Request Process

CMS/OSORA FOIA Portal Project

Screenshots for PRA
Submission

FOIA Intake Portal - 1
Prior to entering the FOIA portal to request claims data, CMS wants to ensure that the user is requesting
Medicare claims and not Medicaid claims. If the user selects Medicaid, they will be directed elsewhere (see
Appendix A – Medicaid claims request redirects).

INFORMATION NOT RELEASABLE TO THE PUBLIC UNLESS AUTHORIZED BY LAW:
This information has not been publicly disclosed and may be privileged and confidential. It is for internal government use only and must not be disseminated,
distributed, or copied to persons not authorized to receive the information. Unauthorized disclosure may result in prosecution to the full extent of the law.

FOIA Intake Portal - 2
Prior to entering the FOIA portal to request claims data, CMS wants to determine if the user is requesting data
for themselves. If yes, they would be asked additional questions to determine if there are more efficient and
faster methods to obtain their data, like using Blue Button. (see Appendix B – person with Medicare redirects).

INFORMATION NOT RELEASABLE TO THE PUBLIC UNLESS AUTHORIZED BY LAW:
This information has not been publicly disclosed and may be privileged and confidential. It is for internal government use only and must not be disseminated,
distributed, or copied to persons not authorized to receive the information. Unauthorized disclosure may result in prosecution to the full extent of the law.

FOIA Intake Portal - 3
Prior to entering the FOIA portal to request claims data, CMS is re-verifying that the individual is actually
enrolled in Medicare. See Appendix C for not enrolled redirects.

INFORMATION NOT RELEASABLE TO THE PUBLIC UNLESS AUTHORIZED BY LAW:
This information has not been publicly disclosed and may be privileged and confidential. It is for internal government use only and must not be disseminated,
distributed, or copied to persons not authorized to receive the information. Unauthorized disclosure may result in prosecution to the full extent of the law.

FOIA Intake Portal - 4
Finally, prior to entering the FOIA portal to request claims data, CMS wants to ensure it is only fee for service
claims data, and not other types of Medicare data which CMS does not store. (see Appendix D – non FFS claims
data redirects).

INFORMATION NOT RELEASABLE TO THE PUBLIC UNLESS AUTHORIZED BY LAW:
This information has not been publicly disclosed and may be privileged and confidential. It is for internal government use only and must not be disseminated,
distributed, or copied to persons not authorized to receive the information. Unauthorized disclosure may result in prosecution to the full extent of the law.

FOIA Intake Portal – 5
Now that all of the assurances and redirects have been established, it is time to collect the information about the
FOIA case! The first step (Part A) is to obtain information about the person with Medicare, including their
Medicare number (only the new MBI format will be accepted).

INFORMATION NOT RELEASABLE TO THE PUBLIC UNLESS AUTHORIZED BY LAW:
This information has not been publicly disclosed and may be privileged and confidential. It is for internal government use only and must not be disseminated,
distributed, or copied to persons not authorized to receive the information. Unauthorized disclosure may result in prosecution to the full extent of the law.

FOIA Intake Portal - 6
The next step (Part B) is to place parameters around the records request. Should the user select options where
they have to specify dates and/or events, once the option is selected, additional field(s) will display for the user
to fill in the required information.

INFORMATION NOT RELEASABLE TO THE PUBLIC UNLESS AUTHORIZED BY LAW:
This information has not been publicly disclosed and may be privileged and confidential. It is for internal government use only and must not be disseminated,
distributed, or copied to persons not authorized to receive the information. Unauthorized disclosure may result in prosecution to the full extent of the law.

FOIA Intake Portal - 7
The third step (Part C) is to collect information about the entity requesting the claims records.

INFORMATION NOT RELEASABLE TO THE PUBLIC UNLESS AUTHORIZED BY LAW:
This information has not been publicly disclosed and may be privileged and confidential. It is for internal government use only and must not be disseminated,
distributed, or copied to persons not authorized to receive the information. Unauthorized disclosure may result in prosecution to the full extent of the law.

FOIA Intake Portal - 8
The fourth step is to collect delivery preferences. Should express delivery be an option, the user would be
required to provide an express delivery account.

INFORMATION NOT RELEASABLE TO THE PUBLIC UNLESS AUTHORIZED BY LAW:
This information has not been publicly disclosed and may be privileged and confidential. It is for internal government use only and must not be disseminated,
distributed, or copied to persons not authorized to receive the information. Unauthorized disclosure may result in prosecution to the full extent of the law.

FOIA Intake Portal - 9
The fifth step, Part E, is to determine fee collections. Should the user request a waiver to the fees (not likely in a
3rd party situation but still possible), the user would select the second bullet and a memo field would display
providing ample space to explain the reason for the waiver.

INFORMATION NOT RELEASABLE TO THE PUBLIC UNLESS AUTHORIZED BY LAW:
This information has not been publicly disclosed and may be privileged and confidential. It is for internal government use only and must not be disseminated,
distributed, or copied to persons not authorized to receive the information. Unauthorized disclosure may result in prosecution to the full extent of the law.

