The Empire Plan is a unique health insurance plan designed especially for public employees in New York State. Empire Plan benefits include inpatient and outpatient hospital coverage, medical/surgical coverage, Centers of Excellence for transplants, infertility and cancer, home care services, equipment and supplies, mental health and substance abuse coverage and prescription drug coverage.
KATHY HOCHUL
Governor
TIMOTHY R. HOGUES
Commissioner
NY24-14
PE24-10
PA24-09
SEHP24-09
TO: Executive Staff Who Have Permission Access to NYSHIP Systems and All Health Benefit Administrators (HBAs)
FROM: Employee Benefits Division
SUBJECT: NYBEAS Access and HBA Online Access
DATE: August 26, 2024
Agencies that participate in the New York State Health Insurance Program (NYSHIP) are granted access to systems to assist with administering the Program benefits. This memo provides detailed information regarding the systems for administering NYSHIP and how to obtain, remove or change who has access to these systems. This memo also serves to notify NYSHIP agencies that the EBD-545 Data Access Officer Request Form has been revised. A copy of the new form is attached; agencies should begin using the new form immediately.
HBAs, please share this memo with your executive staff who authorize permissions to access NYSHIP systems (in most cases, this is the organization’s CEO, COO or HR Director).
What are the NYSHIP Systems?
The New York Benefits Eligibility and Accounting System (NYBEAS) is the system that maintains NYSHIP enrollment information. Information on NYSHIP enrollees can be viewed and changed as necessary by a designated user within an agency. All NYBEAS-designated users must be Health Insurance Portability and Accountability Act (HIPAA) trained and compliant. (It is the responsibility of each agency to ensure all NYBEAS-designated users are HIPAA-trained and compliant. EBD does not provide HIPAA training.) NYBEAS-designated users are agency staff members who work directly with employee benefits and are responsible for enrolling and updating an enrollee’s NYSHIP benefit information, including but not limited to, adding, or removing dependents, updating address information, and updating Medicare information. Staff responsible for administering NYSHIP benefits are referred to as the agency’s Health Benefits Administrator.
HBA Online is an online resource that contains current and historical NYSHIP information, as well as memos and announcements specifically for employers providing NYSHIP-administered benefits to their employees. This resource does not contain member-specific, personally identifiable information or Protected Health Information (PHI). The Department communicates with NYBEAS users through HBA Online and NYBEAS.
How Does My Agency Receive Access to Department Systems?
Each agency must designate a Data Access Officer (DAO). The DAO is the officer of the agency who is authorized to request user permissions to NYBEAS and HBA Online for the agency’s HBA(s). The DAO is responsible for removing NYBEAS permissions for users who no longer have business use for NYBEAS or are no longer associated with the agency. To comply with internal control mandates, the DAO may NOT have NYBEAS access. The DAO is solely responsible for ensuring that only HIPAA-compliant agency employees with a demonstrated business need are provided access to NYBEAS and that access is removed timely when appropriate.
How Does My Agency Designate a DAO?
Agencies must designate or change their DAO(s) by sending a completed EBD-545 Data Access Officer Request Form (attached) to the Employee Benefits Division. This is a revised version of the form. The form must be signed by the authorized signatory of the agency (in most cases, this is the organization’s CEO, COO or Director) or the authorized signatory’s designee.
If you do not know whether your agency has a DAO designated on file, call the HBA Help Line at 518-474-2780 for assistance. If a DAO is not on record, the agency will be asked to establish a DAO. This must be done before any changes to user permissions can be processed.
Data Access Officer Responsibilities
DAOs must update user permissions through the Online Civil Service Permissions Request system (OCSPR). OCSPR is located on the DCS website at: https://www.cs.ny.gov/login/?tlsd=/permissions-request/index.cfm.
OCSPR may also be accessed via the Department of Civil Service website, www.cs.ny.gov. From the Department homepage go to: HR Professionals > State Government > User Permission Request.
