param.sharing.scope.{http://www.ibm.com/xmlns/prod/datatype/content/resource-collections}
ibm.portal.sharing.scope.page
param.sharing.scope.{http://www.ibm.com/xmlns/prod/websphere/portal/publicparams}path-info
ibm.portal.sharing.scope.page
param.sharing.scope.{http://www.ibm.com/xmlns/prod/datatype/content}
ibm.portal.sharing.scope.page
CMS Enterprise Portal - Help
Skip to main content
  • Applications
  • Help
  • About
  • E-mail Alerts
Content Root > CMS Enterprise Portal > Help
{}
start portlet menu bar

Web Content Viewer

Display content menu Display portlet menu
end portlet menu bar

Frequently Asked Questions

General

What is the CMS Enterprise Portal?

The CMS Enterprise Portal is a convenient single point of entry to numerous CMS applications and systems.

What browsers are supported by the CMS Enterprise Portal?

The CMS Enterprise Portal supports the following browsers with JavaScript enabled:

  • Internet Explorer 11 (native browser mode)
  • Firefox
  • Chrome
  • Safari

User Manual

For step-by-step instructions on how to navigate the CMS Enterprise Portal, please refer to the Enterprise Portal User Manual

User Account

Note

If you have an existing 4 character user ID and you need to manage your account or you have been instructed to create a 4 character user ID account, please visit the CMS EUA Page, or call the CMS IT Service Desk at 1-800-562-1963.

I am new to CMS Enterprise Portal. How do I create my user account?

Once you are on the CMS Enterprise portal landing page, select the ‘New User Registration’ link. You are required to enter some personal information and choose a desired User ID/Password following the guidelines provided. For identify verification CMS uses Experian as the external authentication service provider.

How can I update my personal information?

You can update your personal information by selecting ‘My Profile’ from the dropdown menu at the top right hand corner of the CMS Portal home page. You will be directed to the ‘View My Profile’ page, where you can change your personal information by selecting the links on the right side of the page. You may be requested to answer challenge questions based on the changes you make.

Can I use the same User ID and password for different applications?

Yes, Enterprise Portal provides single sign-on functionality to access multiple applications. Once you have logged into the CMS Portal home page, you can request access to other applications.

What is Multi-Factor Authentication (MFA)?

MFA is a type of login (authentication) that, in addition to a User ID and password, requires another “factor” such as a security code. To comply with CMS policy, most users will need to establish a second login “factor” commensurate with the level of access requested. CMS uses Symantec’s Validation and Identity Protection (VIP) service to add a second layer of protection for your online identity. Symantec provides validation and identity protection through computer, phone, and E-mail.

For more information on MFA, please refer to the CMS EIDM User Guide on the CMS.gov page.

What is Annual Certification?

CMS security guidelines require that each year, the use of a role must be approved or the role will be removed from your profile. Annual Certification is the process of approving a user’s continued use of a role, and is valid for one year. Annual Certification is typically performed in the same manner as the original role approval process used by Business Owners, their representatives, authorizers, Help Desks, or other approvers. If the continued use of a role is not approved, then the role will be removed from your profile and an E-mail will be sent notifying you that the role has been removed.

Users have the option to notify their approvers of the continued need for their roles. This helps ensure that the annual certification of their role is completed in a timely manner.

For more information on Annual Certification, please refer to the “Completing Annual Certification” document in the Quick Reference Guide section of the CMS.gov page.

How do I get my account unlocked?

Please contact the tier 1 Help Desk for the application you are attempting to access via the Enterprise Portal.

How do I change my account password?

Please use the self-service link or contact the tier 1 Help Desk for the application you are attempting to access via the Enterprise Portal.

Alerts and Notifications

What is the Enterprise Portal session timeout?

If a user is logged into the Enterprise Portal and remains inactive for 28 consecutive minutes, a pop-up will be displayed allowing the user to continue the session or to log out. If neither option is selected by the user within 2 minutes, the session will automatically be terminated and the user will be challenged to login again. This applies to all Enterprise Portal windows the user has open at the time. Additional details regarding this functionality can be found by clicking the Session Timeout Documentation.

What are Enterprise Portal email alerts?

Enterprise Portal email alerts is a communication tool that allows portal users to subscribe to notification lists which deliver important and timely CMS information.

How do I sign up for Enterprise Portal email alerts?

Users can elect to receive Enterprise Portal email alerts by clicking the Get Email Updates link on the Enterprise Portal landing page.

How do I subscribe to specific Enterprise Portal email alert distribution lists?

