Steps that Must Be Taken Before A Provider or Supplier Organization Can Use Internet- based PECOS
Before any enrollment action can be taken by an individual using Internet-based PECOS on behalf of a provider or supplier organization, a number of processes must be completed. These processes will register and authenticate the Authorized Official (AO) of the provider or supplier organization and the individual(s) who will be using Internet-based PECOS on behalf of the provider or supplier organization. In addition, these processes will establish the relationship between the provider or supplier organization and the organization whose employee(s) will use Internet-based PECOS on behalf of the provider or supplier organization. Note: These processes begin with the AO of the provider or supplier organization, and they may take several weeks to be completed.
Authorized Official of the Provider or Supplier Organization:
1. The AO of the provider or supplier organization will go to Internet-based PECOS at https://pecos.cms.hhs.gov to register in the PECOS Identification and Authentication system (PECOS I&A). The AO must meet the regulatory definition found at 42 CFR § 424.502. (CMS assumes the AO will not personally submit enrollment applications, but will delegate this work to another individual who is employed by the provider or supplier organization or who is employed by a different organization.)
a. The AO will create a PECOS User ID and password as part of this registration
process. Note: User IDs and passwords are secure data and should not be
shared.
b. The AO will provide the requested information to CMS.
c. The CMS External User Services (EUS) Help Desk will verify the information
furnished by the AO.
2. If the AO is authenticated by the CMS EUS Help Desk, he or she will receive an e-mail notification to that effect from the CMS EUS Help Desk.
3. For security reasons, the AO should change his or her PECOS password periodically—at least once a year.
Note: The AO is also involved in approving the individual (or individuals) who will use Internet-based PECOS on behalf of the provider or supplier organization. Therefore, after the AO has been authenticated by the CMS EUS Help Desk, the AO should periodically check his or her e-mail to take the requested actions in PECOS I&A.
Individual Who Will Use Internet-based PECOS on Behalf of a Provider or Supplier Organization:
1. An individual who will use Internet-based PECOS on behalf of a provider or supplier organization will go to Internet-based PECOS at https://pecos.cms.hhs.gov to register in the PECOS Identification and Authentication system (PECOS I&A).
a. The individual will create a PECOS User ID and password as part of this
registration process. Note: User IDs and passwords are secure data and should
not be shared.
b. The individual will provide the requested information to CMS. This will include information about his or her employer and about the provider or supplier organization on whose behalf he or she would be submitting enrollment
applications. (If the individual is employed by the provider or supplier
organization, then the information entered for the employer would be the same as that entered for the provider or supplier organization.)
c. The individual will receive a system-generated e-mail indicating approval or
disapproval of his or her request.
d. Once the individual’s request for access is approved, he or she is considered a
PECOS “user.”
2. As a PECOS user, he or she will log on to Internet-based PECOS to submit an enrollment application on behalf of the provider or supplier organization.
3. If the Security Consent Form has not already been generated and approved, the user will download the Security Consent Form. He or she will ensure the form is completed and will obtain the signature, and the date signed, of the AO of the provider or supplier organization and of the representative of the individual’s employer (referred to as the “Employer Organization” in the Security Consent Form and who, by virtue of its representative signing and dating the Security Consent Form, is requesting approval to submit enrollment applications on behalf of the provider or supplier organization). (If the
individual is employed by the provider or supplier organization, then the information entered for the employer organization would be the same as that entered for the provider or supplier organization, and the AO would sign and date the form in two places.) The individual will mail the completed, signed, and dated Security Consent Form to the CMS EUS Help Desk.
4. If the Security Consent Form is approved by the CMS EUS Help Desk, the AO of the provider or supplier organization will receive an e-mail notification to that effect from the CMS EUS Help Desk. Note: The Security Consent Form cannot be approved if the AO of the provider or supplier organization is not already verified by PECOS I&A.
5. For security reasons, the user should change his or her PECOS password periodically—at least once a year.
Note: The Security Consent Form is completed only one time to establish the relationship between the provider or supplier organization and the employer organization whose employee(s) would submit enrollment applications on behalf of the provider or supplier organization. More than one individual may request access to Internet-based PECOS for a given provider or supplier organization, but the Security Consent Form is generated and completed by the first (if more than one) approved user who logs on to Internet-based PECOS to submit an enrollment application for the given provider or supplier organization.
A Security Consent Form must be completed, signed and dated, and mailed to the CMS EUS Help Desk even if the employer organization is the provider or supplier organization.