CMS announces that eServices Portal Users must soon move to Multi-Factor Authentication due to Increased Security Requirements

The Centers for Medicare & Medicaid Services (CMS) recently announced that Multi-Factor Authentication (also referred to as MFA) is coming to protect the security of user information on the ePortal site.  You might be familiar with the term “Multi-Factor Authentication” from public media discussions about the security of the passwords we all choose (or the lack thereof).  CMS published FAQ 13533 on the subject;[1] they note:

MFA is an approach to security authentication that requires you to provide more than one form of a credential in order to prove your identity. CMS is requiring MFA service for CMS Enterprise Portal  and HETS Desktop (HDT) Users …

Palmetto GBA, one of the Medicare Administrative Contractors (MAC), noted the following on a March 21, 2017 posting to their Railroad Medicare website:[2]

Why You Need It:
It’s easier than you might think for someone to steal your password. Multi-factor Authentication (MFA) can help your eServices account remain secure even if someone manages to obtain your password without your knowledge.

How It Works:
The eServices MFA is an extra layer of security … Once activated, signing into your eServices account will work a little differently …

Palmetto also noted the following about the timeline to move to MFA for this portal:

  • Providers have from now through March 31, 2017, to sign up for multi-factor authentication for each active user ID voluntarily.
  • April 1, 2017 to June 31, 2017, providers will be required to sign up for multi-factor authentication at enrollment, password reset and recertification.
  • Effective July 1, 2017, if you have not yet signed up for MFA, your account will automatically be set to MFA with the email address associated with the user ID.

Other MACs have noted only the currently optional nature of moving to MFA, while some have more extensive information on this requirement.  We anticipate additional MAC instructions soon.

As always, if you need assistance, Corcoran Consulting Group is here to help you.   (800) 399-6565

[1]     CMS.  FAQ #13533.  What is Multi-Factor Authentication (MFA)?  Link here.  Accessed 03/21/17.

[2]     Palmetto GBA.  Action Needed:  Due to Increased CMS Security Requirements, eServices Portal Users Must Sign Up for Multi-Factor Authentication (MFA) by July 1, 2017.  Link here.  Accessed 03/21/17.

Call us with additional questions or concerns at 800-399-6565.   We invite you to link to our new App, Corcoran 24/7, via one of the links below.

Download our iOS App Download our Android App Download our Amazon App

Related Posts

Website by MIC