HARP Help

HCQIS Access Roles and Profile (HARP) is a secure identity management portal provided by the Centers for Medicare and Medicaid Services (CMS). Creating an account via HARP provides users with a user ID and password that can be used to sign into many CMS applications. It also provides a single location for users to modify their user profile, change their password, update their challenge question, and add and remove two-factor authentication devices.

What is HCQIS?
Healthcare Quality Information System (HCQIS) is the CMS system responsible for various quality reporting applications.

HARP provides a single user ID and password that can be used to sign into several CMS applications.

HARP supports login and role requests for the following CCSQ applications:

• Apache Knox/Ranger
• Atlassian (Confluence/Jira)
• CCSQ ServiceNow
• Data Element Library (DEL)
• FileCloud
• Financial Information and Vouchering System (FIVS)
• Github
• Managed File Transfer (MFT)
• Measure Authoring Tool (MAT)
• New Relic
• QIES Business Intelligence Center (QBIC)
• QIES Technical Support Office (QTSO)
• QualityNet Workspace (HCMS/Mailer/PRS)
• SAS Viya
• SC-CLIA Budget System
• Slack
• Splunk
• SurveyMonkey
• Zscaler

HARP supports only login for the following CCSQ applications. To request a role for these applications, please visit their website:

• Deliverable Administration Review Repository Tool (DARRT)
• ESRD Quality Reporting System (EQRS)
• Hospital Quality Reporting (HQR)
• Internet Quality Improvement Evaluation System (iQIES)
• Quality Management and Review System (QMARS)
• Quality Payment Program (QPP)
• Quality Safety & Education Portal (QSEP)

Don't see an application? Try IDM

Go to https://harp.cms.gov/register and complete the registration form to create a HARP account. To create an account, users must enter their profile information, account information, and successfully complete proofing (identify verification). Registration could take anywhere from 5 to 15 minutes, depending on how quickly user data is proofed and verified. HARP uses a third-party service provided by Experian to verify user identities. To complete account setup, users need to log into HARP and set up two-factor authentication.

HARP is a secure identity management portal and asks for personal information to verify the user's identity. HARP uses Experian to remotely proof users by taking user-entered data, such as date of birth and social security number (SSN), to generate a list of personal questions for the user to answer to verify his/her identity.

• RIDP is the process of validating personal information through various source databases processed through Experian to determine identity legitimacy. This method is used in place of manual proofing or in-person proofing. If you are requesting electronic access to protected CMS information or systems, you must be Remote Identity Proofed to gain access.
• CMS uses the Experian identity verification system to perform Remote Identity Proofing. Experian is used by CMS to confirm your identity when you need to access a protected CMS Application.
• You may have already encountered RIDP through various interactions with banking systems, credit reporting agencies, and shipping companies.
• When you first register with HARP, you will have the option to go through RIDP as opposed to manual proofing. You will be asked to provide a set of core credentials which include:
  • Full legal name, date of birth, contact information, residential address, and social security number.
• Experian will attempt to verify your identity to the appropriate level of assurance with the information you provided. Most users can complete the Remote Identity Proofing process in less than five minutes. If you encounter problems with RIDP, you will be asked to contact Experian Support Services via telephone at 1-833-203-6550 to resolve any issues.

• Your personal information is described as data that is unique to you as an individual, such as Name, Address, Social Security Number, and Date of Birth.
• HARP does NOT store your personal information; it only passes to Experian, an external identity verification system, to help confirm your identity.
• Your Social Security Number will be validated with Experian only for the purpose of verifying your identity. Experian verifies the information you provided against their records and may present you with questions based on your credit profile, called out-of-wallet questions.
• The out-of-wallet questions and answers, including financial history, are strictly between you and the RIDP service Experian; neither HARP nor CMS application will store them.
• Experian is required by law to securely maintain this data for seven years. For more information regarding how CMS uses the information you provide, please read the CMS Privacy Act Statement. Link: https://www.cms.gov/Research-Statistics-Data-and-Systems/Computer-Data-and-Systems/Privacy/index.html?redirect=/Privacy

No, this type of inquiry does not affect your credit score and you will not incur any charges related to this credit score inquiry. When you Identity Proof, Experian creates something called a soft inquiry. Soft inquiries are visible only to you, the consumer, and no one else. Soft inquiries have no impact on your credit report, history, or score other than being recorded and maintained for 23 months.

If you cannot Remote Identity Proof online, you will be asked to contact the Experian Verification Support Services Help Desk at 1-833-203-6550. The system will provide you with a reference number to track your case. For security purposes, the Experian Help Desk cannot assist you if you do not have the reference number.

If you contact the Experian Verification Support Services Help Desk and your identity cannot be verified, you will be referred to HARP to complete the Manual Identity Proofing process. To initiate manual proofing, select the "Initiate Manual Proofing" link on the HARP registration "Profile Information" page below the Social Security Number (SSN) field.

The Experian Help Desk is open Monday through Friday 8:30 AM - 10:00 PM EST, Saturday 10:00 AM - 8:00 PM EST, and Sunday 11:00 AM - 8:00 PM EST. You can contact the Experian Help Desk at 1-833-203-6550. The Experian website can be accessed at experian.com.

During the RIDP process you will be asked to provide a set of core credentials, which include:

• Full Legal Name
  • You must use your full legal name. Refer to your driver's license or financial account information.
  • Your surname must match the surname Experian has for you on file.
  • Do not use nicknames.
  • If you have a two-part name, enter the second part in the middle name field. (i.e., Billy Bob would have Billy in the first name field and Bob in the middle name field).
• Date of Birth
  • Your date of birth should use the mm/dd/yyyy format.
• Personal Email Address
  • You must enter a personal email address associated with your identity.
• Business Email Address
  • Your business email address should be one used for work. If it is the same as your personal email, please reenter in this field.
• Personal Phone Number
  • Enter your personal phone number, not your work phone number, to prevent failing Remote Identity Proofing.
• Social Security Number
  • Make sure SSN fields are filled in correctly.
• Current Residential Address
  • Please ensure your personal/residential/home address is used. Not your work address.
  • Use an address where you receive financial statements and/or utility bills, use for billing purposes, or is associated with your credit report.
  • If you have a recent change in address, you can try to Remote Identity Proof with a prior address.
  • Do not enter any extraneous symbols in the address field. If you want to confirm the correct format, visit USPS “Look up a ZIP Code.”
• Exclusions:
  • If you have a Victim's Statement, a blocked file, or a frozen file you will NOT be able to complete the Remote Identity Proofing process online. After attempting online, you will be directed to call Experian's Consumer Services at 1-833-203-6550 to have the alert temporarily lifted so that you can attempt the ID proofing process.
  • Telephone based proofing can only be used one time. If the user fails phone proofing, Experian will not be able to assist users who call back with the same reference number or call a different Experian call center phone number.

The Experian Review Reference Number is provided on the screen as well as in an email that is sent. In the event an Experian Review Reference Number is lost, the user should check the email account they used when going through Identity Proofing. If they cannot find the email, they can call the Experian Help Desk at 1-833-203-6550 and provide additional details to the agent for assistance.

If the Experian Review Reference Number is not found, it is recommended that the user repeat the same steps of renaming the ID and use in a PERSONAL email address. This would allow the user another attempt at the financial questions being offered. When successful, the user is advised to log into HARP to update their profile back to their WORK email address as was desired.

If the user has made multiple attempts to identify proof, a different Experian Review Reference Number is generated. The Experian agent will use the most recent Experian Review Reference Number. The user can also provide more detailed information such as a Social Security Number to be located.

Once the user's Experian Review Reference Number has been approved, the user will need to go back to the HARP application to complete HARP registration and add a two-factor authentication device. Once created the user can proceed to login to their respective application or system.

In contrast to remote proofing, manual proofing requires the user to send personal identification documents to the Services and Operations Support (SOS) team. If a user does not wish to enter their Social Security Number (SSN) during HARP registration for remote proofing or is unable to be remotely proofed by Experian, they will be required to initiate manual proofing. To initiate manual proofing, users must:

1. Submit their Profile Information and Account Information via HARP (SSN is optional)
2. Send the following documents to the Services and Operations Support (SOS) team via email, fax, or mail
• One of three approved forms of Government Photo IDs:
• Current driver's license issued by state or territory; OR
• Federal or State government issued photo identification card; OR
• U.S. Passport
• Two copies of financial institution official bills or statements addressed to the address used during the registration process. Payroll information is also accepted.

HARP does not recommend initiating manual proofing if the user is able to complete remote proofing, as it typically takes longer to be proofed and verified.

For any questions related to manual proofing, contact the Services and Operations Support (SOS) team, Monday - Friday 8:00 AM - 8:00 PM EST by phone at 1-866-288-8914 or email identity.proofing@cms.hhs.gov.

A user may be required to follow the manual identity proofing process for several reasons including a desire not to share a Social Security Number, they have no credit history, they have a credit lock, they use a Nickname/Alternate name, or Experian simply cannot find their data.

User IDs must be between 6-74 characters and unique (cannot already be taken by another user).

Passwords must be a minimum of 15 characters and include a lowercase letter, uppercase letter, and number (0-9). They cannot contain first name, last name, or part of user ID.

