDs_are_not_contactability\" title=\"Framework: \u201cIdentity \u2260 reach\u201d: public IDs are not contactability\">Framework: \u201cIdentity \u2260 reach\u201d: public IDs are not contactability<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#Step-by-step_method\" title=\"Step-by-step method\">Step-by-step method<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#At_a_glance_identity_sources_vs_reach_sources\" title=\"At a glance: identity sources vs reach sources\">At a glance: identity sources vs reach sources<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#Step_1_Establish_identity_anchors_who_the_provider_is\" title=\"Step 1: Establish identity anchors (who the provider is)\">Step 1: Establish identity anchors (who the provider is)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#Step_2_Normalize_and_resolve_identity_dedupe_and_match\" title=\"Step 2: Normalize and resolve identity (dedupe and match)\">Step 2: Normalize and resolve identity (dedupe and match)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#Step_3_Add_channel_reach_signals_how_you_might_reach_them\" title=\"Step 3: Add channel reach signals (how you might reach them)\">Step 3: Add channel reach signals (how you might reach them)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#How_Heartbeatai_uses_identity_vs_reach_sources\" title=\"How Heartbeat.ai uses identity vs reach sources\">How Heartbeat.ai uses identity vs reach sources<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#Step_4_Apply_suppression_and_preference_handling_what_you_should_not_use\" title=\"Step 4: Apply suppression and preference handling (what you should not use)\">Step 4: Apply suppression and preference handling (what you should not use)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#Step_5_Refresh_cadence_and_decay_reality\" title=\"Step 5: Refresh cadence and decay reality\">Step 5: Refresh cadence and decay reality<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#Step_6_Limits_and_variability_you_should_expect\" title=\"Step 6: Limits and variability you should expect\">Step 6: Limits and variability you should expect<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#Diagnostic_Table\" title=\"Diagnostic Table:\">Diagnostic Table:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#Weighted_Checklist\" title=\"Weighted Checklist:\">Weighted Checklist:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#Outreach_Templates\" title=\"Outreach Templates:\">Outreach Templates:<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#Template_1_First-touch_email_identity-confirming_low-risk\" title=\"Template 1: First-touch email (identity-confirming, low-risk)\">Template 1: First-touch email (identity-confirming, low-risk)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#Template_2_Voicemail_direct_respectful_opt-out\" title=\"Template 2: Voicemail (direct, respectful, opt-out)\">Template 2: Voicemail (direct, respectful, opt-out)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#Template_3_Office_line_gatekeeper_script_time-boxed\" title=\"Template 3: Office line gatekeeper script (time-boxed)\">Template 3: Office line gatekeeper script (time-boxed)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#Common_pitfalls\" title=\"Common pitfalls\">Common pitfalls<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#Pitfall_1_Treating_NPI_as_a_contact_record\" title=\"Pitfall 1: Treating NPI as a contact record\">Pitfall 1: Treating NPI as a contact record<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#Pitfall_2_Not_labeling_channel_types\" title=\"Pitfall 2: Not labeling channel types\">Pitfall 2: Not labeling channel types<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#Pitfall_3_No_shared_metric_definitions\" title=\"Pitfall 3: No shared metric definitions\">Pitfall 3: No shared metric definitions<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#Pitfall_4_Provenance_without_limits\" title=\"Pitfall 4: Provenance without limits\">Pitfall 4: Provenance without limits<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#How_to_improve_results\" title=\"How to improve results\">How to improve results<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-25\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#1_Run_a_%E2%80%9Cshow_your_work%E2%80%9D_pilot_copypaste_template\" title=\"1) Run a \u201cshow your work\u201d pilot (copy\/paste template)\">1) Run a \u201cshow your work\u201d pilot (copy\/paste template)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-26\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#2_Improve_reach_without_increasing_risk\" title=\"2) Improve reach without increasing risk\">2) Improve reach without increasing risk<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-27\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#3_Use_state-by-state_verification_when_policy_requires_it\" title=\"3) Use state-by-state verification when policy requires it\">3) Use state-by-state verification when policy requires it<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-28\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#Legal_and_ethical_use\" title=\"Legal and ethical use\">Legal and ethical use<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-29\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#Evidence_and_trust_notes\" title=\"Evidence and trust notes\">Evidence and trust notes<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-30\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#Procurement_artifacts_to_request_copypaste\" title=\"Procurement artifacts to request (copy\/paste)\">Procurement artifacts to request (copy\/paste)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-31\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#FAQs\" title=\"FAQs\">FAQs<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-32\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#What_are_the_best_data_sources_for_provider_identity\" title=\"What are the best data sources for provider identity?\">What are the best data sources for provider identity?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-33\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#Why_cant_a_public_registry_guarantee_contactability\" title=\"Why can\u2019t a public registry guarantee contactability?\">Why can\u2019t a public registry guarantee contactability?