These articles will help providers to register for future access to the Centers for Medicare & Medicaid Services (CMS) online computer services. This article contains:

• Ten questions and answers to get you started; and
• Overview of the registration process for IACS-PC defined provider organization users.

Provider Types Affected
Physicians, providers, and suppliers who submit fee-for-service claims to Medicare contractors (carriers, fiscal intermediaries (FI), Regional Home Health Intermediaries (RHHI), and Medicare Administrative Contractors (A/B MAC))

Special Note: Durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS) suppliers should not register for IACS -PC at this time. DMEPOS suppliers may want to review question # 10 below.

What Providers Need to Know
In the near future, the Centers for Medicare & Medicaid Services (CMS) will be announcing new online enterprise applications that will allow Medicare fee-for-service providers to access, update, and submit information over the Internet. Details of these provider applications will be announced as they become available.

Provider Action Needed
Even though these new internet applications are not yet available, CMS recommends that providers take the time now to set up their online account so they can access these applications as soon as they are available. The first step is for the provider or appropriate staff to register for access through a new CMS security system known as the Individuals Authorized Access to CMS Computer Services - Provider Community (IACS-PC). See the following section for key questions and answers about the registration process.

Ten Questions and Answers to Get You Started

1. What is IACS-PC?
IACS-PC is a security system CMS uses to control issuance of electronic identities and access to new CMS provider Web-based applications. Through IACS-PC, provider organizations, as defined by IACS-PC (See question # 7 below), and their staff, as well as individual practitioners, will be able to access new CMS applications. Provider organizations will also be able to manage users who they authorize to conduct transactions on their behalf, which may include staff and contractors.

Note: This release of IACS-PC will not impact access to FI/Carrier/MAC internet applications or the DME Competitive Bidding System (DBidS) application. New enterprise CMS systems will not offer the internet services FIs/Carriers/MACs are providing in the near future.

2. Who can use this system?
Medicare providers and their designated representatives (e.g., clearinghouses, credentialing departments) may request access to CMS enterprise applications. At this time, the soon-to-be-announced online applications under IACS-PC do not include services to DMEPOS suppliers. (See question # 10 below.)

3. Why register NOW?
Since the new applications have not been announced at the time of this notice, it may be hard to decide if you should register to use the system. However, because IACS-PC registration must precede use, we recommend that individual practitioners and provider organizations (with the exception of DMEPOS suppliers) register now. Even if the IACS-PC registration process goes well and all documentation is in order, it can still take several weeks to finalize registration. Since the system is new, registering now gives you a “cushion” so that if there are delays in processing your registration, you will have the registration process complete in time to request access to the various CMS provider related computer services as soon as they are available early next year.

4. If I register now, how long is my password valid?
Passwords expire in 60 days. After that point, when you log into IACS-PC, you will be prompted to create a new password to re-activate your account. Therefore, we recommend that once registered, you sign on periodically to IACS-PC to keep your current password active.

5. How do I register as an IACS-PC user?
IACS-PC uses a self-registration process. The self-registration process that you will follow will depend on the type of IACS-PC user you are. There are two categories of user types: individual practitioners and provider organizations. There are step-by-step registration instructions to help you through this process.

NOTE: The CMS Web site contains links to IACS user guides for other communities of users. Only use instruction links for the IACS-PC community as directed by CMS.

The External User Services (EUS) Help Desk will support this process for IACS-PC. It may be reached by email at EUSSupport@cgi.com or by phone on 1-866-484-8049 or TTY/TDD on 1-866-523-4759.

6. When would I register as an individual practitioner?
An individual practitioner is defined by IACS-PC as a physician or nonphysician practitioner. This is intended for practitioners who will be conducting transactions with online applications personally and have no staff who will be accessing the applications.

More details can be found in the Individual Practitioner Registration- Quick Reference Guide, which can be found on the CMS Web site at: http://www.cms.hhs.gov/MMAHelp/downloads/IACS_Individual_Practitioner_Registration_QRG_111607.pdf.

