
PECOS and the Identity and Access Management System
Medicare enrollment is one of those areas where small mistakes can create bigger problems later. A delay in access, a missing role, or the wrong person managing the record can slow down enrollment work and affect billing readiness.
That is why healthcare providers need to understand two connected systems: PECOS and the Identity and Access Management System.
They are related, but they do not do the same job. PECOS is where Medicare enrollment work happens. The access management system controls who can get into PECOS and what they are allowed to do. When provider offices mix those two up, the result is often confusion, delays, and unnecessary follow-up.
What is PECOS?
PECOS stands for Provider Enrollment, Chain, and Ownership System. It is the online Medicare enrollment system used by providers and suppliers. Through PECOS, you can:
- Enroll in Medicare
- Update enrollment information
- Revalidate enrollment
- Upload supporting documents
- Review current enrollment records
- Make changes to your provider information
PECOS is not only for first-time enrollment. It is also used later when a provider needs to update practice details, ownership details, reassignment information, or other Medicare enrollment records.
For healthcare providers, PECOS should be seen as an active business system. If the information inside PECOS is wrong or outdated, it can affect enrollment status, billing readiness, and follow-up with Medicare contractors.
What is the Identity and Access Management System?
The Identity and Access Management System, often shortened to I&A, is the system that manages user access.
It handles the access side of the process, not the enrollment side. In simple words, it decides who can log in, which organization or provider they can work on, and what level of access they have.
So if someone is searching for what an AMS is or trying to understand the access management system, this is the part they are usually asking about.
A provider office may have several people involved in enrollment work, but not all of them should have the same permissions. The access system is what helps control that.
How PECOS and the access management system work together
PECOS and the I&A system are linked, but they do different jobs. PECOS stores and processes Medicare enrollment information. The I&A system handles identity verification, user credentials, and role-based access. This is the easiest way to understand it:
- PECOS is the Medicare enrollment workspace
- The access management system is the gatekeeper
One system is used to complete the work. The other system is used to control access to that work.
A provider can have login credentials and still not have an active Medicare enrollment application in progress. On the other hand, a provider may be ready to submit an update in PECOS but cannot move forward because the access setup is incomplete or assigned incorrectly.
That is why provider offices need to look at both pieces together.
Who needs PECOS and who needs I&A access?
Healthcare providers who want to bill Medicare, order and certify, or maintain Medicare enrollment records will encounter both systems. The Centers for Medicare & Medicaid Services (CMS) provider enrollment guide explains that providers should first get an NPI if needed, then complete the Medicare enrollment application through PECOS, and then work with their MAC during review. Access to PECOS itself depends on an I&A account.
For individual providers and suppliers, CMS says an Authorized Official is not required, but they can authorize surrogates and staff end users to work in PECOS. For organizational providers and suppliers, CMS says the organization must designate an authorized official through the I&A system, and that official may authorize additional users such as access managers, surrogates, and staff end users.
That split is important for provider groups, MSOs, credentialing teams, and billing companies. A solo practitioner can often keep access simpler. A group practice, hospital-based entity, or larger organization usually needs a more formal access structure so enrollment work does not depend on one person’s login or role. CMS’s current I&A guide also shows that Authorized Officials and Access Managers can add the organization as an employer in I&A and manage staff access to supported business functions.
Understanding common I&A roles for provider organizations
The official role names matter because they control what your team can actually do.
Authorized Official
CMS says organizational providers and suppliers must designate an Authorized Official in the I&A system. In the current CMS enrollment guidance, that role is the main organization-level authority for working in CMS systems and authorizing additional users.
Access Manager
In the current I&A setup, Access Manager is treated as a key operational role for day-to-day access control. An Authorized Official can assign users as either Staff End Users or Access Managers, and then the Access Manager can handle assigning Staff End Users as needed.
This setup is especially useful for larger provider organizations because it lets one dedicated person manage routine access tasks while the Authorized Official focuses on higher-level responsibilities instead of handling every access change.
Staff End User
A Staff End User is typically a staff member who needs system access for defined business functions but is not the top access authority. In real provider settings, this may be an enrollment specialist, office manager, or billing team member working under the organization’s access framework.
Surrogate
A surrogate relationship lets another person or organization work on behalf of a provider or organization. CMS and MAC resources describe surrogacy as a way to connect records so a third party can act on behalf of the provider in supported systems. This is especially relevant when outside credentialing firms, consultants, or centralized enrollment teams help manage PECOS activity.
Why this matters to healthcare providers
From a provider standpoint, PECOS and I&A are not just compliance tools. They affect access, billing readiness, change reporting, and revalidation. If access is set up incorrectly, staff may not be able to:
- Start an enrollment application
- Update provider information
- Submit documents
- Complete revalidation
- Manage Medicare records on time
This can lead to delays in provider onboarding, billing setup, location updates, ownership changes, and other important enrollment actions.
For individual providers, the access setup may be more straightforward. For group practices and organizations, the structure is usually more complex because different people may need different levels of access.
A simple provider workflow: from setup to enrollment
Here is the easiest way for healthcare providers to think about the process.
Step 1: Get the right provider identifier
A provider usually needs the correct identifying information in place before Medicare enrollment work begins.
Step 2: Set up access
The provider or organization needs the correct account and role setup in the Identity and Access Management System.
Step 3: Use PECOS for enrollment work
Once access is in place, the provider or authorized team member can use PECOS to complete Medicare enrollment tasks.
Step 4: Upload documents and complete the process
PECOS is used to submit information and supporting documents as part of the enrollment or update process.
Step 5: Respond to follow-up if needed
If more information is requested during review, the provider or organization must respond through the proper workflow.
What is AMS in PECOS?
If someone searches what is AMS, they are usually trying to understand the login and access side of PECOS. In CMS language, the correct term is the Identity & Access Management System," usually shortened to I&A. It is the system used to create access, manage roles, recover credentials, and control who can use PECOS and related CMS systems.
So the plain answer is this: PECOS is where you handle Medicare enrollment. The access management system is the gatekeeper that decides who can get in and what they can do.
Final takeaway
PECOS and the Identity and Access Management System serve two different but connected purposes. PECOS is the system used for Medicare enrollment work. The access management system controls who can get into PECOS and what they can do there.
For healthcare providers, the key is to make sure the right people have the right access before any enrollment or update work begins. When provider offices understand this clearly, they can manage Medicare enrollment more smoothly and avoid common delays.
FAQs
What is PECOS?
PECOS stands for Provider Enrollment, Chain, and Ownership System. It is CMS’s web-based Medicare enrollment platform for providers and suppliers.
What is AMS?
If you mean the Medicare access system connected to PECOS, CMS refers to it as the Identity & Access Management System, or I&A System.
Do all providers need an I&A account?
Providers who need to access PECOS use I&A credentials. CMS also says organizational providers must designate an Authorized Official through the I&A system.
Can an office manager or credentialing staff member work in PECOS?
Yes, depending on how access is set up. CMS and current I&A guidance allow roles such as Access Manager, Staff End User, and surrogate relationships so authorized team members can work in supported systems.





