Users can subscribe to various distribution lists by clicking the Manage Your Subscriptions link on the Enterprise Portal landing page and the Add Subscriptions link on the Subscriber Preferences page.
A federal government website managed by the U.S. Centers for Medicare & Medicaid Services. 7500 Security Boulevard, Baltimore, MD 21244

Top

ACO/SSP: Accountable Care Organization/ Shared Savings Program

The Medicare Shared Savings Program portlet offers Accountable Care Organizations access to program information, including ACO-specific reports and other programmatic information

ACO Help Desk Contact the ACO Information Center at 1 (888) 734-6433 (select option 2) if you have any questions about using the ACO Portlet features. TTY/TDD: 1 (888) 734-6563

APS: Advanced Provider Screening

Advanced Provider Screening (APS) Help Desk For issues with the APS application:

Contact the CITIC Help Desk at: (410) 786-2580
Send email to: CMS_IT_SERVICE_DESK@cms.hhs.gov

ASETT

ASETT is a Web-based application that allows individuals and organizations to file electronic HIPAA/ACA complaints for alleged violations of the HIPAA/ACA Transaction and Code Sets (TCS) and Unique Identifiers (UIs), and operating rules regulations and other regulations that the client determines.

ASETT Helpdesk

Email: asett@actionet.com
Phone: (703) 951-6810

Point of Contact: Karah Jarvis/Kylee Haddock
Hours of Operations: 9AM to 5PM.

BCRS: Benefits Coordination and Recovery System

BCRS: Benefits Coordination and Recovery System Help Desk For issues related to the BCRS Application, please contact the COB&R Help Desk

BIGAPPS (APPS): Automated Plan Payment System

Bundled Payments EFT: Bundled Payments for Care Improvement Data File Transfer

Bundled Payments Help Desk Team provides email support for technical and program related questions.

Email: BundledPayments@cms.hhs.gov

BRES: Business Rules Enterprise Services

Business Rules Enterprise Services. CMS BRES is a business rule management system that enables organizational policies – and the operational decisions associated with those policies – to be defined, deployed, monitored, and maintained separately from application code.

CBIC: DMEPOS Competitive Bidding Program Suppliers

Connexion is the Durable Medical Equipment, Prosthetics, Orthotics & Supplies (DMEPOS) Competitive Bidding Program gateway that provides you with a secure, fast and convenient way to access your competitive bidding information. In order to access Connexion, please visit https://www.dmecompetitivebid.com and click on the Connexion link.

Competitive Bidding Implementation Contractor (CBIC) customer service center

Phone: 1 (877) 577-5331

CERRS: CCIIO Enrollment Resolution and Reconciliation System

CERRS Help Desk Team provides phone and email support for technical and program related questions.

Phone: 1 (703) 554-2807

Email: help.desk@cognosante.com

CNC: Compromised Number Checklist

COB: Coordination of Benefits

COB Help Desk Team provides phone and email support for technical and program related questions.

Phone: 1 (800) 927-8069

Email: mapdhelp@cms.hhs.gov

Enterprise Cognos Reports

For issues with the Enterprise Cognos Reports:

Contact the CMS IT Service Desk at: (410) 786-2580 or (800) 562-1963

Send email to: CMS_IT_SERVICE_DESK@cms.hhs.gov

CPC: Comprehensive Primary Care

Comprehensive Primary Care (CPC) Help Desk Information Contact the CPC Help Desk at CPCiSupport@Telligen.org.

Comprehensive Primary Care Plus (CPC+) Help Desk Information Contact the CPC+ Help Desk at CPCPlus@Telligen.org.

DBidS: DMEPOS Bidding System

Durable Medical Equipment, Prosthetics, Orthotics & Supplies (DMEPOS) Bidding System - The DMEPOS Bidding System is for suppliers submitting a bid for selected products in a particular Competitive Bidding Area (CBA).

Help Desk name: Competitive Bidding Implementation Contractor (CBIC) customer service center


Help Desk phone number: 1 (877) 577-5331

Help Desk email address: cbic.admin@palmettogba.com

DDR: Drug Data Reporting for Medicaid

DDR Help Desk For technical assistance, please contact DDRHelpDesk@dcca.com 1-833-879-6075.

DESY: Data Extract System

The Data Extract System (DESY) is a user-friendly system that allows authorized users to enter requests for data from various CMS data repositories. A user can only request data within the guidelines of their Data Use Agreement (DUA).

Please email your questions and comments to the DESY support mailbox, desy_support@cms.hhs.gov.desy_support@cms.hhs.gov.

DEX: Data Exchange System

Contact the DEX Help Desk at DEXSupport@cms.hhs.gov

DSH: Disproportionate Share Hospital

The Disproportionate Share Hospital (DSH) allotment is the amount of money allocated to the states annually to cover the costs of hospitals that provide care to a significantly disproportionate number of low-income patients whose services are not paid by other payers such as Medicare, Medicaid, the Children's Health Insurance Program (CHIP) or other health insurance.

The DSH automated process is totally self-service. It allows DSH hospitals to submit data requests via an internet-facing application and be retrieved by the requestor the next business day.

Help Desk Name: DSH Data Request Support Team

E-mail Address: dshquestions@cms.hhs.gov

Hours of Operations: Monday thru Friday 8am to 5pm EST

ECRS: Electronic Correspondence Referral System Web

This application allows authorized users to fill out various online forms and electronically transmit requests for changes to existing Common Working File (CWF) Medicare Secondary Payer (MSP) information, and inquiries concerning possible MSP coverage.

Electronic Correspondence Referral System (ECRS) ECRSHELP
Phone: (646) 458-6740
Email: ECRSHELP@ehmedicare.com

ELMO: Eligibility & Enrollment Medicare Online

Eligibility and Enrollment Medicare Online (ELMO) is a common user interface system for Medicare Beneficiary Demographics, Entitlement/Eligibility, Health Status, Utilization, Low-In Subsidy (LIS), Direct Billing, Third Party Billing, Enrollment, and Premium Information. The intended users of this system are CMS Central Office Users, Regional office Users, Social Security Administrative Users, Railroad Board Users, and only authorized contractors that have a Data use agreement with CMS.

Contact the MAPD HD at MAPDHelp@cms.hhs.gov or 1 (800) 927-8069

Hours of Operation for the ELMO Application are 8:00am to 6:00pm ET.

EPPE: Enterprise Privacy Policy Engine

For issues with the EPPE application:

Contact the EPPE Help Desk at: 1 (844) 377-3382

Send email to: eppe@cms.hhs.gov

ESD: Evidence Documentation System

The ESD is a web based application that provides users the ability to search for people or applications, review evidence documentation in order to adjudicate inconsistencies and search for and create exemptions.

eRPT:Electronic Retroactive Processing Transmission

The Electronic Retroactive Processing Transmission (eRPT) is a web-based application designed to facilitate and manage the electronic submissions, workflow processing, and storage of documentation associated with retroactive enrollment change requests from Medicare Advantage Organizations (MAOs), Medicare Advantage Prescription Drug Plans (MA-PDs), Cost Plans, Program of All Inclusive Care for the Elderly (PACE), Medicare-Medicaid Plans (MMPs), and Prescription Drug Plans (PDPs).
Email: mapdhelp@cms.hhs.gov
Phone: 1 (800) 927-8069

FFSDCS: Fee-For-Service Data Collection System

For issues with the ASP/CLFS application:

Contact the FFSDCS Help Desk at: 1 (844) 876-0765
Send email to: asphelpdesk@dcca.com for ASP application or clfshelpdesk@dcca.com for CLFS application.

HIOS/FFE: Health Insurance Oversight System

FFE / HIOS : Please contact the Marketplace Service Desk (MSD) at CMS_FEPS@cms.hhs.gov or 1 (855) CMS-1515 1 (855) 267-1515.

FFM/Training-Agents/Brokers/Assisters

Agents/Brokers must request FFM/Training system access here, and then request the Agent/Broker role on the next page. Assisters must first request FFM/Training system access here, and then request the Assister role on the next page

GIS: Gentran Integration Suite

GIS Help Desk Team provides email support for technical and program related questions.

Email: gentran-support@cms.hhs.gov

HATS: Host Access Transformation Services

HATS Help Desk Contact your local help desk. Escalation to the appropriate external help desks will be handled by the local help desk.

HDT (Precviously HPG): HIPAA Eligibility Transaction System (HETS) Desktop

HIPAA Eligibility Transaction System (HETS) Desktop
Email: mcare@cms.hhs.gov

HUE: Hadoop User Experience

Hadoop User Experience Help Desk All service requests (SR) and incidents (INC) should to be submitted to Remedy directly at https://remedy.cms.gov, by emailing the service desk at CMS_IT_Service_Desk@cms.hhs.gov or by calling the service desk at 410-786-2580 / 800-562-1963. Please request that these tickets be assigned to the GDIT > LSDR > Hadoop team.

For questions, promotions, SRFs, TWS, Kerberos password resets, account and access issues, or other items that require immediate support, you can email the IDRH team directly at DL-HIT-LSDR-HADOOP@gdit.com.

IC: Innovation Center

    The Innovation Center (IC) Landing Page allows its users to:
  • Access multiple CMMI applications with a single-sign on
  • View application-specific reports
    Here is the help desk information for applications supported by the IC Landing Page:
  • ACO - by phone at 1-888-734-6433, Option 2 or by email APOSD@cms.hhs.gov
  • AHC - by phone at 1-844-711-2664, Option 4 or by email AHCModelDataSystem@cms.hhs.gov
  • BPCI Advanced - by email BPCIAdvanced@cms.hhs.gov
  • CJR - CJRSupport@cms.hhs.gov
  • CPC Plus - by email CPCPlus@telligen.com
  • Enh.MTM - by phone at 1-844-474-3375 or by email EnhancedMTM@cms.hhs.gov
  • HHVBP - by phone at 1-844-280-5628 or by email HHVBPquestions@cms.hhs.gov
  • HPI - by email HPI_PORTAL_Support@cms.hhs.gov
  • InCK - by email HealthyChildrenAndYouth@cms.hhs.gov
  • LSDM - by phone at 1-844-711-2664, Option 8 or by email LSDMHelpdesk@cms.hhs.gov
  • MDPCP - by phone at 1-844-711-2664, Option 7 or by email marylandmodel@cms.hhs.gov
  • MH - by phone at 1-844-711-2664, Option 3 or by email mhmodel@cms.hhs.gov
  • OCM - by phone at 1-844-711-2664, Option 2 or by email OCMSupport@cms.hhs.gov
  • QMAT - by phone at 1-888-734-6433 or by email ESRD-CMMI@cms.hhs.gov
  • TCPI - by phone at 1-844-341-2481 or by email DSFR-Help@bah.com
Get Started

IDHD: Restricted Use Application

IDHD Help Desk Team provides phone and email support for technical and program related questions.