7. When would I register as an IACS-PC provider organization?
The term “organization,” as defined by IACS-PC, should not be confused with the term organization as it applies to provider enrollment or the NPI. For IACS-PC registration purposes, “organization” includes providers and suppliers such as hospitals, home health agencies, skilled nursing facilities, independent diagnostic testing facilities, ambulance companies, ambulatory surgical centers, and physician group practices.

It also includes individual physicians and nonphysician practitioners who want to delegate staff to conduct transactions on their behalf. In this case, for IACS-PC registration purposes, registration must be as an organization.

IACS-PC provider organizations require Security Officials (see question # 9 below) that establish the provider organization in IACS-PC. All users will then be grouped together within IACS-PC under the provider organization Security Official.

8. What should I have in hand before I register?
For an individual practitioner (who will be conducting transactions with online applications personally and have no additional staff that will be accessing the applications) they will need to know their:

• Social Security Number; and
• Correspondence Information.

  For an IACS-PC provider organization, the Security Official (SO) of that organization will be the first person to register within IACS and create their organization. The SO should have the following organizational information available before they sign on to register:

• Taxpayer Identification Number (TIN);
• Legal Business Name;
• Corporate Address; and
• Internal Revenue Service (IRS) Issued CP-575 hard copy form.

  9. How do I register my IACS-PC provider organization?
  IACS-PC is based on a delegated authority model. Each organization must designate an SO who will register the organization via IACS-PC and then be accountable for users in the organization. Using information supplied via the IACS-PC registration as well as a mailed-in copy of the organization’s CP-575 form, CMS will verify the SO’s role in the organization, the TIN and the Legal Business Name of the organization. This can take several weeks. Once approved, the SO then has the ability to approve other registrants under the provider organization. For more detail, please read the Overview section, which follows question #10.
  Once you understand IACS-PC user roles, and have designated an SO, the SO should register using the instructions in the Security Official Registration - Quick Reference Guide, which is available on the CMS Web site at:
  http://www.cms.hhs.gov/MMAHelp/downloads/IACS_Security_Official_Registration_QRG_111607.pdf.

  The next MLN article in this series of articles will provide instructions for additional users to register in IACS-PC.

  10. Why are you excluding DMEPOS suppliers from IACS-PC?
  DMEPOS suppliers (should not register in IACS-PC at this time because we do not expect any new online services will be available to them in 2008. DMEPOS suppliers interested in the second round of DMEPOS competitive bidding should follow CMS DMEPOS Competitive Bid instructions which will be released closer to the 2008 bid window.

OVERVIEW: Registering in IACS-PC as a Provider Organization or a Provider Organization User
For IACS-PC registration purposes, “organization” includes providers and suppliers such as hospitals, home health agencies, skilled nursing facilities, independent diagnostic testing facilities, ambulance companies, ambulatory surgical centers, and physician group practices. It also includes individual physicians and nonphysician practitioners who want to delegate employees to conduct transactions on their behalf.

I. The Registration Process
IACS-PC is based on a delegated authority model. Each user self-registers and is approved as shown below. The system is designed for flexibility to meet provider needs while assuring security of computer systems and privileged information. At this time, a provider organization must have at least two users, one of whom will be able to access IACS-PC applications.

The “delegated authority model” previously described is below. The EUS Help Desk will be responsible for approving the organization’s Security Official. Then the Security Official may approve the Backup Security Official(s) etc.

II. REGISTRATION ROLES

1. The first person to register must be the Security Official.
   The Security Official is the person who registers their organization in IACS-PC and updates the organization profile information in IACS-PC. There can be only one Security Official for an organization. The Security Official is trusted to approve the access request of Backup Security Official(s) and can approve the access requests of User Group Administrators and End Users. The Security Official will be approved by CMS through its EUS Help Desk. The Security Official is held accountable by CMS for the behavior of those they approve including the End Users for the organization.
   The Security Official Registration - Quick Reference Guide may be found on the CMS Web site at: http://www.cms.hhs.gov/MMAHelp/downloads/IACS_Security_Official_Registration_QRG_111607.pdf.

