Action Required: iQIES Provider Security Official Recruitment

As previously announced, CMS is preparing to release the Internet-facing, cloud-based system, referred to as the Internet Quality Improvement and Evaluation System (iQIES) for Minimum Data Set (MDS) submission in early 2023.

Although the MDS submission functionality will not be available immediately, we strongly encourage Provider Security Officials (PSOs) to request access to iQIES as soon as possible, as doing so will allow for a smoother transition prior to the go live date. The individual designated as the PSO must work for the provider and will be responsible for approving or rejecting iQIES user access requests for their respective organizations, including vendors. A user will not be granted access unless a PSO approves the request. The first PSO for your provider will need to be approved by CMS. Once approved, PSOs can approve additional Provider Security Official role requests.

Organizations must complete the steps below to register a Provider Security Official as soon as possible:

 ***IMPORTANT: General user onboarding begins November 15, 2022. At that time, if your organization has not yet successfully registered at least one PSO, users will not be able to complete their access requests. The delay for assigning a PSO places an organization in jeopardy of a smooth transition to iQIES.***

  1. Identify at least one individual who will be the Provider Security Official (PSO). Note: At a minimum, at least one PSO needs to be selected, but CMS highly recommends at least two PSOs are designated so there is a higher likelihood that someone will be available to approve/reject iQIES access requests. The PSO must work for the provider and cannot be a vendor.
  2. Create an account in the HARP system using your corporate email address* at: Note: HARP User IDs cannot be adjusted. As such, please refrain from using facility names or any special characters (such as # or &) when creating the HARP User ID. *If the facility handles 2 or less providers and does not have a corporate email domain, the PSO may use a personal email address.
  3. Access iQIES at: and log in with your HARP credentials (completed in step 2 above) to request the Provider Security Official role for YOUR specific provider CMS Certification Number (CCN).
  4. Once the PSO role request has been submitted AND approved, you will receive notification via email. At this point you will be one of the designated PSOs for your CCN and have the authority to approve/reject subsequent requests for access of various role types to your provider’s CCN.

Please see iQIES Quick Reference Guide – Provider Security Official for more information to onboard the PSO Role in iQIES:

Please Note: Currently, we are only onboarding MDS. You do not need to register for a HARP/iQIES account for Payroll Based Journal (PBJ) submissions.


For more information on HARP or iQIES, please refer to the following resources:



If you have questions or require assistance, please contact the iQIES Service Center at or by phone at (800) 339-9313.