Phone: 1 (855) 870-4411

Email: EIDMSupport@qssinc.com

ISV: Internet Server

ISV Help Desk Team provides email support for technical and program related questions.

Email: ISV-Support@cms.hhs.gov

LSDM: Health Information Technology for Economic and Clinical Healths

MA/MA-PD/PDP/CC: Medicare Advantage/Prescription Drug/Prescription Drug Plan/Cost Contracts/ Medicaid State Agency

Contact Helpdesk at
Email: mapdhelp@cms.hhs.gov
Phone: 1 (800) 927-8069

Medicaid and CHIP Business Information Solutions

Data Driven Decision Making

MACPro: Medicaid and CHIP Program

Medicaid and CHIP Program System (MACPro) is a web-based system for the submission, review, and management support of Medicaid and CHIP initiatives, including Medicaid State Plans and Quality Measures Reporting.

For issues with the MACPro application:

Email: MACPro_HelpDesk@cms.hhs.gov
Phone: (301) 547-4688

MAISTRO: Medicare Administration Issue Tracker & Reporting of Operations System

MAISTRO Help Desk Please contact CMS IT Service desk to report any MAISTRO application issues.
Email at CMS _IT_SERVICE_DESK@cms.hhs.gov
Phone:(410) 786-2580 or 1 (800) 562-1963

MARx/MAPD: Medicare Advantage & Prescription Drug Systems

Medicare Advantage Prescription Drug system. MARx is one of the Medicare Modernization Act (MMA) systems that support the various activities required to provide and administer Medicare Managed Care and Prescription Drug coverage. MARx maintains enrollment, payment, and premium data for beneficiary enrollments into Medicare Part C and Part D Plans.

MARx Help Desk: Please contact CMS IT Service desk to report and MARx application issues.
Email at mapdhelp@cms.hhs.gov
Phone:1 (800) 927-8069

MCU: Marketplace Change Utility

The Marketplace Change Utility (MCU) portlet allows it's users to search, view, and download information about Healthcare.gov consumers, insurance applications, and insurance policies, plans, and issuers. ESDCU provides various tools to search, analyze, and in some cases modify data associated with FFM.


Help Desk Contact Information

For issues with the MCU application, please contact the Marketplace Service Desk (MSD): 1 (855) CMS-1515 or 1 (855) 267-1515

Email Help Desk: CMS_FEPS@cms.hhs.gov

MDM: Master Data Management

Master Data Management Help Desk

Medicaid Drug Program (MDP)

MDP Help Desk

For technical assistance, please contact DDRHelpDesk@dcca.com Phone: 1-833-879-6075

MDR: MDR State Exchange

MDR Help Desk Team provides phone and email support for technical and program related questions.

Phone: 1 (800) 927-8069

Email: mapdhelp@cms.hhs.gov

MDX

Send email to: MDX_Helpdesk@cms.hhs.gov

MED: Medicare Exclusion Database

For issues with the MED application:

The Medicare Exclusion Database, MED, is updated monthly with sanction and reinstatement information on excluded providers, and is made available to approved entities only.

Help Desk name: External User Services (EUS)
Help Desk phone number: 1 (866) 484-8049
Help Desk email address: EUSSupport@cgi.com

MH: Million Hearts Cardiovascular Disease Risk Reduction Model

MH Model Help Desk Team provides phone and email support for technical and program related questions.

Phone: 1-844-711-2664, press Option 3

Email: mhmodel@cms.hhs.gov

Hours of Business:
8:30am-7:30pm Eastern Standard Time, Monday- Friday
Closed Federal holidays
All inquiries will receive a ticket number within 24 hours

Please have your LOI number handy when contacting the MH Model Help Desk. Please do not email any PHI/PII or your Organization specific confidential information.

Marketplace Learning Management System (MLMS)

The MLMS delivers online learning content for agents, brokers as well as Navigators, Certified Application Counselors and non-Navigator Assistance Personnel in the Federally-facilitated Marketplace and State Partnership Marketplaces. It facilitates the training and registration of these user groups to enable them to assist consumers with enrollment through the Federally-facilitated Marketplaces.

Help Desk: Please contact the MLMS Help Desk at MLMShelpdesk@cms.hhs.gov

Enterprise MicroStrategy Reports

For issues with the Enterprise MicroStrategy Reports:

Contact the CMS IT Service Desk at: (410) 786-2580 or (800) 562-1963

Send email to: CMS_IT_SERVICE_DESK@cms.hhs.gov

Get Started

myCGS: myCGS DME Portal

The myCGS DME portal allows users to access Medicare information, including eligibility, claim status, denial status and more. MyCGS is available to suppliers of durable medical equipment, prosthetics, orthotics, and supplies.