   Note: Additional employee and contractor users cannot be approved until the security official has been approved by the EUS Help Desk

2. An organization may choose to have one or more Backup Security Officials. (Optional)
   This is an optional role. You need not have a Backup Security Official. The Backup Security Official is approved by the Security Official. A Backup Security Official performs the same functions as a Security Official in an organization, with the exception of approving other Backup Security Officials. There can be one or more Backup Security Officials in an organization. The Backup Security Official can approve the access requests of User Group Administrators and End Users and may aid the Security Official with the administration of User Groups and User Group Administrators’ accounts.
3. The next registrant must be a User Group Administrator (UGA).
   The UGA is approved by the Security Official or Backup Security Official. The UGA is trusted to approve the access requests of End Users for that User Group.
   Organizations with 2-9 IACS-PC users must, at a minimum, have a Security Official and one or more UGAs. If there will be only one user in a group, that user must register as a UGA.
   A UGA registers the User Group within an organization in IACS-PC and updates the User Group profile information in IACS-PC. There can be multiple UGAs for the same User Group within an organization.
4. Organizations with 10 or more IACS-PC users must also have End Users.
   An End User is a staff member who is trusted to perform Medicare business and conduct transactions for the provider organization. An End User is part of a User Group within the provider organization. An End User may be an employee of provider/supplier/practitioner or a contractor working on the behalf of one of these entities. An End User may belong to multiple groups in one or more organizations. The End User is approved by the UGA.

   Note: End User requests cannot be approved until after the User Group Administrator has been approved.

III. SURROGATE USER GROUPS
This applies to provider organizations that want to delegate online work to individuals or a company outside of the provider organization. Under this scenario, those working on behalf of the provider organization register as a Surrogate User Group. Examples include clearinghouses, credentialing departments, independent contractors. A Surrogate User Group has a direct contractual business relationship with the Medicare provider/supplier, but not with CMS. A Surrogate User Group may be associated with multiple provider organizations.

1. The first contractor employee to register in a Surrogate User Group must be the UGA.
   If there will be only one user in a Surrogate Group, that user must register as a UGA. The UGA for the Surrogate User Group will register the Surrogate User Group and update the User Group profile information in IACS-PC. There can be multiple UGAs within the same Surrogate User Group. The UGA is trusted to approve the access requests of End Users for their user group.
   The UGA of the Surrogate User Group must be approved by the Security Official or Backup Security Official in the provider organization on whose behalf it performs work. Once approved, the UGA of a Surrogate Group may request to associate with other provider organizations for which it performs work without registering again.
2. A contractor employee may also register as an End User.
   An End User is approved to perform Medicare business for a surrogate or provider User Group by their UGA. An End User may belong to multiple groups in one or more organizations.

ADDITIONAL HELP
The EUS Help Desk will support this process for IACS-PC. It may be reached by email at EUSSupport@cgi.com or by phone on 1-866-484-8049 or TTY/TDD on 1-866-523-4759.

Disclaimer
This article was prepared as a service to the public and is not intended to grant rights or impose obligations. This article may contain references or links to statutes, regulations, or other policy materials. The information provided is only intended to be a general summary. It is not intended to take the place of either the written law or regulations. We encourage readers to review the specific statutes, regulations and other interpretive materials for a full and accurate statement of their contents. CPT only copyright 2006 American Medical Association.

News Flash – Medicare Remit Easy Print (MREP) – Still using Standard Paper Remittance Advices (SPR)? Did you know that with the new MREP software that is available to you (for free!), you can view and print as many or as few claims as needed? With the MREP software, you can navigate and view an Electronic Remittance Advice (ERA) using your personal computer. This is especially helpful when you need to print only one claim from the Remittance Advice (RA) when forwarding a claim to a secondary payer. CMS developed the MREP software to enable you to read and print the HIPAA-compliant ERA, also known as Transaction 835 or “the 835.” Contact your carrier, A/B MAC or DME MAC to find out more about MREP and/or for information on how to receive HIPAA compliant ERAs.

Posted: 11/27/2007