Identity & Access System Quick Reference Guide
11/01/2022 4
Connections in the Identity & Access Management (I&A) System
Group Practices or any other Organization who act on behalf of Providers as Surrogates, and have 1,000 or more
Connections to Individual Providers (IPs) in the Identity & Access Management (I&A) system may experience an
issue when attempting to access records for these providers in NPPES, PECOS, or HITECH (R&A). Until a fix can be
implemented you can avoid any issues by reducing the number of IPs that any one Staff End User within your
Organization has connections to within I&A. If a user acts on behalf of 1,000 or less IPs they should not have any
issues accessing records within NPPES, PECOS, or HITECH(R&A).
What Type of User are You?
Review the terms. Which term best defines you and your organization? Depending on your situation it may
change.
Individual Provider/Supplier
• An individual that provides services to Medicare beneficiaries and submits claims to Medicare and/or
reassigns benefits to an Organizational Provider (such as a group practice or hospital) that submits
claims to Medicare on their behalf (e.g., Provider working for a Group Practice, or Solo Provider).
• Must have or be eligible for a Type 1 NPI in NPPES.
Organizational Provider
• An Organization that provides medical items and/or services to Medicare beneficiaries (e.g., DMEPOS
Supplier, Physician Group Practice, Hospital, etc.) that submits claims to the Medicare Part A and/or Part
B programs
• Must have or be eligible for a Type 2 NPI in NPPES.
3
rd
Party Organization
• A third-party organization (e.g., billing agency, credentialing consultant, or other staffing company)
that has business relationships with Individual Providers or Organizational Providers to work on their
behalf.
Authorized Official (AO)
• An appointed official of an Organizational Provider or 3
rd
Party Organization with the authority to
legally bind that organization and conduct business on behalf of the organization. If an Organizational
Provider, also ensure the organization’s compliance with Medicare statutes, regulations and
instructions.
• Able to initiate or accept surrogacy connections, and manage staff on behalf of his or her
organization.
Access Manager (AM)
• An individual, delegated by the Authorized Official of an Organizational Provider or 3
rd
Party
Organization, with the authority to legally bind the organization and conduct business on behalf of the
organization. If an Organizational Provider, also ensure the organization’s compliance with Medicare
statutes, regulations and instructions.
• Able to initiate or accept surrogacy connections, and manage staff on behalf of his or her
organization.