For issues with the muCGS application:
Email: cgs.dme.mac.email.inquiries@cgsadmin.com
Phone: 1 (866) 270-4909

Novitasphere Portal

For issues with the Novitasphere application:

Internet Portal for Novitas Solutions, Inc. Submit Enrollment form to Novitas EDI first!
Email: WebsiteEDI@Novitas-Solutions.com
Phone: 1-855-880-8424

NPICS: National Provider Identifier Crosswalk System

OCM: Oncology Care Model

OCM Help Desk Team provides email and phone support for technical and program related questions

Email: OCMSupport@cms.hhs.gov

Phone: 1-844-711-2664 (1-844-711-CMMI), press Option 2

Hours of Business:
8:30 A.M. to 6:00 P.M. Eastern Standard Time

PII/PHI Please do not email any confidential information.

OnePI: One Program Integrity

The system that provides a single source of information for all Centers for Medicare & Medicaid fraud, waste, and abuse activities. The system provides streamlined, centralized access and analysis for standardized Medicaid data across multiple states, integrated with data from Medicare Parts A, B, and D.

Welcome to CMS Open Payments

The Open Payments (commonly known as the Physician Payments Sunshine Act) system satisfies the reporting requirement in Centers for Medicare & Medicaid Services (CMS) regulation. The Affordable Care Act regulation requires applicable manufacturers and applicable group purchasing organizations (GPOs) to annually report payments and other transfers of value made to physicians and teaching hospitals, as well as certain information regarding the ownership or investment interests held by physicians or their immediate family members.

For issues with the OP application:

Contact the OP Help Desk at: Openpayments@cms.hhs.gov

Welcome to PECOS

PECOS: (Provider Enrollment, Chain and Ownership System) is Medicare's provider/supplier enrollment system. It is the national database (source) of all Medicare provider and supplier enrollment information. Medicare providers and suppliers submit enrollment applications to enroll in Medicare and become eligible for reimbursement of Medicare services provided.

    There are 2 PECOS interfaces available through this portal:
  • PECOS Administrative Interface (AI) which enables Medicare Contractors to capture enrollment information submitted through either a paper or electronic enrollment application. PECOS AI also enables other authorized users to view Medicare enrollment information.
  • PECOS Data Mart which enables authorized users access to perform self-service reporting through standard reports, dashboards, extracts and ad hoc report capabilities

PECOS Help Desk For login issues, application latency, or system outages please contact the CMS IT Service Desk by phone at 1-800-562-1963 or by email at cms_it_service_desk@cms.hhs.gov.For errors within the PECOS AI interface or PECOS Data Mart, or questions on data within the applications, please visit the EUS portal page at https://eus.custhelp.com

PMDA: Performance Metrics Database & Analytics

For issues with the PMDA application:

Contact the Section 1115 PMDA Help Desk at: (443) 775-3226

Send email to: pmda1115_cvp_help@cvpcorp.com

PRIS: Payment Recovery Information System

PQRS: Physician Quality Reporting System

For issues with the PQRS application:

Physician Value - Physician Quality Reporting System Program. This portal allows access to applications such as Submissions, Web Interface, Feedback Dashboard and Reports and, if applicable, electing CAHPS.

QualityNet Help desk
Help Desk phone number - 1 (866) 288-8912
Help Desk email address - qnetsupport@hcqis.org

PSR/STAR

Provider Statistical and Reimbursement/System for Tracking Audit and Reimbursement.

For issues with the PSR/STAR application:
Email: eussupport@cgi.com
Phone: 1 (866) 484-8049

QARM: Quality Net Authorization & Role Management

For issues with the QARM application:

Please contact the QualityNet Help Desk from Monday to Friday 7 a.m - 7 p.m CST at: 1 (866)-288-8912, TY at 1 (877)-715-6222, Fax at 1 (888)-329-7377

For ESRD Support email at qnetsupport-esrd@hcqis.org

RNSGUI: Research and Support Graphical User Interface

Salesforce

For issues with the Salesforce application:

Help Desk Information:

https://sf.cms.gov/cmsHelpdeskinformation

SERTS: State Exchange Resource Tracking System

For issues with the SERTS application:

Please contact the Marketplace Service Desk (MSD): 1 (855) CMS-1515 or 1 (855) 267-1515

Email Help Desk: CMS_FEPS@cms.hhs.gov

SERVIS: State Exchange Resource Virtual Information System

For issues with the SERVIS application:

Please contact the Marketplace Service Desk (MSD): 1 (855) CMS-1515 or 1 (855) 267-1515

Email Help Desk: CMS_FEPS@cms.hhs.gov

SHIM: Enrollment and Payment Portal

SHOP is the enrollment and payment portal for small businesses to purchase insurance and provide support services to enroll their employees in a health insurance program.

For issues with the SHIM application:
Phone: 1 (800) 706-7893

SPOT(FCSO): First Coast Service Options Internet Portal

The SPOT offers an array of self-service resources to furnish essential Medicare processing information within a secure, online environment.

For issues with the SPOT application:
Email: fcsospothelp@fcso.com
Phone: 1 (855) 416-4199

TCPI: Services Tracking Analysis and Reporting System

T-MSIS: Transformed Medicaid Statistical Information System

For support issues, please visit the State Support Help Center.

