Skip to main content

CMS' RDS Center will be performing system maintenance on the RDS Secure Website on Friday, April 19, 2024 beginning at 9:00PM ET and concluding Saturday, April 20, 2024 at 10:00AM ET. The Secure Website will be available, but file processing will be impacted. Refer to this Announcement for details.

Enable Your User Account

User Roles:





Program Components:

User Management


This section provides an overview of RDS Secure Website user account maintenance.

Due to the sensitive nature of this data, the user should contact the RDS Center directly when assistance is required. One individual should not contact the RDS Center on another individual's behalf. Do not include any Protected Health Information (PHI), as defined in the Health Insurance Portability and Accountability Act (HIPAA), or Personally Identifiable Information (PII) in the correspondence, such as User ID, Password, MBI, SSN, DOB, etc.

Federal Security Regulations require that a user log into CMS' RDS Secure Website at least every 180 days to maintain an active account. If you do not log into the RDS Secure Website at least every 180 days, your user account will become disabled.

User Management is the responsibility of the Plan Sponsor. If your user account becomes disabled, refer to Step-by-Step Instructions: Enable Your User Account.

Tips for Maintaining an Active Account

  1. Keep user accounts active. Maintaining an active user account is essential to RDS Program participation including submitting applications and completing Reconciliation. CMS' RDS Center will not make payments to a Plan Sponsor if the Authorized Representative or Account Manager has an inactive user account.
  2. Log into the RDS Secure Website at least once every 180 days. This maintains an active user account status. CMS' RDS Center understands that certain users of the RDS Secure Website may need to log in more often than others. However, Federal Security Regulations mandate this rule.
  3. Remind new users to log into the RDS Secure Website. The rule applies to new users even if they have never logged into the RDS Secure Website. New users have 180 days to log into the RDS Secure Website from the date they are activated and are required to log in at least once every 180 days thereafter to maintain an active account.
  4. Beware of critical path users who don't log in frequently. An Authorized Representative with an inactive user account cannot submit an application or Reconciliation payment request, and an Actuary with an inactive user account cannot sign the Attestation Agreement.
  5. Use the warning email as a reminder. CMS' RDS Center sends a warning email when a user account is about to be disabled. Use this email as a reminder. Select the link in the email and log into the RDS Secure Website. Doing this resets the 180-day clock and keeps your account active.
  6. Check spam filters. Take the necessary steps to ensure that warning emails are received and not marked as "spam" or automatically moved or deleted for any other reason. Make the necessary adjustments to your email account, or contact your network administrator to ensure that emails sent from the email address are not moved, deleted, blocked by any spam filters, or Blocked Senders List.

Return to top

Step-by-Step Instructions

This section provides step-by-step instructions to enable your RDS Secure Website user account.

Note: If CMS' RDS Center has detected an issue with your email address, you may be asked to verify it in the process of enabling your account.

  1. To begin the process to enable your user account, select the Enable Account link in the "RDS Secure Website User Account Disabled" email or the text (SMS) message sent to your registered text-enabled device number. You will be directed to the Validate Person Information page. This link can only be used once. If the link has expired, you will be directed to an error page and will need to follow the instructions to receive a new link.

    Sample RDS Secure Website User Account Disabled with Enable Account links highlighted.

    Note: If you do not have the "RDS Secure Website User Account Disabled" email, you can request to re-send the email by selecting the Re-send link in the error message that will display if you attempt to log in on the Login page, or when you are trying to complete the Request Forgotten Login ID or Forgot Password processes. Notifications are also sent via text (SMS) message if you provided a text-enabled device number to CMS' RDS Center.

On the Validate Person Information page:

An asterisk (*) indicates a required field.

  1. *Enter your Email Address.
  2. *Enter your Date of Birth.
  3. *Enter your Social Security Number.
  4. Select Continue to proceed to the Reset Password page, or select Cancel to return to the RDS Program Website homepage.

    Validate Person Information page with form fields and Continue button highlighted.

On the Success popup:

  1. A Success message displays stating that your account has been enabled. Select Exit.

    Success popup with Exit button highlighted.

On the Login page:

An asterisk (*) indicates a required field.

  1. *Enter your Login ID.
  2. *Enter your Password.
  3. *Enter your MFA Token.
  4. Select Login.

    Login page with form fields and Login button highlighted.

On the Change Password page:

An asterisk (*) indicates a required field.

  1. *Enter your Current Password.
  2. *Enter a New Password based on the Password Requirements.
  3. *Re-enter New Password for verification.
  4. Select Change Password.

    Change Password page with form fields and Change Password button highlighted.

On the Reset Password Success pop-up:

  1. A Success message displays stating that your Password was changed successfully. Select Exit to return to the Login page.

    Reset Password Success pop-up with Exit button highlighted.

Return to top

Page last updated: