22 KiB
New Compliance Sectors — Detectable Signals + Contact Channels
Companion to the FCC RMD and FMCSA/trucking playbooks. The winning pattern is: a public government registry + a per-record recurring obligation + an automated deficiency check + outreach to the operator. This doc covers the three best next sectors and, critically, how to reach the license holders besides postal mail.
Honesty note on email: unlike FCC RMD (
contact_email) and FMCSA (carrier email), these three registries are address/phone-rich but email-poor. The deficiency engine still works; the channel is the hard part. Section 4 solves that.
1. NPPES / Healthcare Providers (NPI)
Source: CMS NPPES monthly full-replacement dissemination file (free bulk CSV,
~10M rows). Verified live against npidata_pfile_20050523-20260510.csv
(download.cms.gov/nppes/). Cross-joinable with OIG LEIE (exclusions) and the
CMS revalidation list, both free.
Email in file: ❌ VERIFIED — no email field exists (file has 104 columns; none is email). Contact info available: mailing + practice TELEPHONE (cols 27, 35), mailing + practice FAX (cols 28, 36), full mailing + practice addresses, and Authorized Official telephone (col 47). So channel = fax, phone, mail, or email-append. Not email-native.
Verified columns we care about (104-col file)
| Col # | Field (exact) |
|---|---|
| 1, 2 | NPI, Entity Type Code (1=individual, 2=org) |
| 5–11 | Org legal name / provider name + credential |
| 21–28 | Mailing address, mailing telephone (27), mailing fax (28) |
| 29–36 | Practice location address, practice telephone (35), practice fax (36) |
| 37 | Provider Enumeration Date |
| 38 | Last Update Date |
| 39, 40, 41 | NPI Deactivation Reason Code, Deactivation Date, Reactivation Date |
| 43–47 | Authorized Official name/title + telephone (47) |
| 48–103 | Up to 15× {Taxonomy Code, License Number, License State Code, Primary Taxonomy Switch} |
Note: the public file does NOT contain a "Is Sole Proprietor" or EIN-validated field in a usable way (EIN col 4 is usually masked). Earlier guess corrected.
Detectable from the file (verified)
| Signal | Field(s) | Obligation | Service |
|---|---|---|---|
Stale Last Update Date (>1–2 yrs) |
col 38 | NPPES update within 30 days of any change | NPPES refresh/attestation |
| Deactivated NPI | cols 39–41 | Deactivated NPI can't bill | NPI reactivation |
| Old enumeration + never updated | col 37 vs 38 | Likely overdue Medicare revalidation (5-yr) | PECOS revalidation |
| Taxonomy w/ license but no license-state | taxonomy/license/state sets | License/specialty inconsistency | License/taxonomy reconcile |
| No primary taxonomy flagged (switch all N) | Primary Taxonomy Switch_n | Billing/credentialing errors | Taxonomy cleanup |
| Org (Type 2) missing Authorized Official | cols 2, 43–47 | Incomplete org NPI | Org NPI correction |
Inferable only (not in file): exact revalidation due date (PECOS), HIPAA posture, active billing, sanctions (use OIG LEIE join), email.
Best cross-join hook: NPPES ⨝ OIG LEIE ⨝ CMS revalidation list.
2. FMC Ocean Transportation Intermediaries (OTI: NVOCC + freight forwarders)
Source: FMC OTI lookup (per-record web lookup; a few thousand licensees). Closest analog to FCC RMD in size and clock.
Email in record: Inconsistent — sometimes present, often not. Partial coverage.
Detectable from the record
| Signal | Field(s) | Obligation | Service |
|---|---|---|---|
| License issue ≥ ~3 yrs ago | issue/license date | Triennial renewal (every 3 yrs) | OTI renewal filing |
| Bond below current minimum | financial responsibility | $75k NVOCC / $50k forwarder bond | Bond placement/review |
| Missing proof of bond | financial responsibility status | Required to operate | Bond compliance |
| QI stale/absent | qualifying individual | OTI must have a qualified QI | QI / Form FMC-18 update |
| NVOCC w/o tariff indicator | cross-ref tariff systems | NVOCCs must publish tariffs / SARs | Tariff publication setup |
| Status inactive/revoked/surrendered | license status | Operating lapsed = penalties | Reinstatement |
Inferable only: exact renewal due date, whether tariff actually published (separate tariff registry), email when absent.
3. EPA RCRA Hazardous Waste Handlers (via ECHO / RCRAInfo / FRS)
Source: ECHO bulk files (echo.epa.gov/files/echodownloads/) — verified live.