UCM: Unified Case Management

The Unified Case Management (UCM) system supports cooperation, communication and management between regional Program Integrity Contractors to ensure a standardized national approach to the prevention and detection of fraud, waste and abuse in Medicare and Medicaid program spending.

For issues with the UCM application:

Please direct any questions to the UCM Help Desk at: ( 1-833-353-3375 ) or by email at UCMHelpDesk@cms.hhs.gov

zONE: Opportunity to Network and Engage

(zONE - accessible via direct URL at https://zone.cms.gov w/ approved Portal role)

Opportunity to Network and Engage (zONE) is a social platform for organizations and individuals partnering and working with the Centers for Medicare & Medicaid Services (CMS). It is a secure, collaborative venue for States, Issuers, business and technology teams to connect, communicate, and share information such as reuse documents, resources and best practices.

For issues with the zONE application, please contact the Marketplace Service Desk (MSD): 1 (855) CMS-1515 or 1 (855) 267-1515

Email Help Desk: CMS_FEPS@cms.hhs.gov

Sign Up for Email Alerts

Already a Subscriber?

  • Manage Your Subscriptions
  • Privacy Policy

Log In



Terms & Conditions

OMB No.0938-1236 | Expiration Date: 03/31/2021 | Paperwork Reduction Act

Updated Departmental Standard Warning Banner for HHS Information Systems, Memo dated July 14, 2016

This warning banner provides privacy and security notices consistent with applicable federal laws, directives, and other federal guidance for accessing this Government system, which includes (1) this computer network, (2) all computers connected to this network, and (3) all devices and storage media attached to this network or to a computer on this network. This information system is provided for Government-authorized use only.

Unauthorized or improper use of this system is prohibited and may result in disciplinary action and/or civil and criminal penalties.

Personal use of social media and networking sites on this system is limited as to not interfere with official work duties and is subject to monitoring.

By using this system, you understand and consent to the following: The Government may monitor, record, and audit your usage, including usage of personal devices and email systems for official duties or to conduct HHS business. Therefore, you have no reasonable expectation of privacy regarding any communication or data transiting or stored on this system. At any time, and for any lawful Government purpose, the government may monitor, intercept, and search and seize any communication or data transiting or stored on this system.

Any communication or data transiting or stored on this system may be disclosed or used for any lawful Government purpose.

Please Agree to the Terms & Conditions

Your MFA status is currently being retrieved.

HHS Rules of Behavior

July 24, 2013

This Department of Health and Human Services (HHS or Department) standard is effective immediately:

The Rules of Behavior for Use of HHS Information Resources (HHS RoB) provides the rules that govern the appropriate use of all HHS information resources for Department users, including federal employees, contractors, and other system users. The HHS RoB, in conjunction with the HHS Policy for Personal Use of Information Technology Resources[1] (as amended), are issued under the authority of the Policy for Information Systems Security and Privacy (IS2P).[2] The prior HHS RoB (dated August 26, 2010) is made obsolete by the publication of this updated version.

All new users of HHS information resources must read the HHS RoB and sign the accompanying acknowledgement form before accessing Department data or other information, systems, and/or networks. This acknowledgement must be completed annually thereafter, which may be done as part of annual HHS Information Systems Security Awareness Training. By signing the form users reaffirm their knowledge of, and agreement to adhere to, the HHS RoB. The HHS RoB may be presented to the user in hardcopy or electronically. The user’s acknowledgement may be obtained by written signature or, if allowed per Operating Division (OpDiv) or Staff Division (StaffDiv) policy and/or procedure, by electronic acknowledgement or signature.

The HHS RoB cannot account for every possible situation. Therefore, where the HHS RoB does not provide explicit guidance, personnel must use their best judgment to apply the principles set forth in the standards for ethical conduct to guide their actions.[3]

Non-compliance with the HHS RoB may be cause for disciplinary actions. Depending on the severity of the violation and management discretion, consequences may include one or more of the following actions:

Suspension of access privileges;

Revocation of access to federal information, information systems, and/or facilities;>

Reprimand;

Termination of employment;

Removal or disbarment from work on federal contracts or projects

Monetary fines; and/or

Criminal charges that may result in imprisonment.

HHS OpDivs may require users to acknowledge and comply with OpDiv-level policies and requirements, which may be more restrictive than the rules prescribed herein. Supplemental rules of behavior may be created for specific systems[4] that require users to comply with rules beyond those contained in this document. In such cases users must also sign these supplemental rules of behavior prior to receiving access to these systems and must comply with ongoing requirements of each individual system to retain access (such as re-acknowledging the system-specific rules by signature each year). System owners must document any additional system-specific rules of behavior and any recurring requirement to sign the respective acknowledgement in the security plan for their systems. Each OpDiv Chief Information Officer (CIO) must implement a process to obtain and retain the signed rules of behavior for such systems and must ensure that user access to such system information is prohibited without a signed acknowledgement of system-specific rules and a signed acknowledgement of the HHS RoB.

National security systems, as defined by the Federal Information Security Management Act (FISMA), must independently or collectively implement their own system-specific rules.