Go to https://harp.cms.gov/login to log into HARP. Upon successfully logging into HARP, users will be redirected to their HARP user profile where they can update their profile information, change their password, update their challenge question, and add and remove two-factor authentication devices.

All HARP accounts are required to have two-factor authentication for security purposes. It is an extra layer of security on top of a user ID and password that requires a piece of information only accessible by the user, such as a security code via text or phone call. Upon logging into HARP for the first time, users will be prompted to setup their two-factor authentication by entering one or more authentication devices. The available two-factor authentication methods in HARP are SMS, or Short Message Service (receive a text message), Voice (receive a phone call), Google Authenticator, Okta Verify, and Okta Verify Push.

A Personal Identity Verification (PIV) card is an identification card issued by a federal agency that contains a computer chip, which allows it to send, receive, store, and recall information in a secure manner. After first time login to HARP with EUA credentials, CMS EUA users may log into HARP using their PIV card. This functionality is only available to CMS users signing into HARP with their EUA account.

PIV card authentication only works for CMS employees after first time login with EUA credentials. If you have been using your HARP account rather than your EUA account to log into HARP, then you cannot use PIV card authentication. If you choose to start using your EUA account so you can use PIV card authentication, then you will need to re-request all your user roles.

If you have forgotten your user ID or password, go to https://harp.cms.gov/login/forgot-account-info. You will be prompted to enter your email address so that an email can be sent containing your user ID and a link to reset your password. If you have only forgotten your user ID, you do not need to click on the link to reset your password. To reset your password, click on the link in the email and answer your challenge question. If answered correctly, you will be prompted to reset your password.

If your password has expired, you will be prompted to change your password upon attempting to login to HARP. You will need to enter your old password and new password to change your password.

Account passwords are required to be reset after 60 days of inactivity. Please remember to log in within this period to avoid password expiration.

If your account is locked, you will be prompted to unlock your account upon logging into HARP. Enter your email address and follow the instructions to unlock your account. Otherwise, your account will automatically unlock after one hour.

If your account has been deactivated, it cannot be recovered. However, you may use our registration portal to create a new account. Although you may re-register using the same email address, you will have to select a new user ID. Your previous roles will not be available and will need to be requested again.

Accounts are required to be deactivated after 2 years of inactivity. Once an account is deactivated due to inactivity, it cannot be recovered. If you encounter difficulty logging in and wish to access your account before deactivation, utilize the built-in self-service functions to recover your User ID or password. Note: these recovery methods are available only for active accounts.

EUA users may routinely encounter a 403 App Not Assigned error when logging into some CMS Systems. This issue occurs when logging in using both HARP account credentials and EUA/PIV credentials in the same browser.

Workaround: If you encounter a 403 error for this situation, please do the following:

• Go to https://idm.cms.gov
• Log out of IDM by clicking on your name in the top right and selecting "Sign out"
• Close your current browser
• Open a new browser and try to log into the desired system

Note: If the issue persists, then you may try clearing your browser's cache or using a different browser. A long-term fix is being reviewed and is currently being piloted. We apologize for the inconvenience.

If your application is using HARP for role requests, log into HARP at https://harp.cms.gov. Click on the "User Roles" nav item in the top right to access the User Roles app. Click on the "Request a Role" button to start the role request process.

1. Select the program/application that you are requesting a role for and click "Next".
2. Select the organization that you are requesting a role for and click "Next".
3. Select one or many roles for your selected program and organization and click "Submit".

Your request should appear as a new line item in the "Pending Requests" section. If your application is not using HARP for role requests, follow your application's instructions for how to request user roles.

The amount of time it takes for a role request to be approved or rejected varies depending on the security official. Ultimately it depends on whenever the organization security official gets around to approving or rejecting the request.

You should receive an email notification when your role request is either approved or rejected by the organization security official.

Log into HARP and click on the "User Roles" nav item in the top right. The top section displays your "Pending Requests". Click on the "View" link to see the list of roles requested per Request ID.

Log into HARP and click on the "User Roles" nav item in the top right. Below the "Pending Requests" section is a "User Roles" section that lists your approved user roles.

If you no longer have access to a role you requested, it may be due to your application's security policy. Some applications may remove roles that have not been accessed in 60 days. Please check the security policies of the application you requested a role in for more details.

If you have any questions related to HARP, please contact your application's help desk. Contact Help Desk

If you're using Firefox and the Google reCAPTCHA is not working, the following Windows workaround is provided below:

1. Launch your Firefox browser and type into the address bar: about:config
2. Press: Enter
3. In the search, type: security.enterprise_roots.enabled
4. Double-click to change the value to true
5. Restart Firefox
6. Go to HARP registration: https://harp.cms.gov/register
7. Verify reCAPTCHA is now displayed