Two relevant downloads:
ECHO_EXPORTER(137 cols) — one row per facility across all programs, holds the compliance signals. Column dict:echo_exporter_columns_*.xlsx.rcra_downloads.zip— 6 RCRA-specific CSVs:RCRA_FACILITIES.csv(15 cols),RCRA_VIOLATIONS.csv,RCRA_EVALUATIONS.csv,RCRA_ENFORCEMENTS.csv,RCRA_NAICS.csv,RCRA_VIOSNC_HISTORY.csv.
Email in file: ❌ VERIFIED — no email anywhere in ECHO bulk.
RCRA_FACILITIES.csv has only: ID_NUMBER, FACILITY_NAME, ACTIVITY_LOCATION, FULL_ENFORCEMENT, HREPORT_UNIVERSE_RECORD, STREET_ADDRESS, CITY_NAME, STATE_CODE, ZIP_CODE, LATITUDE83, LONGITUDE83, FED_WASTE_GENERATOR, TRANSPORTER, ACTIVE_SITE, OPERATING_TSDF. No contact name, no phone, no email in ECHO RCRA. Owner/
operator contact NAME + PHONE (still no email) exists only in the deeper RCRAInfo
handler download (rcrapublic.epa.gov), where a PHONE field is present.
So channel = phone (from RCRAInfo) + mail + email-append. Not email-native.
Verified ECHO_EXPORTER RCRA signal columns
RCRA_FLAG, RCRA_IDS, RCRA_PERMIT_TYPES, RCRA_NAICS,
RCRA_INSPECTION_COUNT, RCRA_DAYS_LAST_EVALUATION, RCRA_INFORMAL_COUNT,
RCRA_FORMAL_ACTION_COUNT, RCRA_DATE_LAST_FORMAL_ACTION, RCRA_PENALTIES,
RCRA_LAST_PENALTY_DATE, RCRA_LAST_PENALTY_AMT, RCRA_QTRS_WITH_NC,
RCRA_COMPLIANCE_STATUS, RCRA_SNC_FLAG, RCRA_3YR_COMPL_QTRS_HISTORY. Plus
facility-level: FAC_DATE_LAST_INSPECTION, FAC_SNC_FLG, FAC_COMPLIANCE_STATUS.
Detectable from the data (verified)
| Signal | Field(s) | Obligation | Service |
|---|---|---|---|
| Generator status (LQG/SQG/VSQG) | FED_WASTE_GENERATOR (1/2/3/N), RCRA_PERMIT_TYPES |
Biennial report + manifest + training | Generator program |
| Open/current violation | RCRA_COMPLIANCE_STATUS, RCRA_QTRS_WITH_NC |
Return-to-compliance | Violation remediation |
| SNC flag | RCRA_SNC_FLAG, FAC_SNC_FLG |
High enforcement priority | Audit prep + corrective |
| Old/never evaluated + LQG | RCRA_DAYS_LAST_EVALUATION, FAC_DATE_LAST_INSPECTION |
Overdue inspection risk | Self-audit |
| Recent penalty / formal action | RCRA_PENALTIES, RCRA_DATE_LAST_FORMAL_ACTION |
Active enforcement | Remediation/defense |
| TSDF without active permit | OPERATING_TSDF, RCRA_PERMIT_TYPES |
TSDF permit renewal | Permit renewal |
| NAICS implies waste, no RCRA ID | RCRA_NAICS / FRS NAICS w/o RCRA_FLAG |
Should be registered as generator | Generator registration |
| Cross-program: RCRA + TRI reporter | RCRA_FLAG + TRI_FLAG |
EPCRA/Tier II overlap | Tier II / SPCC filing |
Inferable only (not in file): biennial-report-not-filed status (need RCRAInfo BR module, not in ECHO bulk), SPCC plan existence, actual chemical inventory, contact email. (Earlier "biennial flag" claim corrected — ECHO bulk does not expose a clean biennial-filed flag.)
Cross-join opportunity: ECHO_EXPORTER RCRA_FLAG + TRI_FLAG + FAC_NAICS_CODES
to find facilities that should be reporting but aren't.
4. How to Contact License Holders (Besides Postal Mail)
The registries above give us name + entity + address + phone (+ sometimes fax). Ranked options to reach them on cheaper/faster channels:
A. Email append (turn address/phone into email)
- B2B email-append vendors (e.g. data providers that match company name + address → business email): bulk match files, pay per match. Best for NPPES org records and EPA facilities (real businesses).