These HHS RoB apply to local, network, and remote use[5] of HHS information (in both electronic and physical forms) and information systems by any individual.

Users of HHS information and systems must acknowledge the following statements:

I assert my understanding that:

Use of HHS information and systems must comply with Department and OpDiv policies, standards, and applicable laws

Use for other than official assigned duties is subject to the HHS Policy for Personal Use of IT Resources, (as amended);[6]

Unauthorized access to information or information systems is prohibited; and

Users must prevent unauthorized disclosure or modification of sensitive information.[7]

I must:

General Security Practices

Follow HHS security practices whether working at my primary workplace or remotely;

Accept that I will be held accountable for my actions while accessing and using HHS information and information systems;

Ensure that I have appropriate authorization to install and use software, including downloaded software on HHS systems and that before doing so I will ensure that all such software is properly licensed, approved, and free of malicious code;

Wear an identification badge (or badges, if applicable) at all times, except when they are being used for system access in federal facilities;

Lock workstations and remove Personal Identity Verification (PIV) cards from systems when leaving them unattended;

Use assigned unique identification and authentication mechanisms, including PIV cards, to access HHS systems and facilities;

Complete security awareness training (i.e., HHS Information Systems Security Awareness Training) before accessing any HHS system and on an annual basis thereafter and complete any specialized role-based security or privacy training, as required by HHS policies;[8]

Permit only authorized HHS users to use HHS equipment and/or software;

Take all necessary precautions to protect HHS information assets[9] (including but not limited to hardware, software, personally identifiable information (PII), protected health information (PHI), and federal records [media neutral]) from unauthorized access, use, modification, destruction, theft, disclosure, loss, damage, or abuse, and treat such assets in accordance with any information handling policies;

Immediately report to the appropriate incident response organization or help desk (pursuant to OpDiv policy and/or procedures) all lost or stolen HHS equipment; known or suspected security incidents;[10]known or suspected information security policy violations or compromises; or suspicious activity in accordance with OpDiv procedures;

Notify my OpDiv/StaffDiv Personnel Security Representative (PSR) when I plan to bring government-owned equipment on foreign travel (per requirements defined by the Office of Security and Strategic Information (OSSI));[11]

Maintain awareness of risks involved with clicking on e-mail or text message web links; and

Only use approved methods for accessing HHS information and HHS information systems

Privacy

Understand and consent to having no expectation of privacy while accessing HHS computers, networks, or e-mail;

Collect information from members of the public only as required by my assigned duties and permitted by the Privacy Act of 1974, the Paperwork Reduction Act, and other relevant laws;

Release information to members of the public including individuals or the media only as allowed by the scope of my duties and the law;

Refrain from accessing information about individuals unless specifically authorized and required as part of my assigned duties;

Use PII and PHI only for the purposes for which it was collected and consistent with conditions set forth by stated privacy notices such as those provided to individuals at the point of data collection and published System of Records Notices; and

Ensure the accuracy, relevance, timeliness, and completeness of PII, as is reasonably necessary and to the extent possible, to assure fairness in making determinations about an individual.

Sensitive Information

Treat computer, network and web application account credentials as private sensitive information and refrain from sharing accounts;

Secure sensitive information, regardless of media or format, when left unattended;

Keep sensitive information out of sight when visitors are present;

Sanitize or destroy electronic media and papers that contain sensitive data when no longer needed, in accordance with the HHS Policy for Records Management[12] and sanitization policies, or as otherwise lawfully directed by management;

Access sensitive information only when necessary to perform job functions; and

Properly protect (e.g., encrypt) HHS sensitive information at all times while stored or in transmission, in accordance with the HHS Standard for Encryption of Computing Devices.[13]

I must not:

Violate, direct, or encourage others to violate HHS policies or procedures;

Circumvent security safeguards, including violating security policies or procedures or reconfiguring systems, except as authorized;

Use another person’s account, identity, password/passcode/PIN, or PIV card or share my password/passcode/PIN;

Remove data or equipment from the agency premises without proper authorization;

Use HHS information, systems, and hardware to send or post threatening, harassing, intimidating, or abusive material about others in public or private messages or forums;

Exceed authorized access to sensitive information;

Share or disclose sensitive information except as authorized and with formal agreements that ensure third-parties will adequately protect it;

Transport, transmit, e-mail, remotely access, or download sensitive information unless such action is explicitly permitted by the manager or owner of such information and appropriate safeguards are in place per HHS policies concerning sensitive information;

Use sensitive information for anything other than the purpose for which it has been authorized;

Access information for unauthorized purposes;

Use sensitive HHS data for private gain or to misrepresent myself or HHS or for any other unauthorized purpose;

Store sensitive information in public folders or other insecure physical or electronic storage locations;

Knowingly or willingly conceal, remove, mutilate, obliterate, falsify, or destroy information;

Copy or distribute intellectual property including music, software, documentation, and other copyrighted materials without written permission or license from the copyright owner;

Modify or install software without prior proper approval per OpDiv procedures;

Conduct official government business or transmit/store sensitive HHS information using non-authorized equipment or services; or

Use systems (either government issued or non-government) without the following protections in place to access sensitive HHS information:

Antivirus software with the latest updates;

Anti-spyware and personal firewalls;

A time-out function that requires re-authentication after no more than 30 minutes of inactivity on remote access; and

Approved encryption[14] to protect sensitive information stored on recordable media, including laptops, USB drives, and external disks; or transmitted or downloaded via e-mail or remote connections.