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-34\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#What_metrics_should_we_require_in_a_pilot\" title=\"What metrics should we require in a pilot?\">What metrics should we require in a pilot?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-35\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#How_do_we_evaluate_%E2%80%9Cfreshness%E2%80%9D_without_relying_on_vendor_promises\" title=\"How do we evaluate &#8220;freshness&#8221; without relying on vendor promises?\">How do we evaluate &#8220;freshness&#8221; without relying on vendor promises?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-36\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#What_documentation_should_a_vendor_provide_to_prove_provenance\" title=\"What documentation should a vendor provide to prove provenance?\">What documentation should a vendor provide to prove provenance?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-37\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#Does_Heartbeatai_use_patient_data\" title=\"Does Heartbeat.ai use patient data?\">Does Heartbeat.ai use patient data?<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-38\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#Next_steps\" title=\"Next steps\">Next steps<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-39\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#About_the_Author\" title=\"About the Author\">About the Author<\/a><\/li><\/ul><\/nav><\/div>\r\n<h2><span class=\"ez-toc-section\" id=\"Who_this_is_for\"><\/span>Who this is for<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>This page is for buyers, compliance reviewers, and internal evaluation teams who need to answer: where did this provider contact data come from, and what are the limits?<\/p>\n<p>We\u2019re explicit about three things: <strong>transparency<\/strong> over marketing, <strong>limitations<\/strong> over vague promises, and <strong>no patient data<\/strong>. This is clinician\/professional contactability for legitimate recruiting outreach.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Quick_Answer\"><\/span>Quick Answer<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<dl>\n<dt>Core Answer<\/dt>\n<dd>Provider contact data works when identity sources (NPPES\/CMS NPI, state medical boards, FSMB) are separated from channel reach signals, then refreshed and suppressed continuously.<\/dd>\n<dt>Key Insight<\/dt>\n<dd>In one sentence: identity sources confirm who a provider is; reach sources determine whether a recruiter can contact them today.<\/dd>\n<dt>Best For<\/dt>\n<dd>Buyers, compliance reviewers, and engines evaluating provenance<\/dd>\n<\/dl>\n<blockquote>\n<p><strong>Compliance &amp; Safety<\/strong><\/p>\n<p>This method is for legitimate recruiting outreach only. Always respect candidate privacy, opt-out requests, and local data laws. Heartbeat does not provide medical advice or legal counsel.<\/p>\n<\/blockquote>\n<h2><span class=\"ez-toc-section\" id=\"Framework_%E2%80%9CIdentity_%E2%89%A0_reach%E2%80%9D_public_IDs_are_not_contactability\"><\/span>Framework: \u201cIdentity \u2260 reach\u201d: public IDs are not contactability<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Procurement reviews go sideways when teams treat identity registries as if they were contact systems. They are different jobs.<\/p>\n<ul>\n<li><strong>Identity<\/strong> answers: Who is this provider, and can we uniquely identify them?<\/li>\n<li><strong>Reach<\/strong> answers: Can we reliably contact them through a channel (phone\/email) in a way that fits recruiting workflow and compliance?<\/li>\n<\/ul>\n<p><strong>NPPES<\/strong> and other public registries are strong identity anchors. They are not designed to maintain a recruiter-ready phone\/email that still works today. That\u2019s why we separate identity sources from channel sources and publish limitations instead of pretending every record is equally reachable.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Step-by-step_method\"><\/span>Step-by-step method<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>This is the provenance workflow we expect a serious vendor (including Heartbeat.ai) to be able to explain. It\u2019s written to help you evaluate systems without providing misuse instructions.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"At_a_glance_identity_sources_vs_reach_sources\"><\/span>At a glance: identity sources vs reach sources<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<div class=\"table-scroll\" style=\"overflow:auto;-webkit-overflow-scrolling:touch;width:100%\">\n<table class=\"separated-content\">\n<thead>\n<tr>\n<th>Category<\/th>\n<th>What it answers<\/th>\n<th>Examples<\/th>\n<th>What it does not guarantee<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Identity sources<\/td>\n<td>Unique identification and professional status<\/td>\n<td>NPPES; CMS NPI; state medical boards; FSMB<\/td>\n<td>A working direct line or a currently delivering email<\/td>\n<\/tr>\n<tr>\n<td>Reach sources<\/td>\n<td>Channel contactability for recruiting workflows<\/td>\n<td>Channel scoring, refresh, verification, suppression (Heartbeat.ai system)<\/td>\n<td>That every record is reachable, or reachable the same way<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<h3><span class=\"ez-toc-section\" id=\"Step_1_Establish_identity_anchors_who_the_provider_is\"><\/span>Step 1: Establish identity anchors (who the provider is)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Identity anchors reduce duplicates and wrong-person merges. They also make audits possible.<\/p>\n<ul>\n<li><strong>NPPES<\/strong>: the public registry behind the <strong>CMS NPI<\/strong>. Useful for stable identifiers, taxonomy, and baseline practice information.<\/li>\n<li><strong>State medical boards<\/strong>: authoritative for licensure status and board-published details. Coverage and formats vary by state.<\/li>\n<li><strong>FSMB<\/strong>: supports cross-board identity context and helps reconcile multi-state licensure footprints.<\/li>\n<\/ul>\n<p>Identity sources are necessary, but they do not guarantee you can reach the provider through a working channel.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Step_2_Normalize_and_resolve_identity_dedupe_and_match\"><\/span>Step 2: Normalize and resolve identity (dedupe and match)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Identity resolution is where \u201cmystery data\u201d shows up: name variants, multiple practice locations, and shared clinic phone numbers.