NGSConnex Security Requirements
We frequently receive suggestions to improve NGSConnex by implementing less restrictive or eliminating some of our security requirements. Although we understand these security requirements often feel excessive, we are obligated to apply the CMS security requirements to safeguard PHI and PII. The following table has a list of suggestions we frequently receive along with tips to help save time and reduce frustration.
Frequent Comments/ Suggestions | CMS Requirement to Safeguard PHI and PII | Tips |
---|---|---|
I don’t need to use NGSConnex every month. Make the time longer than 30 days before you suspend my account. | CMS requires us to suspend your account if you have not logged in after 30 days. | We send emails to remind you to log in on the 25th and 29th day since your last login. Consider adding a recurring monthly task or event to your calendar to login. Preventing your account from getting suspended will save you time and frustration. |
I have so many passwords to keep track of. Allow me to keep the same NGSConnex password longer than 60 days. | CMS requires us to lock your account if you have not changed your password in the last 60 days. | When you login to NGSConnex you will receive a reminder when you are close to needing to change your password. If you attempt to login to NGSConnex and your password has expired you will be prompted to change it before you can login. Consider adding a recurring task to your calendar every other month to change your password. If you forget your password, you can select the ‘Forgot Password’ link and follow the prompts to change your password. Change your password before your account is suspended to save time and frustration. |
I am busy and often have to stop my NGSConnex transactions to do something else. Extend the time before you log me out for inactivity. | CMS requires us to end your NGSConnex session if you are inactive for greater than 30 minutes. | To help, we added a reminder to NGSConnex to alert you when you have been inactive for more than 25 minutes. |
I already login with a password, why do I need a MFA code every time? | CMS requires us to use two or more authentication factors to allow access to NGSConnex. The first is your user ID password and the second is the MFA code. We are not permitted to allow the same MFA code to be used for more than one day. | The MFA code is valid until 11:59 p.m. ET and can be used throughout the day unless you are prompted to request a new MFA code. |
I have to look up so many MBIs every day. Stop making me go through reCaptcha to prove I’m not a robot. Also, please don’t require me to enter a social security number since patients often do not want to provide it. | CMS requires that users authenticate through reCaptcha and provide beneficiary information including SSN prior to being presented with the MBI. | Although we can’t eliminate the requirements for looking up an MBI, we did add a feature to auto-populate the beneficiary demographic information (First Name, Last Name, DOB, MBI) when you click the Eligibility tab from the top navigation toolbar from a successful MBI lookup. This can help save time and effort. |
Updated 7/29/2022