- Domain inference + verification: derive likely domain from business name /
website, generate
info@,first.last@, etc., then run an email-verification API (SMTP/MX validation) to keep only deliverable addresses. Cheap, scalable, works well where the entity has a website. - Website-scrape enrichment: for each entity, find the website (search by
name+city), scrape contact/
mailto:and/contactpages for published business email. High accuracy when a site exists. - People/B2B data APIs keyed on the Authorized Official / Qualifying Individual / facility contact name we already have from the registry.
B. Phone (we already have it in all three)
- Cold call the listed phone — these registries reliably include phone.
- Ringless voicemail / voicemail drop to the listed number.
- SMS to numbers that resolve to mobile (carrier-lookup the phone first; honor TCPA/DNC — we already run DNC compliance services, so scrub against the NDNC and keep consent records). This is the channel we must be most careful on.
C. Fax (underrated for NPPES + EPA)
- NPPES and many EPA records include fax. Compliance/medical/industrial audiences still read fax. Cheap blast, low competition, novelty cut-through.
D. Web / digital, no contact info needed
- Free public lookup tool (like
/tools/dot-compliance-check): e.g./tools/npi-compliance-check,/tools/oti-renewal-check,/tools/rcra-compliance-check. Drives inbound; the provider searches their own NPI/license/EPA ID and self-identifies. Pair with SEO + paid search on "NPI revalidation", "FMC license renewal", "RCRA biennial report". - Retargeting / lookalike audiences: upload the matched-email or hashed contact list to ad platforms for display/social retargeting even without reaching the inbox.
- LinkedIn / Sales Navigator outreach keyed on the Authorized Official / QI name (especially good for FMC OTIs and EPA facility EHS managers).
E. Channel-fit by sector
| Sector | Phone | Fax | Email-append quality | Web/SEO inbound |
|---|---|---|---|---|
| NPPES (NPI) | ✅ strong | ✅ good | Medium (org > individual) | ✅ "NPI revalidation" |
| FMC OTI | ✅ strong | ⚠️ some | Medium-high (have websites) | ✅ "FMC license renewal" |
| EPA RCRA | ✅ strong | ⚠️ some | High (real businesses + EHS contact) | ✅ "RCRA biennial report" |
Compliance guardrails for these channels
- TCPA/DNC: scrub all phone/SMS against DNC, prefer manual-dial or established business relationship, keep consent/records. (We already sell DNC compliance — practice what we preach.)
- CAN-SPAM: appended emails must carry unsubscribe + physical address (our Listmonk templates already do).
- State telemarketing & fax (TCPA/JFPA): fax blasting has its own rules; treat as opt-out-respecting and B2B-only.
Recommendation / Sequencing
- FMC OTI first — cleanest RMD analog (small set, 3-yr clock, bond math), some email already present, businesses with websites = easy email-append.
- EPA RCRA — best deficiency richness + highest fine fear = best conversion; reach via email-append + phone + free lookup tool.
- NPPES — biggest volume, but email-poor and individual-heavy; lead with a free NPI revalidation lookup tool + fax + org-targeted email-append.
If email-native outreach (like FCC RMD) is the hard requirement, the better targets are state license boards (contractors/CSLB, insurance producers, NMLS, cannabis/ABC) that publish licensee email directly. Worth a separate survey.
5. Postcard Print-and-Mail Vendor Pricing (Lob vs PostGrid vs Click2Mail)
For our use case (targeted list of named license holders with mailing addresses, personalized + QR to the free compliance-check tool, API-driven like Listmonk), a print-and-mail API is the right tool — no USPS permit, no presort, no BMEU drop-off. Per-piece is all-in (printing + postage + address verification).
Rates verified from live pricing pages on the session date. Confirm before committing volume; these vendors change rates and gate some behind sales.
Lob — VERIFIED from lob.com/pricing/print-mail
4x6 postcard, "starting at" per-piece by plan tier (volume + automation lower it):
| Plan | Monthly fee | 4x6 postcard from | Notes |
|---|---|---|---|
| Developer (free) | $0 | $0.872 / postcard | up to 5 templates, low limits, good for testing |
| Growth | $260/mo | $0.612 / postcard | 10 HTML templates, address verif. included tiers |
| Enterprise | $550/mo | $0.582 / postcard | 25 templates, custom volume, lowest per-piece |
- Letters from ~$0.806 / check ~$1.159 (for reference).
- Address verification (US) ~$0.05/lookup pay-go, cheaper bundled.
- Strong API + webhooks (in-transit tracking), best docs of the three.
- Best fit if we want to wire postcards into the existing pipeline cleanly.
PostGrid — quote/login gated (not publicly itemized)
- Pricing page does not publish per-piece; requires signup/sales for the rate card. Historically positioned slightly under Lob per-piece (~$0.50–$0.80 range for 4x6 depending on volume) with pay-as-you-go + no mandatory monthly minimum on the entry tier.
- US + Canada print/mail, address verification (CASS/NCOA, SERP for Canada), good API. Often pitched as the cheaper Lob alternative.
- Action: get an actual quote keyed to our expected monthly volume before choosing — the public "slightly cheaper" claim is unverified here.
Click2Mail — login/quote gated, but the cheapest at low volume historically
- Public pages (postcards / cost-calculator) gate exact rates behind an account; rates depend on size (4x6, 4x9, 5x8, 6x9, 6x11), class (First-Class vs Standard/Marketing Mail), and quantity.
- Historically the lowest all-in for small/medium runs (often well under $0.50/4x6 First-Class at modest volume) because it's a self-serve mail house, not a developer-API-first platform. Has an API but less polished than Lob.
- Action: run their cost calculator logged in for a real number on a sample 4x6 First-Class run of ~1,000 and ~5,000 pieces.
Practical comparison
| Lob | PostGrid | Click2Mail | |
|---|---|---|---|
| Per-piece 4x6 (4x6) | $0.58–$0.87 (verified) | ~$0.50–$0.80 (quote) | typically lowest at low vol (quote) |
| Monthly fee | $0 / $260 / $550 | none on entry (quote) | none (self-serve) |
| API quality | Best | Good | Basic |
| Address verif (CASS/NCOA) | Yes | Yes | Yes |
| Best for | API-wired campaigns at scale | cheaper Lob-style API | cheapest small/medium runs |
Recommendation
- Start on Click2Mail (or Lob Developer free tier) for the first test batch to validate conversion at the lowest fixed cost — no $260/$550 monthly commitment.
- Move to Lob Growth/Enterprise (or a PostGrid quote) once volume justifies the per-piece drop (~the monthly fee pays for itself only at several thousand pieces/month). Lob's API is the cleanest to wire into our existing pipeline.
- Always personalize with the detected deficiency + a QR code / short URL to the relevant free lookup tool — that QR is our tracking + conversion bridge, the same role the email CTA plays today.
6. NPI Compliance Programs, "Expired" Signals & Suggested Rates
What we actually know is expired/dead (honest breakdown)
NPPES alone has no license/cert/revalidation expiry date. The only hard "dead" status in the file is NPI deactivation. Real dateable "expired" signals come from FREE companion databases joined to NPPES by NPI or name.
| Source | What it proves is expired/wrong | Hook |
|---|---|---|
| NPPES (deactivation cols 39-41) | NPI deactivated — cannot bill | NPI reactivation (HARD) |
| NPPES (Last Update col 38) | Record stale (not "expired", a nudge) | NPPES update |
| CMS PECOS Revalidation list | Medicare revalidation due/overdue date (5-yr) — the real dateable hook | Revalidation filing (flagship) |
| OIG LEIE | Provider EXCLUDED from federal programs | Exclusion remediation (urgent) |
| SAM.gov exclusions | Debarred / additional exclusions | Screening + remediation |
| State medical board lookups | License itself expired (not in NPPES) | License renewal |
Flagship analog to FCC RMD recertification = CMS Medicare revalidation due date, joined to NPPES by NPI. That is the genuine "your X expired" signal.
Programs to sell (ranked by trigger defensibility)
- Medicare PECOS revalidation filing (flagship)
- NPI reactivation (hard NPPES signal)
- NPPES data update / attestation
- State license renewal monitoring / filing
- OIG/SAM exclusion screening + remediation
- CAQH profile attestation (re-attest ~every 120 days)
- HIPAA compliance package (universal, not detectable)
- Credentialing / re-credentialing with payers
- Taxonomy / enrollment cleanup
Suggested rates
| Service | Price | Cadence | Notes |
|---|---|---|---|
| NPPES data update / attestation | $149 | one-time | low-friction entry product |
| NPI reactivation | $249 | one-time | hard trigger |
| Medicare PECOS revalidation filing | $399 | every 5 yrs | flagship, high stakes |
| State license renewal (per license) | $149/license | annual/biennial | recurring |
| OIG/SAM exclusion screening | $99/yr ($19/mo) | recurring | sticky subscription |
| CAQH attestation/maintenance | $249/yr | recurring | high-churn pain |
| HIPAA compliance package | $799–$1,499 | one-time + annual | biggest ticket |
| Credentialing (per payer) | $199/payer | as needed | volume add-on |
| Provider Compliance Bundle | $599–$899/yr | annual subscription | revalidation watch + exclusion screening + NPPES upkeep |
Pricing logic: solo/small providers are price-sensitive, but fear of losing Medicare billing privileges (revalidation, exclusion) supports premium pricing on those two. Data-update products stay cheap as door-openers. The annual bundle is the goal — mirrors the trucking compliance-bundle model for recurring revenue.
