CMS’ RDS Center would like to remind RDS Secure Website users that it is a violation of Federal law to share or transfer user accounts or login and password information.
The RDS Secure Website is maintained by the U.S. Government and is protected by Federal law. Use of the RDS Secure Website without authority or in excess of granted authority, such as access through the use of another individual's Login ID and Password, may be in violation of Federal law, including the False Claims Act, Computer Fraud and Abuse Act, and other relevant provisions of Federal, civil and criminal law. Security rules around government systems require users to have valid, appropriate and timely access.
Individuals are responsible for maintaining and protecting their RDS Secure Website account access, including Multi-Factor Authentication (MFA) configurations.
- Activate your MFA configuration with your own personal device, not the device of another person.
- Do not share Login ID, Password, QR code, Secret Key, Google Authenticator token, one-time token, or any other account information with anyone, verbally or in writing.
- Do not include any Protected Health Information (PHI), as defined in the Health Insurance Portability and Accountability Act (HIPAA), or Personally Identifiable Information (PII) in any email communication or support request with CMS’ RDS Center, such as Login ID, Password, MBI, SSN, DOB, etc.
Each individual who accesses the RDS Secure Website must register their own personal user account. If a registered individual is not available to complete an RDS Secure Website task, the Plan Sponsor can assign new users to an application. Designees can assist with many program tasks; the Account Manager and Authorized Representative roles may be reassigned as needed.
IMPORTANT: If a security violation has been suspected by the RDS Center, the compromised account will be terminated. If the user requires access to the Secure Website again, they will be required to be invited to each Plan Sponsor account and/or application for which they will perform work and complete registration again, including activating a new MFA configuration for the new account. This process cannot be circumvented or expedited by CMS’ RDS Center and may delay completing important RDS Secure Website tasks and jeopardize deadlines.
Active user accounts are required to complete many tasks in the RDS Program, including completing and submitting applications, receiving payments, processing appeals and completing Reconciliation. CMS' RDS Center will not process appeals or make payments to a Plan Sponsor if the Account Manager or Authorized Representative has a user account that is not active. Plan Sponsors are required to protect account information and manage users responsibly.
If you need more information, contact CMS' RDS Center.