I must refrain from the following activities when using federal government systems, which are prohibited per the HHS Policy for Personal Use of Information Technology Resources,[15] (as amended):

Unethical or illegal conduct;

Sending or posting obscene or offensive material;

Sending or forwarding chain letters, e-mail spam, inappropriate messages, or unapproved newsletters and broadcast messages;

Sending messages supporting prohibited partisan political activity as restricted under the Hatch Act;[16]

Conducting any commercial or for-profit activity;

Using peer-to-peer (P2P) software except for secure tools approved in writing by the OpDiv CIO (or designee) to meet business or operational needs;

Sending, retrieving, viewing, displaying, or printing sexually explicit, suggestive text or images, or other offensive material;

Creating and/or operating unapproved Web sites or services;

Allowing personal use of HHS resources to adversely affect HHS systems, services, and co-workers (such as using non-trivial amounts of storage space or bandwidth for personal digital photos, music, or video);

Using the Internet or HHS workstation to play games or gamble; and

Posting Department information to external newsgroups, social media and/other other types of third-party website applications,[17] or other public forums without authority, including information which is at odds with departmental missions or positions. This includes any use that could create the perception that the communication was made in my official capacity as a federal government employee, unless I have previously obtained appropriate Department approval.

Addendum: HHS Rules of Behavior for Privileged User Accounts

The HHS Rules of Behavior for Privileged User Accounts is an addendum to the HHS Rules of Behavior for Use of Information Resources (HHS RoB) and provides common rules on the appropriate use of all HHS information technology resources for all Department Privileged Users,[18] including federal employees, interns, and contractors. Privileged User account roles have elevated privileges above those in place for general user accounts regardless of account scope (e.g., both local and domain administrator accounts). Potential compromise of Privileged User accounts carries a risk of substantial damage and therefore Privileged User accounts require additional safeguards.

All users of Privileged User accounts for Department information technology resources must read these standards and sign the accompanying acknowledgement form in addition to the HHS RoB before accessing Department data/information, systems, and/or networks in a privileged role. The same signature acknowledgement process followed for the HHS RoB applies to the Privileged User accounts. Each Operating Division (OpDiv) must maintain a list of Privileged User accounts.

I understand that as a Privileged User, I must:

Protect all Privileged User account passwords/passcodes/Personal Identity Verification (PIV) personal identified numbers (PINs) on Low, Moderate, and High systems;

Comply with all system/network administrator responsibilities in accordance with HHS policy;

Use my Privileged User account(s) for official administrative actions only;

Notify system owners immediately when privileged access is no longer required; and

Complete any specialized role-based security or privacy training as required before receiving privileged system access.

I understand that as a Privileged User, I must not:

Share Privileged User account(s) or password(s)/passcode(s)/PIV PINs;

Install, modify, or remove any system hardware or software without system owner written approval;

Remove or destroy system audit, security, event, or any other log data;

Acquire, possess, trade, or use hardware or software tools that could be employed to evaluate, compromise, or bypass information systems security controls;

Introduce unauthorized code, Trojan horse programs, malicious code, or viruses into HHS information systems or networks;

Knowingly write, code, compile, store, transmit, or transfer malicious software code, to include viruses, logic bombs, worms, and macro viruses;

Use Privileged User account(s) for day-to-day communications;

Elevate the privileges of any user without prior approval from the system owner;

Use privileged access to circumvent HHS policies or security controls;

Use a Privileged User account for Web access except in support of administrative related activities; or;

Modify security settings on system hardware or software without the approval of a system administrator and/or a system owner.

CMS Privacy Act Statement

The Privacy Act of 1974, as amended at 5 United States Code (U.S.C.) 552a, protects records that can be retrieved by personal identifiers such as a name, social security number, or other identifying number or symbol. An individual is entitled access to his or her records and to request correction of these records as applicable.

The Privacy Act prohibits disclosure of these records without an individual's written consent unless one of the twelve disclosure exceptions enumerated in the Act applies. These records are held in Privacy Act Systems of Records (SOR). A notice of any such system is published in the Federal Register. These notices identify the legal authority for collecting and storing the records, individuals about whom records will be collected, what kinds of information will be collected, and the routine uses for the records.

As with the Freedom of Information Act (FOIA), the Privacy Act binds only Federal agencies, and covers only records in the possession and control of Federal agencies.

In addition to the Privacy Act, the Centers for Medicare & Medicaid Services (CMS) is required to follow the Department of Health and Human Services (DHHS) Privacy Act Regulations at 45 Code of Federal Regulations (C.F.R.) Part 5b.

You must be 18 or older to register.

Complementary Content
  • ${title}${badge}
${loading}