As of April 17, 2023, healthcare providers who submit data to the Centers for Medicare and Medicaid Services (CMS) in the United States will be required to use the Internet Quality Improvement and Evaluation System (iQIES) for all data submission and reporting purposes.
MDS submissions will not be accepted from Thursday, April 13th at 8:00 p.m. until Monday, April 17th at 8:00 a.m. when iQIES will be ready for MDS submissions.
The Internet Quality Improvement and Evaluation System (iQIES) is a web-based data submission and reporting system developed by the Centers for Medicare and Medicaid Services (CMS) in the United States. It is designed to improve the quality of care provided to Medicare beneficiaries and to facilitate the collection and reporting of data by healthcare providers. iQIES be used for all submissions and communications (iQIES is a centralized system that allows healthcare providers to submit their patient assessment data electronically)
to and from CMS including MDS submissions, surveys, and certifications. iQIES provides CMS with a centralized platform for quality measurement, payment, regulatory compliance, and incident reporting.
The system includes four components:
I. Certification and Survey Provider Enhanced Reporting (CASPER) system:
- CASPER is a web-based application that enables healthcare providers to submit assessment data to CMS for quality measurement and payment purposes.
II. Quality Improvement and Evaluation System (QIES):
- QIES is a secure, web-based system that allows healthcare providers to submit data to CMS for regulatory compliance purposes.
III. Automated Survey Processing Environment (ASPEN):
- ASPEN is a web-based system that automates the processing of survey data for CMS certification purposes.
IV. Complaints and Incident Reporting Module (CIRM):
- CIRM is a web-based module that allows healthcare providers to report complaints and incidents related to patient care.
iQIES is designed to improve the quality of care provided to Medicare beneficiaries by:
- Providing a standardized data submission and reporting system for healthcare providers.
- Enables CMS to collect and analyze data more efficiently, which can help to identify areas for quality improvement and inform policy decisions.
The transition to iQIES is part of a broader effort by CMS to modernize its data collection and reporting systems, and to streamline the process for healthcare providers. iQIES replaces several legacy systems, including the Automated Survey Processing Environment (ASPEN) and the Quality Improvement and Evaluation System (QIES).
HHI Recommendations:
1. HHI recommends training staff on Internet Quality Improvement and Evaluation System (iQIES). To prepare for the transition, healthcare providers should ensure that their staff are trained on the new system and that they have the necessary hardware and software to access iQIES.
2. HHI recommends assessing current system. Providers should also review their existing data submission processes and make any necessary changes to ensure that they are compliant with iQIES requirements.
3. HHI recommends creating HARP accounts for all iQIES users. HARP verifies identity with birth date, Social Security number and generate questions to verify identity. QIES user IDs and Passwords do not carry over to iQIES.
a. HARP account at: https://harp.cms.gov/register/profile-info
b. Log into iQIES: https://iqies.cms.gov/
c. CMS states it may take 5-15 minutes for HARP account approval.
d. Once approved, complete the HARP registration.
i. Need cell phone for your two-factor authentication device.
e. Request an iQIES role in iQIES. Approval may take a day, or possibly longer, to get the approval for requests regarding iQIES roles. The secure identity management portal, HCQIS Access Roles and Profile (HARP) allows users to register for an account verifying their identity. A user profile can be modified here, password changed, challenge questions updated, and two-factor identification devices can be added and removed.
4. HHI recommends determining the best role for the MDS Coordinator and other staff who might access iQIES.
5. HHI recommends reviewing the roles available and note the differences between the:
a. Assessment Submitter Role.
b. Assessment Coordinator Role.
c. Provider Administrator Role.
6. HHI recommends referencing Table 4 of the CMS iQIES Roles Matrix Job Aide version 3.3 (released February 28. 2023). The Assessment Viewer Role permissions and the Provider Security Official privileges are included in this Table.
7. HHI recommends reviewing the below iQIES privileges by role:
Provider Administrator has privileges beyond those of the Assessment Coordinator.
- Delete a patient.
- Edit a patient.
- Inactivate an assessment.
- Modify a submitted assessment.
- Both the Provider Administrator and the Assessment Coordinator can:
- Search providers.
- View provider details.
- Add a patient.
- Create a patient assessment.
- Delete a patient assessment.
- Edit a patient assessment.
- Search for a patient.
- View a patient.
- View a patient assessment.
- View a patient assessment module.
- Edit a user profile.
- Generate/view reports.
- Assessment Submitter Role is limited to seven actions. This role does not have permission to view patients or patient assessments.
I. Search providers,
II. View provider details,
III. Edit an uploaded file (re-upload a modified file),
IV. Upload a patient assessment,
V. View a patient assessment module,
VI. View an uploaded assessment, and
VII. Generate/view reports.
- The Assessment Viewer role can:
- Search providers.
- View provider details.
- Search for a patient.
- View the patient.
- View a patient assessment.
- View the patient assessment module.
- Edit a user profile.
- Generate/view reports.
8. HHI recommends registering a minimum of 2 PSOs to ensure a back-up if the healthcare organization loses the primary affording expedient coverage.
9. HHI recommends Provider Security Officials (PSOs) watch the iQIES Training Orientation video and other instructional videos located on the CMS iQIES Training YouTube Channel.
10. HHI recommends Provider Security Officials (PSOs) access tools such as iQIES Video Catalog Job Aid and iQIES Manuals for download.
11. HHI recommends facilities and staff understand the role, responsibility, and important function that the designated Provider Security Officials (PSOs) serves for the healthcare organization. Below is a summary of the Provider Security Officials (PSOs) position in a healthcare facility.
- Provider Security Officials (PSOs) are designated individuals responsible for overseeing the security and confidentiality of patient health information within healthcare organizations that participate in the Medicare program in the United States.
- PSOs are responsible for developing and implementing security policies and procedures that safeguard ePHI from unauthorized access, use, disclosure, alteration, or destruction. They also oversee the training of staff on security awareness and ensure that healthcare providers comply with HIPAA requirements related to security risk assessments, security incident reporting, and breach notification.
- PSOs play a critical role in ensuring that healthcare providers comply with the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, which sets standards for the protection of electronic protected health information (ePHI).
- PSOs must have a thorough understanding of HIPAA requirements and security best practices, as well as the technical expertise necessary to manage the security of electronic systems and data. They are typically appointed by healthcare organization leadership and may also work closely with other IT and security personnel within the organization.
- There is no limit to the number of PSOs that can be designated.
- It can take several take several weeks to register a PSO.
- The PSO has complete access to all available functions that a provider is permitted.
- The PSO approves all user role requests, rejects user role requests, removes users, and can request a history of past approvals and rejections.
- The role of PSOs is becoming increasingly important as healthcare organizations increasingly rely on electronic systems to manage patient health information. By ensuring that healthcare providers have effective security controls in place, PSOs help to protect the privacy and confidentiality of patient information, maintain the integrity of electronic health records, and support high-quality patient care
Save time and hassle with our consolidated iQIES resource collection.
All 26 downloadable resources organized in one easy .ZIP file.
Visit CMS' website for more information on iQIES.
Please feel free to call HHI with any questions about IQIES at 617.595.6032