Recommendation
Lead with Medicare revalidation (real dateable expiry from the free CMS list, like FCC RMD recert), use NPI-deactivated + stale-NPPES as secondary triggers, package into a $599-899/yr Provider Compliance Bundle.
7. Companion Databases — VERIFIED (downloaded & inspected)
All free, all joinable to NPPES by NPI. Counts below are from the live files pulled on the session date. This is the data that turns "stale record" into a real, dateable "your X expired" hook.
7.1 CMS Revalidation Due Date List (the flagship)
revalidation_base.csv — ~2.9M rows, 2.42M distinct NPIs.
Columns: Enrollment ID, National Provider Identifier (NPI), First/Last Name,
Organization Name, Enrollment State Code, Enrollment Type, Provider Type Text,
Enrollment Specialty, Revalidation Due Date, Adjusted Due Date,
Individual Total Reassign To, Receiving Benefits Reassignment.
Verified population:
- 261,878 enrollments have a concrete due date set (rest are "TBD" = CMS hasn't scheduled them yet).
- 217,968 are PAST DUE (overdue revalidation) — these are the hottest leads.
- 43,910 are upcoming (future-dated) — perfect for "due soon" pre-emptive offers.
This is the direct analog to the FCC RMD recertification date. Sell Medicare PECOS revalidation filing ($399) to the 217,968 overdue + watch service to the upcoming ones. Join to NPPES to get their address/phone for outreach.
7.2 OIG LEIE (Exclusions)
UPDATED.csv — 83,256 excluded providers/entities.
Columns: LASTNAME, FIRSTNAME, MIDNAME, BUSNAME, GENERAL, SPECIALTY, UPIN, NPI,
DOB, ADDRESS, CITY, STATE, ZIP, EXCLTYPE, EXCLDATE, REINDATE, WAIVERDATE, WVRSTATE.
Verified: only 8,608 have a valid joinable NPI (most exclusions predate
NPI or are entities w/ 0000000000). Use this two ways:
- As a screening product sold to OTHER providers ($99/yr) — "we check you and your staff against LEIE monthly."
- As a remediation hook to the 8,608 excluded-with-NPI (reinstatement help), though excluded providers are a harder, riskier audience.
7.3 Medicare Opt-Out Affidavits
OptOut_*.csv — 56,300 opt-out affidavits.
Columns: First/Last Name, npi, Specialty, Optout Effective Date,
Optout End Date, address, City, State, Zip, Eligible to Order and Refer,
Last updated.
Verified: 22,379 have an opt-out period ending within 12 months. Opt-out auto-renews every 2 years unless cancelled — a real dateable event. Sell opt-out renewal / re-enrollment decision support.
7.4 Order & Referring File
OrderReferring_*.csv — ~2.0M rows.
Columns: NPI, LAST_NAME, FIRST_NAME, PARTB, DME, HHA, PMD, HOSPICE (Y/N flags).
Tells us which providers are eligible to order/refer for each program. Use to
qualify leads (a provider missing eligibility they should have = enrollment
gap = service opportunity).
7.5 PPEF Public Provider Enrollment
PPEF_Enrollment_Extract_*.csv — ~2.98M rows.
Columns: NPI, MULTIPLE_NPI_FLAG, PECOS_ASCT_CNTL_ID, ENRLMT_ID,
PROVIDER_TYPE_CD/DESC, STATE_CD, names, ORG_NAME. This is the authoritative
"who is actively enrolled in Medicare" list. Join against NPPES to find:
- NPPES providers NOT in PPEF = not Medicare-enrolled (enrollment opportunity).
- Cross-check enrollment state vs NPPES practice state (mismatch = cleanup).
Join architecture
NPPES (10M providers, addr/phone/fax) <- outreach contact + base universe
⨝ NPI ⨝
Revalidation Due (217,968 overdue) <- flagship "expired" hook + $399
⨝ NPI ⨝
LEIE (8,608 excluded w/ NPI) <- screening product + urgent flag
⨝ NPI ⨝
Opt-Out (22,379 ending <12mo) <- renewal hook
⨝ NPI ⨝
PPEF / Order-Referring <- enrollment gaps / lead qualification
Headline takeaway
The single best, defensible, dateable hook is 217,968 providers with OVERDUE Medicare revalidation, each enrichable with NPPES address/phone/fax for outreach. That is a larger and harder-deadline audience than the FCC RMD list, and the $399 revalidation filing is a clean flagship product.