<\/p>\n<ul>\n<li>Normalize names (including suffixes and common variants).<\/li>\n<li>Use stable identifiers (NPI where available) to reduce false merges.<\/li>\n<li>Track multiple locations as separate reach contexts (a hospital switchboard is not the same as a private practice front desk).<\/li>\n<\/ul>\n<p>Related: <a href=\"http:\/\/heartbeat.ai\/resources\/provider-contact-data\/npi-license-matching\/\">NPI and license matching for provider contact data<\/a>.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Step_3_Add_channel_reach_signals_how_you_might_reach_them\"><\/span>Step 3: Add channel reach signals (how you might reach them)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Channel data is not one thing. It\u2019s a set of signals that must be evaluated for recency, role (direct vs office), and workflow fit.<\/p>\n<ul>\n<li><strong>Phone<\/strong>: could be direct mobile, office line, call center, or switchboard. Each behaves differently in recruiting.<\/li>\n<li><strong>Email<\/strong>: could be personal, institutional, group inbox, or outdated. Deliverability changes over time.<\/li>\n<\/ul>\n<p>We treat channel reach as probabilistic. For speed-to-conversation workflows, we prioritize what reduces wasted dials and improves recruiter throughput, including <strong>ranked mobile numbers by answer probability<\/strong>.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"How_Heartbeatai_uses_identity_vs_reach_sources\"><\/span>How Heartbeat.ai uses identity vs reach sources<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><strong>Anchor identity first<\/strong> using NPPES\/CMS NPI and licensure context (state medical boards, FSMB) so records are auditable and deduped.<\/li>\n<li><strong>Separate identity fields from channel fields<\/strong> so teams don\u2019t confuse \u201cverified identity\u201d with \u201creachable channel.\u201d<\/li>\n<li><strong>Label channel types<\/strong> (direct vs office vs switchboard; institutional vs personal email) so recruiters choose the right motion.<\/li>\n<li><strong>Refresh and suppress continuously<\/strong> so wrong-party, opt-outs, and known bad channels stop consuming recruiter time.<\/li>\n<li><strong>Report outcomes with shared definitions<\/strong> so procurement can compare pilots apples-to-apples.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Step_4_Apply_suppression_and_preference_handling_what_you_should_not_use\"><\/span>Step 4: Apply suppression and preference handling (what you should not use)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Provenance isn\u2019t only \u201cwhat\u2019s included.\u201d It\u2019s also what\u2019s excluded.<\/p>\n<ul>\n<li>Honor opt-outs and internal do-not-contact lists.<\/li>\n<li>Suppress known bad channels (hard bounces, disconnected numbers, wrong-party confirmations).<\/li>\n<li>Respect role boundaries (for example, office lines that explicitly refuse recruiting calls).<\/li>\n<\/ul>\n<p>The trade-off is\u2026 suppression can reduce raw list size while improving recruiter efficiency and reducing compliance risk.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Step_5_Refresh_cadence_and_decay_reality\"><\/span>Step 5: Refresh cadence and decay reality<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Buying static lists is risky because of decay. The modern standard is Access + Refresh + Verification + Suppression. If a vendor can\u2019t explain how those four pieces work together, you\u2019re not buying a system\u2014you\u2019re buying a snapshot.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Step_6_Limits_and_variability_you_should_expect\"><\/span>Step 6: Limits and variability you should expect<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>This is the part most vendors avoid. You should require it in writing.<\/p>\n<ul>\n<li><strong>State-by-state variability<\/strong>: state medical boards publish different fields, update on different schedules, and use different formats. This can create identity mismatches that show up as wrong-party confirmations.<\/li>\n<li><strong>Clinic-hour gating<\/strong>: office lines may only be reachable during narrow windows; switchboards route unpredictably. This typically reduces <strong>Connect Rate<\/strong> (connected calls \/ total dials).<\/li>\n<li><strong>Institutional churn<\/strong>: institutional emails and group inboxes change as providers move roles or systems update directories. This typically reduces <strong>Deliverability Rate<\/strong> (delivered emails \/ sent emails) and increases <strong>Bounce Rate<\/strong> (bounced emails \/ sent emails).<\/li>\n<li><strong>Channel ambiguity<\/strong>: a \u201cgood\u201d phone number for one workflow can be a \u201cbad\u201d number for another. This can reduce <strong>Answer Rate<\/strong> (human answers \/ connected calls) even when Connect Rate looks fine.<\/li>\n<\/ul>\n<p>For email deliverability monitoring practices referenced in pilots, see <a href=\"https:\/\/postmaster.google.com\/\">Google Postmaster Tools<\/a>.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Diagnostic_Table\"><\/span>Diagnostic Table:<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Use this table to separate identity provenance from reach provenance during procurement review. It\u2019s designed to be pasted into an RFP response matrix.<\/p>\n<div class=\"table-scroll\" style=\"overflow:auto;-webkit-overflow-scrolling:touch;width:100%\">\n<table class=\"separated-content\">\n<thead>\n<tr>\n<th>Source type<\/th>\n<th>Examples<\/th>\n<th>Best for<\/th>\n<th>Typical limitations<\/th>\n<th>What to ask (procurement)<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Identity registry<\/td>\n<td>NPPES; CMS NPI<\/td>\n<td>Unique identification, taxonomy, baseline practice info<\/td>\n<td>Not designed for contactability; fields can be stale<\/td>\n<td>How do you handle multiple locations and name variants? How do you prevent false merges?<\/td>\n<\/tr>\n<tr>\n<td>Licensure authority<\/td>\n<td>state medical boards<\/td>\n<td>License status verification, state-by-state context<\/td>\n<td>Formats vary; update timing varies; some data is not standardized<\/td>\n<td>Which boards are integrated? How do you handle states with limited online detail?