signing up for qims security official...

12/29/2011

CMS’ CROWNWeb Application

Signing Up for QIMS

Security Official Training

FeaturingCROWNWeb Outreach,

Communication, and Training (OCT)

September 23, 2011

Revised on 12/29/11

Your Trainer Today

12/29/2011

2

Michelle BarryTechnical Writer

CROWNWeb Outreach, Communication, and Training (OCT) Contract

FMQAI – ESRD Network 7

12/29/2011

What is QIMS?

QIMS: QualityNet Identity Management System

Supports multiple CMS applications (not just CROWNWeb)

Streamlines the account application and approval process

12/29/2011

4

How is QIMS Structured

QIMS is based on a hierarchy of roles:

Security Official (SO) – Top level of authority for QIMS – Confirms and manages user identification and activation.

End User Manager (EUM) – First level of authority for QIMS – Confirms and manages what users can do.

End Users – General system users

12/29/2011

5

Role Details

Security Officials (SO) will:o Performs in-person identity proofing for applicants.

o Verify users’ Security Awareness Training completion.

o Activate users’ accounts.

o Submit Part A of QIMS Forms to QualityNet Help Desk.

o Maintain End User accounts (locked accounts, forgotten passwords, etc.).

End User Managers can:o Conduct first-level approval of account requests.

o Approves or rejects End Users’ QIMS account requests.12/29/2011

6

12/29/2011

Key Account Rules

The QIMS system contains certain rules and policies that users must adhere to:

Security Officials will automatically receive two QIMS user IDs (one to manage users’ requests; one for their own QIMS and CROWNWeb system access)

End User Managers will receive one QIMS user ID to approve QIMS applications and access CROWNWeb.

The SO and EUM cannot be the same person for a user.

12/29/2011

9

12/29/2011

Printing the QIMS Form

When you click the SUBMIT button, the QIMS Account Form displays.

Click the PRINT button in your browser to print a copy of this form. You mustclick PRINT here, as the form cannot be retrieved if you exit without printing.

12/29/2011

52

QIMS Account Form - Part B

SOs must go to www.QualityNet.org, and print a copy of the CROWNWeb Part B form to indicate their CROWNWeb roles and scope.

M

12/29/2011

53

Completing the Form

Complete the QIMS Part A and CROWNWeb Part B forms that you printed.

NOTE: If you are applying for the role of Security Official (SO), you must have Part A of the QIMS Account Form notarized before mailing it to the QualityNet Help Desk.

12/29/2011

54

Security Training

All users must have completed CMS Security Training in the past year. Users who have not completed the training must take the course located here:

http://iase.disa.mil/eta/iss_icv5/launchpage.htm

Once the training is complete, print the certificate of completion retain a copy for your records.

12/29/2011

55

Mail Paperwork

Once Part A of the form is complete, the initial Security Official must mail that form along with the CROWNWeb Part B form and a copy of the SAT certificate of completion to the QualityNet Help Desk.

Mail the ORIGINAL forms to the QualityNet Help Desk at the following address:

QualityNet Help Desk 1401 50th Street, Suite 200 West Des Moines, IA 50266

12/29/2011

56

Activation and E-Mail

Once an account is activated, End User Managers and regular End Users will receive two e-mails as follows:

One email containing their QIMS User ID.

One email containing a temporary QIMS Password.

Users must remember to change their QIMS passwords every 60 days to avoid locked QIMS accounts.

12/29/2011

57

First Log In

Upon first login, users must:

Change the temporary password issued to them.

When prompted, answer at least SIX of the TEN security questions.

Once users have completed these tasks, they will have access to the applications requested.

12/29/2011

58

12/29/2011

Account Sign-Up FAQs

When signing up for accounts in QIMS:

Users must print their QIMS form from the browser immediately when it displays. There is no retrieval after a user exits the screen.

Users will receive their Account ID and Password e-mails only after the SO approves their account in QIMS.

All users must take annual CMS Security Training - The SO verifies training completion for all supervised Users.

Users must print the Training Completion certificate and provide a copy to their SO.

12/29/2011

60

Account Sign-Up FAQs - 2

When signing up for accounts in QIMS:

EUMs and SOs do not need to be local to a user’s facility –Forms that are not validated in person must be notarized and sent to the EUM.

Home Phone and Cell Phone can be the same number during QIMS TFA registration.

Part A of the QIMS Form must be received by the Help Desk within 30 days of SO Activation in QIMS or the account will be deactivated.

12/29/2011

61

Account Sign-Up FAQs - 3

When signing up for accounts in QIMS:

Security Officials can use USPS, FedEx, UPS, or any other postal provider.

Users who do not have a middle name should enter NMN in the Middle Name field (a required field).

SOs will automatically be given a second QIMS user ID to manage their own QIMS account and to perform work in CROWNWeb if a CROWNWeb role is indicated on the CROWNWeb Part B form.

12/29/2011

62

Account Management FAQs

When managing accounts in QIMS:

Disabled accounts must be re-enabled via a support ticket logged with the QualityNet Help Desk.

Locked accounts occur when a user enters a password incorrectly too many times, or when security questions are not correctly answered.

Disabled accounts are accounts with revoked access.

SOs and EUMs can disable users under their supervision. The QualityNet Help Desk can also disable users for “Paperwork Not Received” or other security reasons.

12/29/2011

63

QIMS Role FAQs

When working with Roles in QIMS:

SOs and EUMs cannot be the same individual for a user.

When facilities are not large enough to support one SO and one EUM, an ESRD Network or CMS-level SO/EUM can serve in that role for that facility.

Individual SOs and EUMs can cover multiple facilities across multiple ESRD Networks.

12/29/2011

64

QIMS Facilities FAQs

When working with Facilities in QIMS:

Businesses that change their names or that close must follow the CMS notification process to have their record altered in QIMS.

SOs can change the information for their business in QIMS directly.

12/29/2011

65

QIMS Login FAQs

When Logging In to QIMS:

The SO role is considered to be an “elevated” role in QIMS – SOs will be required to complete the Two-Factor Authentication (TFA) screen when logging in.

Click the “Trust this Computer” check box to bypass QIMS TFA authentication for one user on one computerfor 12 hours.

TFA PIN codes are good for 10 minutes. After 10 minutes, the code expires and another code must be requested.

12/29/2011

66

Questions

12/29/2011

67

Thanks!

For Further Information…

Email: CRAFT@projectcrownweb.orgQualityNet Help Desk: 1-866-288-8912Website: http://www.projectcrownweb.org

This material was prepared by FMQAI, the CROWNWeb Outreach, Communication, and Training contractor, under contract with the Centers for Medicare & Medicaid Services (CMS), an agency of the U.S. Department of Health and Human Services. The contents presented do not necessarily reflect CMS policy. OCT contract # HHSM-500-2010-00261G. Publication Number: FL-ESRD-2011OTCT3-9-12450

12/29/2011

68