Effective date: March 1, 2009

Implementation date: January 5, 2009

The Centers for Medicare & Medicaid Services (CMS) revised this article on August 13, 2008, to change the MLN Matters article MM6139 title to more accurately reflect the change request (CR) 6139 requirements. Additionally, changes were made to further clarify the authentication requirements. In particular, the note on page 2 of the article was changed to indicate that you will only be allowed three attempts to correctly give your national provider identifier (NPI), your provider transaction access number (PTAN), and the last five-digits of your tax identification number (TIN).

In order to comply with the requirements of the Privacy Act of 1974 and of the Health Insurance Portability and Accountability Act; customer service staff at Medicare fee-for-service provider contact centers must properly authenticate callers, and writers, before disclosing protected health information.

Because of issues with the public availability of previous authentication elements, CMS has addressed the current provider authentication process for providers who use the interactive voice response (IVR) system or call a customer service representative (CSR). To better safeguard providers’ information before sharing information on claims status, beneficiary eligibility, and other provider related questions, CMS has added the last five-digits of the provider’s TIN as an additional element in the provider authentication process. Your Medicare contractor’s system will verify that the NPI, PTAN, and TIN are correct and belong to you before providing the information you request.

Other authentication issues addressed in this article are:

Here is the link to the MLN Matters article MM6139 .