One of the first steps in understanding your or your organization’s requirements and participation in the Quality Payment Program is to connect to your organization through the QPP portal at qpp.cms.gov. This allows you to see significantly more information than is available through the public-facing eligibility tool – information which is critical to making an educated decision about if or how to participate in MIPS.
At a high level, this requires two steps: creating a HARP account, and connecting to your practice on qpp.cms.gov. The process outlined below may seem long, but it only has to be completed once to gain access to critical information now and for all future QPP performance years.
Step 1: Register for a HARP Account
CMS has created a .zip file that can be downloaded here with PDF documents outlining each and every step of this process, including screenshots and tips. However, many users are able to complete the process without these detailed instructions simply by visiting https://harp.cms.gov/register/profile-info and following the steps to register through the site.
The information requested in the first step is very personal and includes date of birth, home address, and social security number. Because the QPP portal and other sites that use HARP logins can contain sensitive and HIPAA-protected information, it is necessary for CMS to verify your identity before providing access. A HARP account is issued to a single person and follows them through job changes, so it’s important to provide true and accurate information for yourself as an individual, not using information specific to your current practice or employer, and not registering on behalf of a provider for whom you work. (You can use your work email address, since this can be easily updated later if needed, but you should use your personal phone number and home address). Once your account is created, you can link it to any organizations or providers whose data you should access in step 2 below.
The site does offer an option not to provide your Social Security Number and to instead go through manual proofing to verify your identity. While this is available, it delays the process of obtaining a HARP account and can be a significant barrier to creating a login. By providing your SSN in the first step, your account can be verified and created in a few minutes rather than days or weeks.
After providing your personal information and agreeing to the Terms and Conditions, you’ll create a username, a password, and a challenge question. Again, remembering that this username is YOURS and is not linked to your employer or practice, it’s best to make it something unique to you. If you use a password generator, pay special attention the symbols that are permitted (and not) in your password.
If you provided your SSN earlier in the process, the next step will be the Experian identify proofing process. You’ll be asked questions primarily coming from your credit report to determine if you are who you say you are. Finally, you’ll set up some form of two-factor authentication. This can be a text message, phone call, or app.
If everything went well with the above steps, you now have a HARP account! Next, you’ll use it to log in at qpp.cms.gov and link to the appropriate practices or providers.
Step 2: Connect to a Practice or Provider
First, visit qpp.cms.gov and log in with your HARP account and two-factor authentication. On the left side of the screen, select “Manage Access” and click “Connect to an Organization.”
Unless you or the provider whose information you would like to access is billing under their own SSN, most users should select the organization type of “Practice.” Even if the practice only has one clinician, connecting at the Tax ID level is the best choice and allows you to see data for all past, current, and future providers under the TIN. Only an individual clinician looking up their own information should connect using the “Individual Clinician” option.
On the next screens, you’ll select the practice or practices you’d like to connect to. You can search by TIN or full legal business name.
Finally, you’ll select your role. Every TIN must have a Security Official, so if no one has that role already at the TIN, that will be the only available option. If a Security Official already exists, you will select to add yourself as an additional Security Official, or a Staff User. The roles are very similar, with the primary difference being that Security Officials must approve access for any new users after the first Security Official is established.
If you are the first Security Official for a TIN, you must provide the individual NPI and individual PTAN for any single provider billing under the TIN. It doesn’t matter which provider you choose as long as they’ve billed under the TIN long enough to be in the CMS database, but it must be their individual NPI and PTAN, not the group’s. If you enter correct information, you’ll be granted access almost immediately. If you enter incorrect information three times, it will go a manual proofing queue where it will be rejected by email in a few days’ time, and you’ll have to try again.
If you are the second Security Official or requesting a Staff User role, an email will be sent to the existing Security Official, who must log in and approve or deny your request for access.
If you don’t know who the current Security Official is, the first step is to have all likely people in the organization check their emails (including old and personal email addresses) and their junk folders. That may sound silly, but often we find the email was sent to an address someone hasn’t used in years, or one of the providers who is no longer involved in this kind of management signed up ages ago and didn’t remember.
If that doesn’t work, you can call the QPP help desk at 1-866-288-8292 for assistance. They can tell you who the registered Security Official is, and if that person is no longer with the organization or should not have access, you can request they be removed. At that point, the TIN defaults to having no Security Official, and someone will need to request that level of access using the TIN, an NPI, and a PTAN as described above.
Step 3: Review Your Data!
Once you are connected to an organization, you can view past performance feedback, current and past eligibility details, APM incentive payments (if applicable), file exception applications, and more, depending on the organization.
Need help understanding your performance feedback or eligibility? Reach out for a free consultation.