From 31a53f89a6161180638a2e09efeb730ae93d091e Mon Sep 17 00:00:00 2001 From: justin Date: Fri, 5 Jun 2026 01:53:44 -0500 Subject: [PATCH] feat(npi): offer paper CMS-855 path (e-sign + we mail to MAC) alongside I&A surrogacy - order-confirmation email presents both filing methods: paper CMS-855 (no account needed, client e-signs one page, we print+mail to their MAC) and I&A surrogacy (faster, needs CMS account). NPPES-only services note that surrogacy is required (web-only). - npi_provider handlers record the access model per service in admin todos. - marketing copy leads with the lowest-friction paper option. --- api/src/routes/checkout.ts | 64 +++++++++++++++++++ scripts/workers/services/npi_provider.py | 21 +++++- .../healthcare/medicare-enrollment.astro | 11 +++- .../healthcare/npi-revalidation.astro | 12 ++++ 4 files changed, 104 insertions(+), 4 deletions(-) diff --git a/api/src/routes/checkout.ts b/api/src/routes/checkout.ts index 4e0b56c..37c8aef 100644 --- a/api/src/routes/checkout.ts +++ b/api/src/routes/checkout.ts @@ -2113,6 +2113,15 @@ export async function sendComplianceIntakeEmail( ((o.service_name as string) || "").toLowerCase().includes("499"), ); + // PECOS / NPPES orders need CMS I&A surrogate access (the healthcare analog + // of USAC E-File delegation). OIG/SAM screening needs no access (public DBs). + const PECOS_ACCESS_SLUGS = new Set([ + "npi-revalidation", "npi-reactivation", "nppes-update", + "medicare-enrollment", "provider-compliance-bundle", + ]); + const npiAccessOrders = orders.filter(o => PECOS_ACCESS_SLUGS.has(o.service_slug as string)); + const hasNpiAccess = npiAccessOrders.length > 0; + const SITE_DOMAIN = process.env.DOMAIN ? `https://${process.env.DOMAIN}` : "https://performancewest.net"; const confirmUrl = `${SITE_DOMAIN}/order/success?action=usac_delegation&order_id=${orderId}`; @@ -2143,6 +2152,59 @@ export async function sendComplianceIntakeEmail(

` : ""; + // CMS filing-method section for PECOS / NPPES orders. We offer two paths and + // let the provider pick the one that's easiest for them: + // (1) Paper CMS-855 — they e-sign one page, we print + mail to their MAC. + // Zero account setup. Default for revalidation/enrollment. + // (2) I&A surrogacy — faster/trackable, but needs a CMS I&A account. + // NPPES-only services (reactivation, update) are web-only, so surrogacy is + // the only path for those. We never ask for the provider's password. + const npiConfirmUrl = `${SITE_DOMAIN}/order/success?action=ia_surrogacy&order_id=${orderId}`; + // Which ordered services can use the paper CMS-855 path (PECOS enrollment/reval) + // vs. are NPPES-web-only (surrogacy required). + const PAPER_855_SLUGS = new Set(["npi-revalidation", "medicare-enrollment", "provider-compliance-bundle"]); + const NPPES_ONLY_SLUGS = new Set(["npi-reactivation", "nppes-update"]); + const hasPaper855 = npiAccessOrders.some(o => PAPER_855_SLUGS.has(o.service_slug as string)); + const hasNppesOnly = npiAccessOrders.some(o => NPPES_ONLY_SLUGS.has(o.service_slug as string)); + + const paper855Block = hasPaper855 ? ` +

Option 1 (easiest): Paper CMS-855 — no account needed

+

+ We complete the correct CMS-855 form for you. You e-sign the certification page + from a secure link we send (takes about a minute), and we print it and mail it to + your Medicare Administrative Contractor (MAC). Nothing for you to set up. +

` : ""; + + const surrogacyHeading = hasPaper855 + ? `Option 2 (faster): CMS I&A surrogate access` + : `Grant CMS I&A surrogate access`; + + const npiSection = hasNpiAccess ? ` +
+

Action Required: Choose How We File

+ ${paper855Block} +

${surrogacyHeading}

+

+ ${hasNppesOnly ? "NPPES updates and reactivations are online-only, so this is required for those. " : ""}You add us as a + Surrogate in CMS Identity & Access (I&A) — you never share your password. + We then file in PECOS / NPPES under our own credentials, e-sign where permitted, and capture the tracking ID. +

+
    +
  1. Log in to CMS I&A (I&A System)
    2. +
  2. Go to My Connections → Add Surrogate
    3. +
  3. Add surrogate organization: Performance West Inc. (email filings@performancewest.net)
    4. +
  4. Grant access to PECOS and NPPES for your NPI, then approve our request
    5. +
+

+ + I've granted surrogate access → + +

+

+ ${hasPaper855 ? "Prefer the paper option? Just reply to this email and we'll send your CMS-855 to e-sign — no further action needed from you here." : "Clicking this notifies our team so we can begin your filing."} +