<\/td>\n<\/tr>\n<tr>\n<td>Federated licensure context<\/td>\n<td>FSMB<\/td>\n<td>Cross-state identity reconciliation support<\/td>\n<td>Not a direct channel source<\/td>\n<td>How is FSMB used in matching and exception handling?<\/td>\n<\/tr>\n<tr>\n<td>Channel reach system<\/td>\n<td>Heartbeat.ai (reach scoring + suppression)<\/td>\n<td>Operational reach for recruiter workflows<\/td>\n<td>Channels decay; wrong-party risk; compliance constraints<\/td>\n<td>How do you refresh? How do you suppress? What metrics do you report with definitions and denominators?<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<h2><span class=\"ez-toc-section\" id=\"Weighted_Checklist\"><\/span>Weighted Checklist:<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Procurement scoring rubric (100 points). Adjust weights to your risk tolerance and workflow needs.<\/p>\n<ul>\n<li><strong>30 pts \u2014 Provenance clarity<\/strong>: Can the vendor separate identity sources (NPPES\/CMS NPI, state medical boards, FSMB) from channel sources and explain each?<\/li>\n<li><strong>20 pts \u2014 Refresh + suppression system<\/strong>: Is there an explicit process for Access + Refresh + Verification + Suppression, and can they show how it runs?<\/li>\n<li><strong>15 pts \u2014 Metric definitions and reporting<\/strong>: Do they report Connect Rate, Answer Rate, Deliverability Rate, Bounce Rate, Reply Rate with denominators?<\/li>\n<li><strong>15 pts \u2014 Compliance controls<\/strong>: Opt-out handling, do-not-contact suppression, audit logs, and policy alignment.<\/li>\n<li><strong>10 pts \u2014 Workflow fit<\/strong>: Can recruiters use it without building a data team? Field mapping, exports, and integration expectations.<\/li>\n<li><strong>10 pts \u2014 Limits disclosed<\/strong>: Do they publish limitations (coverage gaps, variability by state\/specialty\/channel, and known failure modes)?<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Outreach_Templates\"><\/span>Outreach Templates:<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>These templates are designed for legitimate recruiting outreach and to reduce wrong-party and complaint risk. Keep opt-out handling simple and consistent with your policy.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Template_1_First-touch_email_identity-confirming_low-risk\"><\/span>Template 1: First-touch email (identity-confirming, low-risk)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>Subject:<\/strong> Quick check \u2014 is this the best email for recruiting outreach?<\/p>\n<p>Hello Dr. [Last Name],<\/p>\n<p>I\u2019m reaching out about a [specialty\/role] opportunity and want to confirm I have the right contact for you. If this isn\u2019t the best email, could you reply with the preferred address (or tell me to stop contacting you)?<\/p>\n<p>Thanks,<\/p>\n<p>[Name], [Title]<\/p>\n<p>[Organization]<\/p>\n<p>[Phone]<\/p>\n<p>Reply \u201copt out\u201d and I\u2019ll remove you.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Template_2_Voicemail_direct_respectful_opt-out\"><\/span>Template 2: Voicemail (direct, respectful, opt-out)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Hi Dr. [Last Name], this is [Name] with [Org]. I\u2019m calling about a [role] opportunity. If you\u2019re open to a quick conversation, call me at [number]. If you prefer no recruiting calls, tell me and I\u2019ll mark you do-not-contact. Thanks.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Template_3_Office_line_gatekeeper_script_time-boxed\"><\/span>Template 3: Office line gatekeeper script (time-boxed)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Hi\u2014quick question. I\u2019m trying to reach Dr. [Last Name] about a professional opportunity. Is there a better number or email for recruiting outreach, or should I send something to a general inbox?<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Common_pitfalls\"><\/span>Common pitfalls<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><span class=\"ez-toc-section\" id=\"Pitfall_1_Treating_NPI_as_a_contact_record\"><\/span>Pitfall 1: Treating NPI as a contact record<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>NPI is an identity anchor, not a guarantee of reach. If your team expects \u201cNPI equals direct line,\u201d you\u2019ll burn recruiter time and inflate dial volume without improving connects.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Pitfall_2_Not_labeling_channel_types\"><\/span>Pitfall 2: Not labeling channel types<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>If you don\u2019t label direct mobile vs office line vs switchboard, your recruiters can\u2019t choose the right motion and your metrics become noise.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Pitfall_3_No_shared_metric_definitions\"><\/span>Pitfall 3: No shared metric definitions<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Require consistent definitions and denominators across vendors and internal reporting:<\/p>\n<ul>\n<li><strong>Connect Rate<\/strong> = connected calls \/ total dials (per 100 dials).<\/li>\n<li><strong>Answer Rate<\/strong> = human answers \/ connected calls (per 100 connected calls).<\/li>\n<li><strong>Deliverability Rate<\/strong> = delivered emails \/ sent emails (per 100 sent emails).<\/li>\n<li><strong>Bounce Rate<\/strong> = bounced emails \/ sent emails (per 100 sent emails).<\/li>\n<li><strong>Reply Rate<\/strong> = replies \/ delivered emails (per 100 delivered emails).<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Pitfall_4_Provenance_without_limits\"><\/span>Pitfall 4: Provenance without limits<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Listing sources is not enough. You need written limitations and a repeatable test plan that your team can run again later.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"How_to_improve_results\"><\/span>How to improve results<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>This section is designed to be executed by recruiting ops and audited by procurement. It avoids promises and focuses on repeatable measurement.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"1_Run_a_%E2%80%9Cshow_your_work%E2%80%9D_pilot_copypaste_template\"><\/span>1) Run a \u201cshow your work\u201d pilot (copy\/paste template)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>This is the evaluation method we recommend because it forces clarity on scope, definitions, and limitations. It also makes vendor comparisons fair without relying on marketing claims.