FOIA Intake Portal - 10
At all times, the user is provided information (i.e., bread crumbs) as to where they are in the process. The screen
shot below provides the user an opportunity to review all of the information provided prior to going to the 6th
step, the attestations and submissions.

INFORMATION NOT RELEASABLE TO THE PUBLIC UNLESS AUTHORIZED BY LAW:
This information has not been publicly disclosed and may be privileged and confidential. It is for internal government use only and must not be disseminated,
distributed, or copied to persons not authorized to receive the information. Unauthorized disclosure may result in prosecution to the full extent of the law.

FOIA Intake Portal - 11
The final step, Part F, requires the user to upload beneficiary authorization documents which includes attestation
language. The authorization document MUST be signed by the beneficiary. The user is provided a link to the
form generally used by third parties to obtain proper authorization, as failure to have all of these components in
the request will cause the request to be denied.

INFORMATION NOT RELEASABLE TO THE PUBLIC UNLESS AUTHORIZED BY LAW:
This information has not been publicly disclosed and may be privileged and confidential. It is for internal government use only and must not be disseminated,
distributed, or copied to persons not authorized to receive the information. Unauthorized disclosure may result in prosecution to the full extent of the law.

FOIA Intake Portal - 12
Once the request is submitted, the user is provided with general confirmation information. The user is advised
against submitting duplicates as it would delay CMS’ ability to fulfill the request. The online portal also offers
CMS an option to email the requester with their confirmation number so that they may track the progress of
their request.

INFORMATION NOT RELEASABLE TO THE PUBLIC UNLESS AUTHORIZED BY LAW:
This information has not been publicly disclosed and may be privileged and confidential. It is for internal government use only and must not be disseminated,
distributed, or copied to persons not authorized to receive the information. Unauthorized disclosure may result in prosecution to the full extent of the law.

Appendix A – Medicaid Redirect

https://medicaiddirectors.org/about/med
icaid-directors

INFORMATION NOT RELEASABLE TO THE PUBLIC UNLESS AUTHORIZED BY LAW:
This information has not been publicly disclosed and may be privileged and confidential. It is for internal government use only and must not be disseminated,
distributed, or copied to persons not authorized to receive the information. Unauthorized disclosure may result in prosecution to the full extent of the law.

Appendix B – Beneficiary Redirect - 1
If the beneficiary is requesting Medicare claim records within the past 4 years, the portal will
encourage the beneficiary to use Blue Button. However, if the beneficiary needs older claims, the
portal will continue with a series of fillable fields and allow the user to submit the request through the
FOIA process.

INFORMATION NOT RELEASABLE TO THE PUBLIC UNLESS AUTHORIZED BY LAW:
This information has not been publicly disclosed and may be privileged and confidential. It is for internal government use only and must not be disseminated,
distributed, or copied to persons not authorized to receive the information. Unauthorized disclosure may result in prosecution to the full extent of the law.

Appendix B – Beneficiary Redirect - 2

https://www.medicare.gov/manage-yourhealth/medicares-blue-button-bluebutton-20

INFORMATION NOT RELEASABLE TO THE PUBLIC UNLESS AUTHORIZED BY LAW:
This information has not been publicly disclosed and may be privileged and confidential. It is for internal government use only and must not be disseminated,
distributed, or copied to persons not authorized to receive the information. Unauthorized disclosure may result in prosecution to the full extent of the law.

Appendix C – Not Enrolled Redirects

INFORMATION NOT RELEASABLE TO THE PUBLIC UNLESS AUTHORIZED BY LAW:
This information has not been publicly disclosed and may be privileged and confidential. It is for internal government use only and must not be disseminated,
distributed, or copied to persons not authorized to receive the information. Unauthorized disclosure may result in prosecution to the full extent of the law.

Appendix D – Non FFS Claims Redirect - 1

https://www.medicare.gov/claimsappeals/check-the-status-of-a-claim

INFORMATION NOT RELEASABLE TO THE PUBLIC UNLESS AUTHORIZED BY LAW:
This information has not been publicly disclosed and may be privileged and confidential. It is for internal government use only and must not be disseminated,
distributed, or copied to persons not authorized to receive the information. Unauthorized disclosure may result in prosecution to the full extent of the law.

Appendix D – Non FFS Claims Redirect - 2

https://www.ssa.gov/

INFORMATION NOT RELEASABLE TO THE PUBLIC UNLESS AUTHORIZED BY LAW:
This information has not been publicly disclosed and may be privileged and confidential. It is for internal government use only and must not be disseminated,
distributed, or copied to persons not authorized to receive the information. Unauthorized disclosure may result in prosecution to the full extent of the law.

Appendix D – Non FFS Claims Redirect - 3

https://www.cms.gov/Medicare/Coordination-ofBenefits-and-Recovery/AttorneyServices/Attorney-Services

INFORMATION NOT RELEASABLE TO THE PUBLIC UNLESS AUTHORIZED BY LAW:
This information has not been publicly disclosed and may be privileged and confidential. It is for internal government use only and must not be disseminated,
distributed, or copied to persons not authorized to receive the information. Unauthorized disclosure may result in prosecution to the full extent of the law.