skip to content
Thank you for visiting First Coast Service Options' Medicare provider website. This website is intended exclusively for Medicare providers and health care industry professionals to find the latest Medicare news and information affecting the provider community.
To enable us to present you with customized content that focuses on your area of interest, please select your preferences below:
Select which best describes you:
Join eNews       En Español
Text Size:
YouTube LinkedIn Email Print
Send a link to this page
[Multiple email addresses must be separated by a semicolon.]
Last Modified: 11/25/2024 Location: FL, PR, USVI Business: Part A, Part B

SPOT limitations and password requirements

We are listening, and we understand your needs when it comes to our free portal, the Secure Provider Online Tool, or SPOT. While SPOT is an extremely useful tool, we know you still have some questions.
Here are some responses to what we’ve been hearing.
Why do I have to change my password so much? Why am I logged out every 30 minutes? Why do I have to use MFA (multi-factor authentication) to sign in?
We understand these things can be an inconvenience. These SPOT requirements are controlled by the Centers for Medicare & Medicaid Services (CMS) to adhere to its security standards, allowing us to use CMS’ systems for logins and security. We are currently unable to make changes to these processes and must continue to adhere to CMS standards.
Why are there limitations to the eligibility information provided?
Our eligibility systems are also controlled by CMS, through the HIPAA Eligibility Transaction System (HETS), which limits what data we can provide. Please be assured that SPOT provides all available data it has to you, our providers.
Why do I need to use Social Security numbers (SSNs) to find Medicare Beneficiary Identifiers (MBIs)?
This is a requirement of CMS, and not one we are able to change. CMS requires that SSNs be used to perform this function and unfortunately, we do not have alternative options at this time.

Important reminders for SPOT multi-factor authentication (MFA)

SPOT users are encouraged to review the below reminders about multi-factor authentication (MFA).

Why do I need to use a token code every time I log into SPOT?

Due to privacy requirements and the protected health information (PHI) that SPOT contains, CMS requires all users to authenticate using a password plus a secondary token code each time that you log in. This practice, also known as MFA, is a security enhancement that requires two forms of identification and helps to protect our beneficiaries’ information by adding this extra level of authentication.

Multiple MFA devices are recommended

To avoid impacts to your access, we highly suggest that users setup multiple MFA devices
MFA device options available to use are:
Email
Google Authenticator
OKTA Verify
Text message short message service (SMS)
This option requires a mobile phone capable of receiving a text message. The security code is delivered immediately to the user's mobile phone via text message.
Interactive voice response (IVR)
This option requires access to any telephone capable of receiving a phone call – this could be a mobile phone, or landline phone at your desk. The security code is provided immediately through an automated phone call.
Note: Updating your email address will also change your MFA and recovery devices.
Thank you for your continued use of SPOT and know that we’re here for you when you need us. Check out the SPOT User Guide or call our help desk at 855-416-4199, Monday through Friday, 8 a.m. to 5 p.m. ET.
First Coast Service Options (First Coast) strives to ensure that the information available on our provider website is accurate, detailed, and current. Therefore, this is a dynamic site and its content changes daily. It is best to access the site to ensure you have the most current information rather than printing articles or forms that may become obsolete without notice.