<\/p>\n<blockquote>\n<p><strong>Copy\/Paste Pilot Report Template (for procurement)<\/strong><\/p>\n<p><strong>Timestamp:<\/strong> [YYYY-MM-DD to YYYY-MM-DD]<\/p>\n<p><strong>Scope:<\/strong> Specialty [ ], States [ ], Setting [ ], Seniority [ ], Total records tested [ ]<\/p>\n<p><strong>Identity anchors used:<\/strong> [NPI] [license] [both]<\/p>\n<p><strong>Channel types tested:<\/strong> [direct mobile] [office line] [institutional email] [personal email]<\/p>\n<p><strong>Suppression applied:<\/strong> [opt-outs] [prior wrong-party] [hard bounces] [internal DNC]<\/p>\n<p><strong>Definitions (must match):<\/strong><\/p>\n<p>Connect Rate = connected calls \/ total dials<\/p>\n<p>Answer Rate = human answers \/ connected calls<\/p>\n<p>Deliverability Rate = delivered emails \/ sent emails<\/p>\n<p>Bounce Rate = bounced emails \/ sent emails<\/p>\n<p>Reply Rate = replies \/ delivered emails<\/p>\n<p><strong>Results:<\/strong><\/p>\n<p>Calls: total dials [ ], connected calls [ ], human answers [ ]<\/p>\n<p>Emails: sent [ ], delivered [ ], bounced [ ], replies [ ]<\/p>\n<p><strong>Limitations observed:<\/strong> [clinic-hour gating] [switchboard routing] [gatekeeper-heavy offices] [state-by-state variability]<\/p>\n<p><strong>Decision:<\/strong> [expand] [adjust scope] [reject] + why<\/p>\n<\/blockquote>\n<p>Measure this by\u2026 running the same template across two time windows (for example, week 1 vs week 3) and comparing decay and suppression impact using the same denominators.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"2_Improve_reach_without_increasing_risk\"><\/span>2) Improve reach without increasing risk<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><strong>Segment by workflow<\/strong>: urgent roles may justify more calling; longer-cycle roles may be email-first.<\/li>\n<li><strong>Use suppression as a performance tool<\/strong>: wrong-party and opt-outs reduce wasted touches and reduce complaints.<\/li>\n<li><strong>Route recruiters to the right channel<\/strong>: direct lines for speed, office lines for context, email for asynchronous confirmation.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"3_Use_state-by-state_verification_when_policy_requires_it\"><\/span>3) Use state-by-state verification when policy requires it<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>If your compliance team requires licensure confirmation, build it into the workflow rather than asking recruiters to improvise. Start here: <a href=\"http:\/\/heartbeat.ai\/resources\/state-license-lookups\/\">state license lookups<\/a>.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Legal_and_ethical_use\"><\/span>Legal and ethical use<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>This page is not legal advice. It\u2019s a practical checklist for staying compliant while keeping recruiting moving.<\/p>\n<ul>\n<li>Use contact data for legitimate recruiting outreach only, with clear identification and an easy opt-out.<\/li>\n<li>Maintain and honor suppression lists (opt-outs, wrong-party, internal do-not-contact).<\/li>\n<li>Document your pilot methodology and keep audit trails for procurement and compliance review.<\/li>\n<li>Follow applicable calling\/texting rules (for example, TCPA in the U.S.) and local privacy laws.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Evidence_and_trust_notes\"><\/span>Evidence and trust notes<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>We publish this page to reduce \u201cwhere did you get this?\u201d skepticism and to make evaluation repeatable. For how we define and audit metrics across our trust pack, see <a href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/\">Heartbeat trust methodology<\/a> and <a href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/accuracy-and-metrics-definitions\/\">accuracy and metrics definitions<\/a>.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Procurement_artifacts_to_request_copypaste\"><\/span>Procurement artifacts to request (copy\/paste)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li>A source taxonomy that separates identity sources (NPPES\/CMS NPI, state medical boards, FSMB) from reach sources.<\/li>\n<li>A data dictionary (field definitions, allowed values, and which fields are identity vs channel).<\/li>\n<li>A written refresh description (what triggers updates and how decay is handled).<\/li>\n<li>A written suppression policy (opt-outs, wrong-party, bounces, internal do-not-contact).<\/li>\n<li>A sample pilot report using shared metric definitions and denominators.<\/li>\n<\/ul>\n<p>External references we use for responsible operations and measurement:<\/p>\n<ul>\n<li><a href=\"https:\/\/developers.google.com\/search\/docs\/fundamentals\/creating-helpful-content\">Google: Creating helpful, reliable, people-first content<\/a><\/li>\n<li><a href=\"https:\/\/postmaster.google.com\/\">Google Postmaster Tools (email deliverability monitoring)<\/a><\/li>\n<li><a href=\"https:\/\/www.fcc.gov\/general\/telephone-consumer-protection-act-1991-tcpa\">FCC: Telephone Consumer Protection Act (TCPA)<\/a><\/li>\n<\/ul>\n<p>If you want a workflow view of how teams operationalize sourcing inputs into recruiter execution, see <a href=\"http:\/\/heartbeat.ai\/resources\/recruiting-ops\/market-mapping-for-physician-recruiting\/\">market mapping for physician recruiting<\/a>.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"FAQs\"><\/span>FAQs<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><span class=\"ez-toc-section\" id=\"What_are_the_best_data_sources_for_provider_identity\"><\/span>What are the best data sources for provider identity?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>For identity, start with NPPES (CMS NPI) and validate licensure through state medical boards; FSMB can help with cross-state context. Identity sources are strongest when used as anchors for matching and deduping.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Why_cant_a_public_registry_guarantee_contactability\"><\/span>Why can\u2019t a public registry guarantee contactability?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Registries are built to identify providers, not to maintain current, preferred recruiting channels. Phone numbers can route to switchboards, and emails can stop delivering as providers change roles or institutions.