+
` : ""; + // Fully admin-assisted services with NO customer intake form. State-level // trucking + hazmat/emissions now have a dedicated intake step, so they are // NO LONGER in this set — customers get an intake link like other services. @@ -2222,6 +2284,8 @@ export async function sendComplianceIntakeEmail( ${usacSection} + ${npiSection} + ${dotSection} ${intakeSection} diff --git a/scripts/workers/services/npi_provider.py b/scripts/workers/services/npi_provider.py index 71f99c1..cdc01a6 100644 --- a/scripts/workers/services/npi_provider.py +++ b/scripts/workers/services/npi_provider.py @@ -40,6 +40,9 @@ _SLUG_META = { "the revalidation due date on the CMS revalidation list, update the " "enrollment record, and submit. Capture the PECOS tracking ID." ), + "access": ( + "PECOS via CMS I&A surrogacy (preferred). Fallback: paper CMS-855I/B/R, provider wet-signs cert page, mail to provider's MAC." + ), "priority": "high", }, "npi-reactivation": { @@ -49,6 +52,9 @@ _SLUG_META = { "Reactivate the deactivated NPI in NPPES. Verify the deactivation " "reason, correct any stale data, and re-certify the record." ), + "access": ( + "NPPES via CMS I&A surrogacy. No paper option (NPPES is web-only)." + ), "priority": "high", }, "nppes-update": { @@ -59,6 +65,9 @@ _SLUG_META = { "updates within 30 days of any change). Apply the requested field " "changes and certify." ), + "access": ( + "NPPES via CMS I&A surrogacy. No paper option (NPPES is web-only)." + ), "priority": "normal", }, "medicare-enrollment": { @@ -68,6 +77,9 @@ _SLUG_META = { "Complete the provider's Medicare enrollment in PECOS (CMS-855). " "Confirm taxonomy, practice location, and authorized official." ), + "access": ( + "PECOS via CMS I&A surrogacy (preferred). Fallback: paper CMS-855, provider wet-signs, mail to MAC." + ), "priority": "high", }, "oig-sam-screening": { @@ -78,6 +90,9 @@ _SLUG_META = { "SAM exclusion lists. Produce the screening certificate and flag any " "matches for escalation." ), + "access": ( + "No client access needed - OIG LEIE + SAM.gov are public. Screen by NPI/name, issue certificate." + ), "priority": "normal", }, "provider-compliance-bundle": { @@ -88,6 +103,9 @@ _SLUG_META = { "revalidation watch, run OIG/SAM screening, and refresh the NPPES " "record. Set the next revalidation reminder." ), + "access": ( + "PECOS/NPPES via CMS I&A surrogacy; screening is public. Paper CMS-855 fallback for the enrollment/revalidation piece." + ), "priority": "high", }, } @@ -123,7 +141,8 @@ class _BaseNPIHandler: f"PECOS Enrollment ID: {pecos_id or 'not provided'}\n" f"Specialty: {specialty or 'not provided'}\n" f"Practice state: {practice_state or 'not provided'}\n" - f"Portal: {meta['portal']}\n\n" + f"Portal: {meta['portal']}\n" + f"Access model: {meta['access']}\n\n" f"Review-staged: file manually, then mark this order complete." ) diff --git a/site/src/pages/services/healthcare/medicare-enrollment.astro b/site/src/pages/services/healthcare/medicare-enrollment.astro index 2770c87..4a19bbd 100644 --- a/site/src/pages/services/healthcare/medicare-enrollment.astro +++ b/site/src/pages/services/healthcare/medicare-enrollment.astro @@ -43,13 +43,18 @@ const description = "New to Medicare or adding a practice location? We assemble
-

How it works

+

How it works (without sharing your password)

  1. You place the order and give us your NPI and basic practice details.
    2. +
  2. We send a one-time link to add us as a Surrogate in CMS I&A. You never share your login.
  3. We pull your NPPES record and identify exactly which 855 forms apply.
    4. -
  4. We assemble the package and send it to you for signature/attestation.
    5. -
  5. We submit in PECOS and track it through your MAC, resolving any development requests.
    6. +
  6. We file in Internet-based PECOS under our own CMS credentials and track it through your MAC.
+
+ Prefer paper? We can complete a paper CMS-855 instead, + send it for your wet signature, and mail it to your Medicare + Administrative Contractor (CMS does not accept faxed 855s). +
diff --git a/site/src/pages/services/healthcare/npi-revalidation.astro b/site/src/pages/services/healthcare/npi-revalidation.astro index 9ea80b0..bffaad1 100644 --- a/site/src/pages/services/healthcare/npi-revalidation.astro +++ b/site/src/pages/services/healthcare/npi-revalidation.astro @@ -66,6 +66,18 @@ const description = "CMS requires every enrolled provider and supplier to revali
+
+

How we file for you

+

+ You pick whichever path is easiest. You never share your CMS + password. +

+
    +
  • Paper CMS-855 (easiest, nothing to set up). We complete the correct CMS-855 form, you e-sign the certification page from a secure link (about a minute), and we print it and mail it to your Medicare Administrative Contractor (MAC). CMS does not accept faxed 855s, so we handle the mailing.
    • +
  • Internet-based PECOS (faster, needs a CMS account). You add us as a Surrogate in the CMS Identity & Access (I&A) system; we then file in PECOS under our own credentials and capture the tracking ID.
    • +
+
+
File my Medicare revalidation — $399 →