Home ►
SPOT News ►
Answering your big questions: SPOT limitations and requirements
Last Modified: 11/25/2024
Location: FL, PR, USVI
Business: Part A, Part B
We are listening, and we understand your needs when it comes to our free portal, the Secure Provider Online Tool, or SPOT. While SPOT is an extremely useful tool, we know you still have some questions.
Here are some responses to what we’ve been hearing.
• Why do I have to change my password so much? Why am I logged out every 30 minutes? Why do I have to use MFA (multi-factor authentication) to sign in?
• We understand these things can be an inconvenience. These SPOT requirements are controlled by the Centers for Medicare & Medicaid Services (CMS) to adhere to its security standards, allowing us to use CMS’ systems for logins and security. We are currently unable to make changes to these processes and must continue to adhere to CMS standards.
• Why are there limitations to the eligibility information provided?
• Our eligibility systems are also controlled by CMS, through the HIPAA Eligibility Transaction System (HETS), which limits what data we can provide. Please be assured that SPOT provides all available data it has to you, our providers.
• Why do I need to use Social Security numbers (SSNs) to find Medicare Beneficiary Identifiers (MBIs)?
• This is a requirement of CMS, and not one we are able to change. CMS requires that SSNs be used to perform this function and unfortunately, we do not have alternative options at this time.
SPOT users are encouraged to review the below reminders about multi-factor authentication (MFA).
Due to privacy requirements and the protected health information (PHI) that SPOT contains, CMS requires all users to authenticate using a password plus a secondary token code each time that you log in. This practice, also known as MFA, is a security enhancement that requires two forms of identification and helps to protect our beneficiaries’ information by adding this extra level of authentication.
To avoid impacts to your access, we highly suggest that users setup multiple MFA devices
MFA device options available to use are:
• Email
• Google Authenticator
• OKTA Verify
• Text message short message service (SMS)
This option requires a mobile phone capable of receiving a text message. The security code is delivered immediately to the user's mobile phone via text message.
• Interactive voice response (IVR)
This option requires access to any telephone capable of receiving a phone call – this could be a mobile phone, or landline phone at your desk. The security code is provided immediately through an automated phone call.
Note: Updating your email address will also change your MFA and recovery devices.
Thank you for your continued use of SPOT and know that we’re here for you when you need us. Check out the
SPOT User Guide or call our help desk at 855-416-4199, Monday through Friday, 8 a.m. to 5 p.m. ET.
First Coast Service Options (First Coast) strives to ensure that the information available on our provider website is accurate, detailed, and current. Therefore, this is a dynamic site and its content changes daily. It is best to access the site to ensure you have the most current information rather than printing articles or forms that may become obsolete without notice.