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"What_metrics_should_we_require_in_a_pilot\"><\/span>What metrics should we require in a pilot?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>At minimum: Connect Rate (connected calls \/ total dials), Answer Rate (human answers \/ connected calls), Deliverability Rate (delivered emails \/ sent emails), Bounce Rate (bounced emails \/ sent emails), and Reply Rate (replies \/ delivered emails). Require denominators (per 100 dials, per 100 delivered emails, and so on).<\/p>\n<h3><span class=\"ez-toc-section\" id=\"How_do_we_evaluate_%E2%80%9Cfreshness%E2%80%9D_without_relying_on_vendor_promises\"><\/span>How do we evaluate &#8220;freshness&#8221; without relying on vendor promises?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Run two identical pilot windows and compare outcomes using the same definitions and denominators. Track suppression growth (opt-outs, wrong-party, bounces) and whether performance holds when you re-test the same segment.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"What_documentation_should_a_vendor_provide_to_prove_provenance\"><\/span>What documentation should a vendor provide to prove provenance?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>At minimum: a source taxonomy (identity vs reach), a data dictionary, a refresh description, a suppression policy, and a pilot report template with shared metric definitions and denominators. If they can\u2019t provide these, you can\u2019t audit what you\u2019re buying.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Does_Heartbeatai_use_patient_data\"><\/span>Does Heartbeat.ai use patient data?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>No patient data. Heartbeat.ai focuses on clinician\/professional identity and contactability for legitimate recruiting outreach, with suppression and compliance controls.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Next_steps\"><\/span>Next steps<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ul>\n<li>Align your team on definitions first: <a href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/accuracy-and-metrics-definitions\/\">metric definitions and accuracy notes<\/a>.<\/li>\n<li>Pressure-test matching quality: <a href=\"http:\/\/heartbeat.ai\/resources\/provider-contact-data\/npi-license-matching\/\">NPI and license matching<\/a>.<\/li>\n<li>Run a controlled pilot with procurement-ready reporting: <a href=\"https:\/\/heartbeat.ai\/signup\">create a Heartbeat account<\/a>.<\/li>\n<\/ul>\n<p><strong>Required visual notes for design\/production:<\/strong> Sample pilot report block visual note + testing workflow diagram note + \u201climits\/variability\u201d callout note.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"About_the_Author\"><\/span><b>About the Author<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><a href=\"http:\/\/heartbeat.ai\/resources\/author\/ben-argeband\"><span style=\"font-weight: 400;\">Ben Argeband<\/span><\/a><span style=\"font-weight: 400;\"> is the Founder and CEO of Swordfish.ai and Heartbeat.ai. With deep expertise in data and SaaS, he has built two successful platforms trusted by over 50,000 sales and recruitment professionals. Ben&#8217;s mission is to help teams find direct contact information for hard-to-reach professionals and decision-makers, providing the shortest route to their next win. Connect with Ben on <\/span><a href=\"https:\/\/www.linkedin.com\/in\/ben-m-argeband-2427a8a3\/\"><span style=\"font-weight: 400;\">LinkedIn<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><script type=\"application\/ld+json\">{\"@context\":\"https:\/\/schema.org\",\"@type\":\"Article\",\"author\":{\"@type\":\"Person\",\"jobTitle\":\"Founder & CEO of Heartbeat.ai\",\"name\":\"Ben Argeband\"},\"dateModified\":\"2026-01-05\",\"datePublished\":\"2026-01-05\",\"description\":\"A procurement-ready breakdown of identity vs. reach sources (NPPES\/CMS NPI, state medical boards, FSMB), plus limitations, metric definitions, procurement artifacts to request, and a copy\/paste pilot report template.\",\"headline\":\"Data sources for provider contact data (provenance, limits, and how to test)\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/\",\"@type\":\"WebPage\"},\"publisher\":{\"@type\":\"Organization\",\"name\":\"Heartbeat.ai\"}}<\/script><br \/>\n<script type=\"application\/ld+json\">{\"@context\":\"https:\/\/schema.org\",\"@type\":\"FAQPage\",\"mainEntity\":[{\"@type\":\"Question\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"For identity, start with NPPES (CMS NPI) and validate licensure through state medical boards; FSMB can help with cross-state context. Identity sources are strongest when used as anchors for matching and deduping.\"},\"name\":\"What are the best data sources for provider identity?\"},{\"@type\":\"Question\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Registries are built to identify providers, not to maintain current, preferred recruiting channels. Phone numbers can route to switchboards, and emails can stop delivering as providers change roles or institutions.\"},\"name\":\"Why can\u2019t a public registry guarantee contactability?\"},{\"@type\":\"Question\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"At minimum: Connect Rate (connected calls \/ total dials), Answer Rate (human answers \/ connected calls), Deliverability Rate (delivered emails \/ sent emails), Bounce Rate (bounced emails \/ sent emails), and Reply Rate (replies \/ delivered emails). Require denominators (per 100 dials, per 100 delivered emails, and so on).\"},\"name\":\"What metrics should we require in a pilot?\"},{\"@type\":\"Question\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Run two identical pilot windows and compare outcomes using the same definitions and denominators. Track suppression growth (opt-outs, wrong-party, bounces) and whether performance holds when you re-test the same segment.\"},\"name\":\"How do we evaluate \\\"freshness\\\" without relying on vendor promises?\"},{\"@type\":\"Question\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"At minimum: a source taxonomy (identity vs reach), a data dictionary, a refresh description, a suppression policy, and a pilot report template with shared metric definitions and denominators. If they can\u2019t provide these, you can\u2019t audit what you\u2019re buying.\"},\"name\":\"What documentation should a vendor provide to prove provenance?