In OCSPR, a DAO can request a user to be added, deleted, or changed for both NYBEAS and HBA Online. From the OCSPR home page, the DAO can add or remove a user by selecting “Submit a Request.” To view an employee’s current permissions, enter the employee’s SSN under “Employee Permissions Summary.” DAOs should only request access for current agency staff. Third-party access to NYBEAS is not permitted.
EBD has a contact list for all primary and secondary approved HBAs. Not all NYBEAS-designated users are approved HBAs, therefore not all NYBEAS-designated users are listed on the contact list. When submitting a request to add permissions for a new HBA, the DAO should indicate whether the user should be listed in the contact list as a primary or secondary HBA under the “Request Comments” section. If there are no comments, the user will not be listed as an HBA in the contact list. When outreach is needed, only NYBEAS-designated approved HBAs will be contacted. The primary HBA’s name will be the only HBA listed when EBD sends written correspondence from our office to an enrollee. The DAO is responsible for updating the HBA contact list to ensure EBD has the most up-to-date list of NYBEAS-designated approved HBAs.
Once a request is approved, the DAO who submitted the request will receive two emails from the ITS Service Desk. One email will provide the User ID for the new user and the other will provide the password associated with the User ID. The approval process may take up to two weeks to complete. The DAO should check their email Junk and Spam folders before calling the HBA Help Line to inquire about the status of their request. It is important to remember to change the password provided by ITS once initial access is granted. To comply with Department internal controls, only the DAO who requested the user permissions will receive these emails. The DAO is responsible for providing this information to the user by forwarding these emails to the correct user. No email is sent when user permissions are terminated.
DAOs who have questions regarding OCSPR navigation can review the OCSPR User Manual accessible through the OCSPR home page. For other OCSPR issues or if a DAO is unable to access OCSPR, contact the HBA Help Line at 518-474-2780. EBD will first verify that a DAO has been established for the agency and provide the available assistance but may need to refer the matter to the ITS Service Desk.
Access to Department Systems
NYBEAS has two levels of permissions: Read-only (Inquiry) Access or Transaction Processing Access.
NYBEAS – Read Only Access allows a user to view NYSHIP enrollment information, but they cannot make changes to any information. This access may be appropriate for an agency individual who has a business need to review the information but is not responsible for the day-to-day administration of NYSHIP benefits (ex. someone in charge of personnel activities, including the Human Resource Director). To assign read-only access to a user, please request it in the comments in OCSPR. If there is nothing noted in the comments, then the user will be granted NYBEAS - Transaction Processing Access.
NYBEAS – Transaction Processing Access allows a user to view and update NYSHIP enrollment information. This access is appropriate for the primary and secondary individuals responsible for the day-to-day administration of NYSHIP benefits. HBAs should have NYBEAS Transaction Processing Access.
HBA Online has one level of access – users have permission to view and use HBA Online. HBAs and any backup NYBEAS users should have access to HBA Online and should check the site regularly for new information. DAOs are automatically granted HBA Online access when they are established through the DAO form.
Health Benefits Administrators (HBAs)
As a reminder, no person may have both DAO and HBA permissions for the same agency.
Agency DAOs must ensure that all HBAs and NYBEAS users have read and understand the HBA requirements concerning the New York State ITS Acceptable Use Policy NYS-P14-001. You can find more information in HBA Memo NY21-32/PE21-18/PA21-16/SEHP21-10.
As described in HBA Memo NY20-29/PA20-22/PE20-27, all HBAs must adhere to all privacy and HIPAA) regulations in the application of their duties, especially for the privilege of NYBEAS access and use.
NYBEAS users should ONLY be using their own NYBEAS login credentials to access the site. Sharing NYBEAS logins or using another person’s login to access the site could constitute a HIPAA violation and must be reported to EBD.
For NYBEAS or HBA Online password assistance, HBAs should contact the ITS Help Desk at 1-844-891-1786 or at fixit@its.ny.gov. EBD staff is available to assist regarding the use of both NYBEAS and HBA Online. If you have questions regarding this information, contact the HBA Help Line at 518-474-2780, Monday through Friday from 9:00 a.m. to 3:00 p.m.
The EBD-545 Data Access Officer Request Form is enclosed for your convenience.