Last Modified: 5/25/2023
Location: FL, PR, USVI
Business: Part A, Part B
Q1: How do I register for the Secure Provider Online Tool (SPOT)?
Q2: I already have an Identity Management (IDM) account. How do I request access to SPOT as an end user?
Q3: I just received confirmation of my account request, why can’t I login?
A3: To use the SPOT, you must complete the full new user registration process through the IDM website. If you have your IDM account and attempt to log on to SPOT before your application access request has been approved (i.e., no request submitted, request in pending status, or request in denied status), a permission error message will be returned:
If you have an IDM account and have submitted your SPOT access request, you will receive an email once your request has been approved or denied. However, if you are unsure of the status of your SPOT access request, you may contact the SPOT Help Desk (855-416-4199 option 1) or email: FCSOSpotHelp@fcso.com). Please make sure to include your IDM account User ID and request confirmation number.
Clear your internet browser’s cache between logins
If you have acquired an IDM account and have approved access to the SPOT, you may encounter the permission error message if you have not cleared your internet browser’s cache between logins to either the IDM or SPOT websites.
To avoid this error in the future, please make sure to clear your internet browser’s cache at the end of every visit to the IDM website or the SPOT website. When you wish to access the website again, make sure to open a new internet browser window to log in.
Q4: I have a SPOT account, why am I getting an error message when logging in? Q5: Will I lose my SPOT access if I become inactive?
A5: Yes, SPOT users must log in at least once every 30 days to retain access. Users will be notified at certain points that their accounts face termination due to inactivity. CMS requires that SPOT accounts be terminated after 30 days of inactivity. First Coast will send email notifications to users after 15, 25, 28, and 29 days of inactivity. Please note that accounts will be terminated after the final email notification. If your account is terminated, you must request access to SPOT again by following these steps
Q6: Can multiple users from the same organization use one IDM account? If an employee leaves the organization, can another employee use the IDM account? Multifactor authentication (MFA) Q7: How do I register, add, or change my MFA device for access SPOT? Q8: When do I need to have a registered MFA device in place?
A8: The MFA passcode is required to log in to SPOT every time they log in. SPOT account holders are encouraged to register multiple devices.
Q9: Can I register more than one MFA device?
A9: Yes. It is recommended that you register more than one MFA device. To register a second or third device, follow the steps you took in registering your initial MFA device. When logging into SPOT, you will select only one of these devices to receive your MFA passcode. Registration of additional devices ensures your access to SPOT should other devices not function properly. Passcodes change each time you log in to SPOT.
Q10: If I am already getting a request to enter a multifactor authentication (MFA) passcode, do I need to register another device to access SPOT?
A10: If you use other applications such as Physician Quality Reporting System (PQRS) or Provider Statistical and Reimbursement (PS&R) that are hosted on the IDM, then you have already completed registration of an MFA device with your IDM account. You are ready to use MFA to access SPOT. CMS uses MFA to verify account holder identity for many of the other applications hosted on its IDM system.
However, if this is the first time you are seeing the field to enter the MFA passcode and you wish to register your first MFA device, enter only the password you use to access SPOT currently. First Coast offers this step-by-step guide
to help you register your first MFA device.
Q11: Can I register a single MFA device for multiple users?
A11: No. Each MFA device must be used for the SPOT account for which it’s registered. Passcodes generated from unlinked MFA devices will not work. Also, please note that SPOT and IDM accounts may not be shared. First Coast strongly recommends that you register multiple devices to ensure your access to SPOT.
Q12: Does the same code get sent to all the devices you registered?
A12: The IDM authentication system will only send one passcode to one device at a time. While you may register more than one device, you can only request a passcode be sent to one device at a time. Secondary devices should be registered to serve as a fail-safe in the event the first MFA device does not generate in passcode to you. If you elect to receive your passcode via email, note that this may take several minutes before you receive the passcode to log in to SPOT.
Q13: What happens to the data submitted for identity proofing?
A13: CMS’ IDM collects your personal information, described as data that is unique to you as an individual, such as name, address, telephone number, Social Security number, and date of birth. IDM uses this personal information only to verify your identity. Your information will be sent to Experian, an external identity verification provider, to help us confirm your identity. If collected, we will validate your Social Security number with Experian only for the purpose of verifying your identity.
Experian verifies the information you give us against their records and may present you with questions based on your credit profile. The questions and answers are strictly between you and the remote identity proofing (RIDP) service, Experian.
Q14: Will RIDP affect my credit?
A14: No, this type of inquiry does not affect your credit score. You will not incur any charges related to this inquiry. When you identity proof, Experian creates something called a soft inquiry. Soft inquiries are visible only to you, the consumer, and no one else. Soft inquiries have no impact on your credit report, history, or score other than being recorded and maintained for 23 months.
Q15: Why can’t I locate the deductible information when checking a patient’s eligibility?
A15: If the beneficiary is enrolled as a Qualified Medicare Beneficiary (QMB), deductible information may not be available at the time of the query.
HETS (HIPAA Eligibility Transaction System) indicates periods during which the beneficiary is enrolled as a QMB and will indicate the beneficiary owes $0 for Medicare Part A and B deductibles, coinsurance or copayments. Note: This information will be displayed under the QMB tab within SPOT.
QMB beneficiaries have no legal liability to pay Medicare providers for Medicare Part A or Part B cost-sharing. For these beneficiaries, providers may bill state Medicaid agencies which are responsible for covering Medicare cost-sharing, though the beneficiary may also have other secondary payers (e.g., VA, tribes, Medigap).
Q16: Are there restricted modifiers, procedure codes, or denial codes that cannot be corrected through the reopening process using SPOT? Q17: What types of changes may I include in a claim reopening request? May I change more than one field on each line item? Can I add or remove line items? Q18: When I try to edit a field (e.g., modifier, DOS), the SPOT won’t allow me to add a value, delete a value, or edit a value. How can I resolve this problem? Q19: What types of requests and forms can be submitted, requested, and retrieved through SPOT’s Secure Documentation? What are the submission requirements? Q20: When I try to submit a form through SPOT’s secure documentation, I receive an error message after I click the ‘Submit’ button. What should I do? Q21: How do I submit my EDI application using SPOT? Q22: I requested a Part B Comparative Billing Report (CBR) from SPOT; however, no data was displayed in the first section of the report. Why would this happen? Q23: How do I obtain a Provider Data Summary (PDS)?
First Coast Service Options (First Coast) strives to ensure that the information available on our provider website is accurate, detailed, and current. Therefore, this is a dynamic site and its content changes daily. It is best to access the site to ensure you have the most current information rather than printing articles or forms that may become obsolete without notice.