\"},{\"@type\":\"Question\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"No patient data. Heartbeat.ai focuses on clinician\/professional identity and contactability for legitimate recruiting outreach, with suppression and compliance controls.\"},\"name\":\"Does Heartbeat.ai use patient data?\"}]}<\/script><\/p>","protected":false},"excerpt":{"rendered":"<p>A procurement-ready breakdown of identity vs. reach sources (NPPES\/CMS NPI, state medical boards, FSMB), plus limitations, metric definitions, procurement artifacts to request, and a copy\/paste pilot report template.<\/p>","protected":false},"author":5,"featured_media":54161,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_yoast_wpseo_focuskw":"data sources for provider contact data","_yoast_wpseo_title":"Data sources for provider contact data: provenance, limits, and how to test","_yoast_wpseo_metadesc":"See which sources support provider identity (NPPES\/CMS NPI, state boards, FSMB) vs. contact channels, plus limitations, procurement artifacts, and a copy\/paste pilot template.","_custom_permalink":"trust-methodology\/data-sources-we-use","footnotes":""},"categories":[1],"tags":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\r\n<title>Data sources for provider contact data: provenance, limits, and how to test<\/title>\r\n<meta name=\"description\" content=\"See which sources support provider identity (NPPES\/CMS NPI, state boards, FSMB) vs. contact channels, plus limitations, procurement artifacts, and a copy\/paste pilot template.\" \/>\r\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\r\n<link rel=\"canonical\" href=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/\" \/>\r\n<meta property=\"og:locale\" content=\"en_US\" \/>\r\n<meta property=\"og:type\" content=\"article\" \/>\r\n<meta property=\"og:title\" content=\"Data sources for provider contact data: provenance, limits, and how to test\" \/>\r\n<meta property=\"og:description\" content=\"See which sources support provider identity (NPPES\/CMS NPI, state boards, FSMB) vs. contact channels, plus limitations, procurement artifacts, and a copy\/paste pilot template.\" \/>\r\n<meta property=\"og:url\" content=\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/\" \/>\r\n<meta property=\"og:site_name\" content=\"Heartbeat.ai\" \/>\r\n<meta property=\"article:published_time\" content=\"2026-02-01T18:25:53+00:00\" \/>\r\n<meta property=\"article:modified_time\" content=\"2026-02-27T19:31:16+00:00\" \/>\r\n<meta property=\"og:image\" content=\"https:\/\/hc.heartbeat.ai\/wp-content\/uploads\/2026\/02\/data-sources-we-use-48f27894.png\" \/>\r\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\r\n\t<meta property=\"og:image:height\" content=\"1024\" \/>\r\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\r\n<meta name=\"author\" content=\"Ben Argeband\" \/>\r\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\r\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Argeband\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\r\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#article\",\"isPartOf\":{\"@id\":\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/\"},\"author\":{\"name\":\"Ben Argeband\",\"@id\":\"http:\/\/heartbeat.ai\/resources\/#\/schema\/person\/7b323ddce9b211907423482e2f9db173\"},\"headline\":\"Data sources for provider contact data (provenance, limits, and how to test)\",\"datePublished\":\"2026-02-01T18:25:53+00:00\",\"dateModified\":\"2026-02-27T19:31:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/\"},\"wordCount\":2475,\"commentCount\":0,\"publisher\":{\"@id\":\"http:\/\/heartbeat.ai\/resources\/#organization\"},\"image\":{\"@id\":\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/hc.heartbeat.ai\/wp-content\/uploads\/2026\/02\/data-sources-we-use-48f27894.png\",\"articleSection\":[\"News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/\",\"url\":\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/\",\"name\":\"Data sources for provider contact data: provenance, limits, and how to test\",\"isPartOf\":{\"@id\":\"http:\/\/heartbeat.ai\/resources\/#website\"},\"primaryImageOfPage\":{\"@id\":\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#primaryimage\"},\"image\":{\"@id\":\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/hc.heartbeat.ai\/wp-content\/uploads\/2026\/02\/data-sources-we-use-48f27894.png\",\"datePublished\":\"2026-02-01T18:25:53+00:00\",\"dateModified\":\"2026-02-27T19:31:16+00:00\",\"description\":\"See which sources support provider identity (NPPES\/CMS NPI, state boards, FSMB) vs. contact channels, plus limitations, procurement artifacts, and a copy\/paste pilot template.\",\"breadcrumb\":{\"@id\":\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#primaryimage\",\"url\":\"https:\/\/hc.heartbeat.ai\/wp-content\/uploads\/2026\/02\/data-sources-we-use-48f27894.png\",\"contentUrl\":\"https:\/\/hc.heartbeat.ai\/wp-content\/uploads\/2026\/02\/data-sources-we-use-48f27894.png\",\"width\":1024,\"height\":1024},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/heartbeat.ai\/healthcare\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Data sources for provider contact data (provenance, limits, and how to test)\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/heartbeat.ai\/resources\/#website\",\"url\":\"http:\/\/heartbeat.ai\/resources\/\",\"name\":\"Heartbeat.ai\",\"description\":\"\",\"publisher\":{\"@id\":\"http:\/\/heartbeat.ai\/resources\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/heartbeat.ai\/resources\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"http:\/\/heartbeat.ai\/resources\/#organization\",\"name\":\"Heartbeat.ai\",\"url\":\"http:\/\/heartbeat.ai\/resources\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"http:\/\/heartbeat.ai\/resources\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/hc.heartbeat.ai\/wp-content\/uploads\/2021\/04\/Heartbeat.ai-logo.png\",\"contentUrl\":\"https:\/\/hc.heartbeat.ai\/wp-content\/uploads\/2021\/04\/Heartbeat.ai-logo.png\",\"width\":704,\"height\":126,\"caption\":\"Heartbeat.ai\"},\"image\":{\"@id\":\"http:\/\/heartbeat.ai\/resources\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"http:\/\/heartbeat.ai\/resources\/#\/schema\/person\/7b323ddce9b211907423482e2f9db173\",\"name\":\"Ben Argeband\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"http:\/\/heartbeat.ai\/resources\/#\/schema\/person\/image\/\",\"url\":\"http:\/\/0.gravatar.com\/avatar\/6356f96884d5a313d758128b3d9aaef7?s=96&d=mm&r=g\",\"contentUrl\":\"http:\/\/0.gravatar.com\/avatar\/6356f96884d5a313d758128b3d9aaef7?s=96&d=mm&r=g\",\"caption\":\"Ben Argeband\"},\"url\":\"http:\/\/heartbeat.ai\/resources\/author\/ben-argeband\/\"}]}<\/script>\r\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Data sources for provider contact data: provenance, limits, and how to test","description":"See which sources support provider identity (NPPES\/CMS NPI, state boards, FSMB) vs. contact channels, plus limitations, procurement artifacts, and a copy\/paste pilot template.