BPHC Bulletin: Reminder About New Payment Management System Login Process

HRSA sent this bulletin at 03/28/2024 12:48 PM EDT

A timely update from the Bureau of Primary Health Care

March 28, 2024

In response to recent incidents of fraudulent activity, the Payment Management System (PMS) changed its user login process to include a multi-factor authentication tool called ID.me. This change, which recently took effect, aims to strengthen the system’s identity verification of all PMS users. Read more in HRSA’s Office of Federal Assistance Management’s (OFAM) bulletin, “OFAM Clarifies New PMS Login Process for Grant Recipients and Federal Awarding Agency Staff.”

We encourage all health centers to take these steps IN ADVANCE of needing to access PMS. This will avoid potential delays in accessing funds:

Create an ID.me account if you do not already have one. See the ID.me Help Center website for guidance. All recipients MUST register with ID.me to access their PMS account.
- Existing ID.me members do not need to create another account.
- The email address on your PMS account must be the primary email on your ID.me account before you are able to login to PMS. See additional resources on this webpage: Using HHS Payment Management System for work.
Check your SAM.gov record to ensure the account is active and current — PMS uses SAM.gov to verify information.
- Make sure that organization contacts in HRSA’s Electronic Handbooks (EHBs), SAM.gov, and PMS are all up to date and aligned, as this is what the system checks to grant access.
- Recommend checking SAM.gov at least once per year.
Go to PMS. Select “Sign in with ID.me” to log into PMS and complete multi-factor authentication.
- Link the email address on an existing ID.me with an existing PMS username.

RESOURCES

During the February 27 Today with Macrae webcast, Jim walked through the new login process. Access the webcast recording on our website.
Learn more about these changes on the Program Support Center’s UPDATED Payment Management System Access Process webpage.
HHS issued an alert to PMS users to exercise vigilance; see their message.

UPDATE ON RECENT SECURITY ALERT ABOUT PHISHING EMAILS

Earlier this week, we sent a bulletin to BPHC grantees repeating an alert that went out to EHBs users (we also linked to the bulletin in the Digest).

HRSA’s Office of Information Technology sent an update on Tuesday, March 26. They provided direction on what to do if you accidentally provided Personally Identifiable Information (PII) in response to one of the phishing emails:

Notify your internal IT security team, which can provide immediate support and instructions.
Inform HRSA that your PII has been exposed. Submit your input via the BPHC Contact Form (Technical Support > EHBs Tasks/EHBs Technical Issues > Other EHBs Submission Types).
Contact law enforcement by filing a complaint with the Internet Crime Complaint Center (IC3).