Form CMS-10267 CMS-10267.QIMS- Account Registration Form

INSTRUCTIONS AND FORM ROUTING for Part A:

For Type of Request = Create New User Account: The Applicant will fill in the on line registration form and submit it to the End User Manager (EUM) who will approve the new user for account creation and identity verification hereafter called “identity proofing”. The Applicant will take part A of this form to the appointed Security Official (SO) where the Applicant will be required to perform Security Awareness Training and will undergo identity proofing. If the Applicant does not know who the assigned SO is, they can check with their EUM; or call the CROWN Help Desk at 1-888-ESRDHD1(1-888-377-3431) or send an e-mail to

[email protected]

• . The Applicant must provide the registration form to the SO in person so the SO can act as the Identity Proofer. The Applicant may retain a copy of the original request form for his or her personal records.

• Note: the End User Manager will be a pre-designated for the Facility, CROWN Help Desk, network, QIO or CMS activity that the Applicant is closest to.

• Choosing an endpoint for receipt of the 2^nd factor PIN is key to accessing any application that works with Protected Healthcare Information (PHI) or Personally Identifiable Information (PII). Please select an option that is close to your computer workstation as you will want easy access to the PIN that is sent via your selected method of receipt.

• Upon receipt of part A of the original form, the designated SO will review the form to ensure it is complete and will then vet the user’s identity using a currently valid government picture identification document that lists the applicants current home address, or a passport showing the applicants nationality per NIST 800-63, Table 3, Level 3 E-Authentication recommendations. The SO will enter his/her name, and signature where designated on Part A of the form.

• Once identity vetting is complete, the SO will verify that the person requesting an account has completed the required Security Awareness Training (SAT). The SO will then log into QIMS and ensure the new user account is set up and assign the account holder to the proper QIMS role(s). Once the account has been set up the SO will send a fax copy to the secure fax number at the CROWN Helpdesk and then mail the original form to the CROWN Helpdesk for mandated record keeping. All forms will be mailed in tamper-resistant packaging using United States Postal Service (USPS) Certified Mail with return receipt. It is a violation of Federal security regulations to transmit any form(s) electronically; email, the Internet, unsecure transmission media, or any unsecured FAX.

• For Type of Request = Create Security Official Account: The Applicant will fill out the registration form, Print it out and take it to a Notary of the Public for Identity proofing.

• After the EUM has signed the form, ensured the SO Applicant has undergone Security Awareness Training and verified the information on the registration form is correct the SO will then log into QIMS and ensure the new user account is set up. The SO will then assign the account holder to the proper QIMS role(s). Once the account has been set up the SO will send a fax copy to the secure fax number at the CROWN Helpdesk and mail the original form to the CROWN Helpdesk for mandated record keeping. All forms will be mailed in tamper-resistant packaging using United States Postal Service (USPS) Certified Mail with return receipt. It is a violation of Federal security regulations to transmit any form(s) electronically; email, the Internet, unsecure transmission media, or any unsecured FAX.

INSTRUCTIONS AND FORM ROUTING for Part B:

Upon receipt of the original Part B of this form:

• The EUM will review, approve and sign Part B of the form that is the application role request portion.

• Provisioning of application roles will be accomplished upon completion of any application related training by the SO or assigned local application system administrator following the QIMS User ID being activated.

• Note: the End User Manager will be a pre-designated for the Facility, Help Desk, network, QIO or CMS activity that the Applicant is closest to.

• The CROWN Helpdesk will verify that the each form is; (1) the original, (2) is complete, (3) the required SO information is complete. If all of these criteria are met, the Help Desk will store the original form as required by law. The account cannot be activated if one or more of these criteria are not met; in this case the IMS team will advise the user of the action and the reason via a QIMS system-generated email.

QUALITYNET DATA SUBMISSION STATEMENT

Every QualityNet system user agrees, based on his or her best knowledge, information, and belief, that the data they submit to CMS is accurate, complete, and truthful.

PRIVACY ACT STATEMENT

The information on pages 1 and 2 of this form is collected and maintained under the authority of Title 5 U.S. Code, Section 552a(e)(10) (The Privacy Act of 1974). This information is used for assigning, controlling, tracking, and reporting authorized access to and use of CMS’s computerized information and resources. The Privacy Act prohibits disclosure of information from records protected by the statute, except in limited circumstances.

The information you furnish on page 1 of this form will be maintained by CMS in the QualityNet Identity Management System (QIMS) and the original form will be maintained by the Identity Management Team. The data may be disclosed as a routine use disclosure under the routine uses established for this system as published at 59 FED.REG.41329 (08-11-94) and as CMS may establish in the future by publication in the Federal Register.

Furnishing the information on this form is voluntary. However, if you do not provide this information, you may not be granted access to CMS computer systems.

SECURITY REQUIREMENTS FOR USERS OF CMS COMPUTER SYSTEMS

CMS uses computer systems that contain sensitive information to carry out its mission. Sensitive information is any information which the loss, misuse, or unauthorized access to, or modification of could adversely affect the national interest, or the conduct of Federal programs, or the privacy to which individuals are entitled under the Privacy Act. To ensure the security and privacy of sensitive information in Federal computer systems, the Computer Security Act of 1987 requires Federal agencies to identify sensitive computer systems, conduct computer security training, and develop computer security plans. CMS maintains a system of records for use in assigning, controlling, tracking, and reporting authorized access to and use of CMS’s computerized information and resources. CMS records all access to its computer systems and conducts routine reviews for unauthorized access to and/or illegal activity.

Anyone with access to CMS Computer Systems containing sensitive information must abide by the following:

● Do not disclose or lend your QIMS ACCOUNT USER ID and/or PASSWORD to someone else. They are for your use only and serve as your “electronic signature”. This means that you may be held responsible for the consequences of unauthorized or illegal transactions executed under your account.

● Do not browse or use CMS data files for unauthorized or illegal purposes.

● Do not use CMS data files for private gain or to misrepresent yourself or CMS.

● Do not make any disclosure of CMS data that is not specifically authorized.

● Do not duplicate CMS data files, create extract files of such records, remove or transmit data unless you have been specifically authorized to do so.

● Do not change, delete, or otherwise alter CMS data files unless you have been specifically authorized to do so.

● Do not make copies of data files, with personal identifiable data, or data that would allow individual identities to be deduced unless you have been specifically authorized to do so.

● Do not intentionally cause corruption or disruption of CMS data files.

A violation of these security requirements could result in termination of CMS systems access privileges. In addition, Federal, State, and/or local laws may provide criminal penalties for any person illegally accessing or using a Government-owned or operated computer system for illegal activities.

If you become aware of any violation of the above security requirements or suspect that your QIMS account User ID and/or Password may have been compromised, you must immediately report that information to your component’s designated Security Official (SO) and immediately contact the QualityNet Helpdesk at 1-866-288-8912 ([email protected]) to report the actual or potential security incident.

________________________________________________________________________________

According to the Paperwork Reduction Act of 1995, no persons are required to respond to a collection of information unless it displays a valid OMB control number. The valid OMB control number for this information is FORM CMS-QIMS-0001. The time required to complete this information collection is estimated to average 20 minutes per response, including the time to review instructions, search existing data resources, gather the data needed, complete the form, and review the information collection (this does not include the Notarization activity for Security Officer accounts as required on page 1). If you have any comments concerning the accuracy of the time estimate(s) or suggestions for improving this form, please write to: The Centers for Medicare and Medicaid Services, Attention: PRA Reports Clearance Officer, 7500 Security Boulevard, Baltimore, Maryland 21244-1850.