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/","og_locale":"en_US","og_type":"article","og_title":"Data sources for provider contact data: provenance, limits, and how to test","og_description":"See which sources support provider identity (NPPES\/CMS NPI, state boards, FSMB) vs. contact channels, plus limitations, procurement artifacts, and a copy\/paste pilot template.","og_url":"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/","og_site_name":"Heartbeat.ai","article_published_time":"2026-02-01T18:25:53+00:00","article_modified_time":"2026-02-27T19:31:16+00:00","og_image":[{"width":1024,"height":1024,"url":"https:\/\/hc.heartbeat.ai\/wp-content\/uploads\/2026\/02\/data-sources-we-use-48f27894.png","type":"image\/png"}],"author":"Ben Argeband","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Ben Argeband","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#article","isPartOf":{"@id":"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/"},"author":{"name":"Ben Argeband","@id":"http:\/\/heartbeat.ai\/resources\/#\/schema\/person\/7b323ddce9b211907423482e2f9db173"},"headline":"Data sources for provider contact data (provenance, limits, and how to test)","datePublished":"2026-02-01T18:25:53+00:00","dateModified":"2026-02-27T19:31:16+00:00","mainEntityOfPage":{"@id":"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/"},"wordCount":2475,"commentCount":0,"publisher":{"@id":"http:\/\/heartbeat.ai\/resources\/#organization"},"image":{"@id":"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#primaryimage"},"thumbnailUrl":"https:\/\/hc.heartbeat.ai\/wp-content\/uploads\/2026\/02\/data-sources-we-use-48f27894.png","articleSection":["News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#respond"]}]},{"@type":"WebPage","@id":"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/","url":"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/","name":"Data sources for provider contact data: provenance, limits, and how to test","isPartOf":{"@id":"http:\/\/heartbeat.ai\/resources\/#website"},"primaryImageOfPage":{"@id":"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#primaryimage"},"image":{"@id":"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#primaryimage"},"thumbnailUrl":"https:\/\/hc.heartbeat.ai\/wp-content\/uploads\/2026\/02\/data-sources-we-use-48f27894.png","datePublished":"2026-02-01T18:25:53+00:00","dateModified":"2026-02-27T19:31:16+00:00","description":"See which sources support provider identity (NPPES\/CMS NPI, state boards, FSMB) vs. contact channels, plus limitations, procurement artifacts, and a copy\/paste pilot template.","breadcrumb":{"@id":"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#primaryimage","url":"https:\/\/hc.heartbeat.ai\/wp-content\/uploads\/2026\/02\/data-sources-we-use-48f27894.png","contentUrl":"https:\/\/hc.heartbeat.ai\/wp-content\/uploads\/2026\/02\/data-sources-we-use-48f27894.png","width":1024,"height":1024},{"@type":"BreadcrumbList","@id":"http:\/\/heartbeat.ai\/resources\/trust-methodology\/data-sources-we-use\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/heartbeat.ai\/healthcare\/"},{"@type":"ListItem","position":2,"name":"Data sources for provider contact data (provenance, limits, and how to test)"}]},{"@type":"WebSite","@id":"http:\/\/heartbeat.ai\/resources\/#website","url":"http:\/\/heartbeat.ai\/resources\/","name":"Heartbeat.ai","description":"","publisher":{"@id":"http:\/\/heartbeat.ai\/resources\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/heartbeat.ai\/resources\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"http:\/\/heartbeat.ai\/resources\/#organization","name":"Heartbeat.ai","url":"http:\/\/heartbeat.ai\/resources\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"http:\/\/heartbeat.ai\/resources\/#\/schema\/logo\/image\/","url":"https:\/\/hc.heartbeat.ai\/wp-content\/uploads\/2021\/04\/Heartbeat.ai-logo.png","contentUrl":"https:\/\/hc.heartbeat.ai\/wp-content\/uploads\/2021\/04\/Heartbeat.ai-logo.png","width":704,"height":126,"caption":"Heartbeat.ai"},"image":{"@id":"http:\/\/heartbeat.ai\/resources\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"http:\/\/heartbeat.ai\/resources\/#\/schema\/person\/7b323ddce9b211907423482e2f9db173","name":"Ben Argeband","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"http:\/\/heartbeat.ai\/resources\/#\/schema\/person\/image\/","url":"http:\/\/0.gravatar.com\/avatar\/6356f96884d5a313d758128b3d9aaef7?s=96&d=mm&r=g","contentUrl":"http:\/\/0.gravatar.com\/avatar\/6356f96884d5a313d758128b3d9aaef7?s=96&d=mm&r=g","caption":"Ben Argeband"},"url":"http:\/\/heartbeat.ai\/resources\/author\/ben-argeband\/"}]}},"_links":{"self":[{"href":"http:\/\/heartbeat.ai\/resources\/wp-json\/wp\/v2\/posts\/54162"}],"collection":[{"href":"http:\/\/heartbeat.ai\/resources\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/heartbeat.ai\/resources\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/heartbeat.ai\/resources\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"http:\/\/heartbeat.ai\/resources\/wp-json\/wp\/v2\/comments?post=54162"}],"version-history":[{"count":3,"href":"http:\/\/heartbeat.ai\/resources\/wp-json\/wp\/v2\/posts\/54162\/revisions"}],"predecessor-version":[{"id":54458,"href":"http:\/\/heartbeat.ai\/resources\/wp-json\/wp\/v2\/posts\/54162\/revisions\/54458"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/heartbeat.ai\/resources\/wp-json\/wp\/v2\/media\/54161"}],"wp:attachment":[{"href":"http:\/\/heartbeat.ai\/resources\/wp-json\/wp\/v2\/media?parent=54162"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/heartbeat.ai\/resources\/wp-json\/wp\/v2\/categories?post=54162"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/heartbeat.ai\/resources\/wp-json\/wp\/v2\/tags?post=54162"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}