Maintaining access to your RDS Secure Website user account is critical to ensuring your Plan Sponsor meets its Application and Reconciliation Deadlines and experiences all the benefits of participating in RDS. Consequently, it’s important to understand scenarios related to accessing your account. Review the following information to learn about some of the most common user access scenarios reported to CMS’ RDS Center.
Scenario 1: I just completed registration. However, when I try to log in, I receive a message that my Login ID is not active.
When a user completes registration in the RDS Secure Website, the information supplied must be validated by CMS’ RDS Center. Login ID activation is not immediate. It can take up to 48 hours for registration information to be verified. Once the information is verified, the user receives an email that he/she has been approved and may activate their Multi-Factor Authentication (MFA). Once MFA has been activated, the user may log in to the RDS Secure Website immediately.
Scenario 2: I changed my password today, but I’ve forgotten it and locked my user account.
For security reasons, a password may only be changed once in a 24-hour period. If you have already changed your password once on a given day, you must wait until 24 hours have passed to change it again and unlock your account.
Scenario 3: I’m trying to reset my password, but I’m receiving a message that the information I entered doesn’t match CMS’ RDS Center’s records.
During the process of resetting your password, you are asked to provide your Social Security Number, date of birth, and email address on the Validate Person Information page in the RDS Secure Website. If you have verified that you entered the correct Social Security Number and date of birth, consider the email address you entered. When supplying this information, ensure that you enter the email address that is on record with CMS’ RDS Center, or the RDS Secure Website will not recognize your information.
If your email address has changed, you are encouraged to update it once you log in. User information such as email address is updated using the Manage User Information link in the RDS Secure Website. If you no longer have access to the email address on record with RDS, send an email to RDS@cms.hhs.gov to request assistance from CMS’ RDS Center. CMS’ RDS Center will flag your account so that you will be prompted to verify and update your email address to your current address when you try to log in.
Scenario 4: I’m trying to enable my user account and can’t find my “RDS Secure Website User Account Disabled” email. I’ve clicked the link to re-send the email, but I haven’t received it.
The “RDS Secure Website User Account Disabled” email is sent to your email address on record with CMS’ RDS Center. If you no longer have access to that email address, send an email to RDS@cms.hhs.gov to request assistance from CMS’ RDS Center. CMS’ RDS Center will flag your account so that you will be prompted to verify and update your email address to your current address when you try to log in. After you have updated your email address, you can proceed with enabling your user account.
Note: Ensure that messages sent from RDS email addresses are not blocked by any SPAM filters or Blocked Senders Lists.
Scenario 5: A Plan Sponsor is attempting to invite me to a new user role but is receiving a message that I can’t be assigned because I’m already assigned a different role.
The RDS Secure Website allows an individual to act in only one role at a time. In order for you to be assigned a different role, you must first be removed as a user from all Plan Sponsor accounts or applications, depending on your role. For an Account Manager or an Authorized Representative to be assigned a different role, that user must be removed from all Plan Sponsor accounts. For a Designee to be assigned a different role, the user must be deleted from all applications. Essentially, you must be expired from that role. After you have been removed from your previous role, the Plan Sponsor should wait one day before attempting to invite you to a new role.
Note: If neither the Account Manager nor the Authorized Representative is available to remove you from a Plan Sponsor account or application, please contact CMS’ RDS Center for assistance.
Scenario 6: I’ve been assigned a new RDS Secure Website user role, but I can’t log in with the Login ID and password I created for my previous role.
When you have been assigned to a new user role, you must once again complete registration in the RDS Secure Website and be approved in your new role. During the registration process, you will create a new Login ID and password and activate MFA for your new account.
Contacting CMS’ RDS Center About Access Issues
When requesting assistance from CMS’ RDS Center regarding account access issues, please keep the following things in mind:
- To best assist users with access issues, CMS’ RDS Center must work directly with that individual. Involving a third party to contact CMS’ RDS Center on behalf of another individual can delay resolving the issue.
- If you receive an error message while attempting to log in, please provide CMS’ RDS Center with the exact text of the error message.
- Do not include sensitive information such as Social Security Number and date of birth in communications to CMS’ RDS Center.
Remember: Protect yourself—do not share your login information. It is a violation of Federal law to share or transfer user accounts or login and password information.
If CMS’ RDS Center detects suspicious activity with a user account, the account will be deactivated until the security issue is resolved. This can delay completing important RDS Secure Website tasks and jeopardize deadlines.