Revisions to Form CMS 10267 - QIMS Account Form

Issue Number

Page Number

Section

Action to be performed

Changes to the Application

Reason for Change

1

1

Type of Request

Checkbox identifying type of request identifies the type of account being created – general user or security official.

QIMS – Originally the form request type also included Change, Disable, and Enable. These types were removed because they will no longer require paperwork to be submitted. The changes will still be entered and saved in the QIMS system. Also, annual recertification is being added.

ISSO change - No paper work is required for enabling, disabling or recertifying QIMS accounts. This will cut down on the original public burden associated with approval signatures, notarization and mailing.

2

1

Type of Request

Checkbox identifying type of general user.

New data field added to QIMS and to the form.

ISSO change – Requested additional information

3

1

Type of Request

Checkbox identifying level of Security Official

New data field added to QIMS and to the form.

ISSO change – Requested additional information

4

Annual

Recertification

Each year Security Awareness Training is required in order for an existing user account to be recertified.

QIMS – While it is not part of the form, the application will be updated to include an Annual Training Checkbox. The system will calculate the 365 day requirement based on internal dates stored.

ISSO change – Required to meet ARS guidelines. (Mike Blake provided link – www.cms.gov/information security/downloads/ARS_App_B_CMSR_Moderate.pdf)

5

1

Personal Information

Remove home phone

QIMS - Remove the collection of home telephone number from the form and application.

ISSO change – Not needed.

6

1

Personal Information

The CMS CIO, Julie Boughn, has mandated that CROWNWeb be required to use 2 Factor Authentication due to the PII and PHI data contained within the system. QIMS is being enhanced to include 2 Factor Authentication.

QIMS - Moved business phone number and extension from Business Information section to Personal Information section.

ISSO change – Business phone number and extension were always required; however, it must be a number that they can contact the QIMS account owner for the 2 Factor credential; therefore, the ISSO wanted it moved from the business information section to the personal information section.

7

1

Personal Information

The CMS CIO, Julie Boughn, has mandated that CROWNWeb be required to use 2 Factor Authentication due to the PII and PHI data contained within the system. QIMS is being enhanced to include 2 Factor Authentication.

Moved business E-mail address from Business Information section to Personal Information section.

ISSO change – E-mail address was always required; however, now it can be the personal e-mail address if the person does not have an individual business e-mail address; therefore, the ISSO wanted it moved from the business information section to the personal information section.

8

2

Authorization

Manager’s signature and date

No change in application; however, this information was moved on the form from page 1 to page 2.

ISSO change – ISSO wanted the authorization, validation and notarization moved to the same page.

9

2

Validation

Vetting Official’s signature and date

New to QIMS application and form.

ISSO change – Since the ISSO is only requiring SO accounts to be notarized, all accounts will have to be vetted. This process was currently being peformed through the mandated notarization of all forms.

Note: This change reduces the notarization burden.

10

2

Notarization of Applicant’s Identity

Notarization of account forms will only be required for Security Official Accounts (SO).

No change in application; however, this information was moved on the form from page 1 to page 2.

ISSO change – Since notarization is no longer required for all accounts, the information collected was placed on a single page (page 2) separate from the collection of all other information.

Note: This change reduces the notarization burden.

11

2

Application Approval

Added a check box asking what applications need to accessed.

QIMS is being enhanced to be used for all OCSQ applications, not just CROWNWeb.

ISSO change – Same user ID can be used to access multiple OCSQ applications.

Note: Future expansion of QIMS to provide user accounts for other OCSQ applications.

12

2

Request for 2 Factor Authentication

QIMS - The CMS CIO, Julie Boughn, has mandated the CROWNWeb be required to use 2 Factor Authentication due to the PII and PHI data contained within the system. QIMS is being enhanced to include 2 Factor Authentication.

Added a check box asking if 2^nd factor credential is required to be filled out by the Security Official.

ISSO change – Required to meet CMS CIO mandate.

13

2

Preferred 2^nd Factor Contact

QIMS - The CMS CIO, Julie Boughn, has mandated the CROWNWeb be required to use 2 Factor Authentication due to the PII and PHI data contained within the system. QIMS is being enhanced to include 2 Factor Authentication.

Added a check box asking how the QIMS user will receive their 2^nd factor credential.

ISSO change – Required to meet CMS CIO mandate.

14

3

Part B – CROWNWeb Roles and Scope

While the same information is being collected, the form has been separated into a part A – QIMS Account Registration and Part B – CROWNWeb Roles and Scope Assignment.

Part A information is entered into QIMS and Part B information is entered into CROWNWeb.

QIMS will eventually become the QualityNet Identity Management System for all OCSQ applications; therefore, additional parts will be added to the form to address specific application needs if the new application uses roles and scope.

15

3

CROWNWeb Roles and Scope

Removed the capability of listing 8 facilities. Only one facility can be used per page

Manual process - No change to CROWNWeb application

ISSO change – ISSO wants one separate page per facility; therefore, each request will have its own manger’s authorization signature and date.

16

4

Instructions and Form Routing

Data Entry

Applicants will enter their data into the QIMS application.

ISSO change – Data entry burden has been taken off of the SO.

17

4

Instructions and Form Routing

Faxing Requirement

Manual Process – No change to the system

ISSO change – Data entry burden has been taken off of the SO. The general user will not only enter their own data but be required to print and fax their form to the help desk.

18

4

Instructions and Form Routing

Mailing Requirement

Manual Process – No change to the system.

ISSO change – Individual forms may be mailed out regular first class ($0.44 stamp); however, when 2 or more forms are mailed out, the forms will still have to be mailed USPS certified with return receipt.