Making your provider data secure is a priority for us

Page last updated on: 4/07/25

To ensure your provider data and your patients’ data are as secure as possible, we’ve implemented additional security for prism accounts by creating a prism Security Administrator (pSA) role. Practices and facilities will review and approve or deny all affiliation requests for their group, which gives access to the group’s data like claims, authorizations and reporting. This security feature also gives Security Admins visibility to everyone who has access today.

Prism users will only be able to affiliate to groups or facilities that have a pSA. If the group doesn’t have a pSA, users will not be able to access the group’s data until the group assigns a pSA.

Determining and assigning a pSA at your provider group or facility

We rely on each practice or facility to assign a pSA through prism. We recommend groups who have more than 10 user affiliations have additional pSAs and that your Security Admin(s) are:

  • A prism user already affiliated in prism with the practice group or facility
  • A practice manager, compliance director or administrator for the provider group or organization

To become your group's pSA, submit a request through prism under General Requests, then prism Security Admin (pSA) Assignment.

Already a pSA? Learn how to review requests

How users add a group or facility affiliation in prism

New prism users won’t get automatic access to provider groups or facilities. Now, users will be notified that a request was submitted to the group’s pSA for approval.

Requesting a group/facility affiliation during prism registration

  1. Register for a prism account.
  2. Enter a valid provider group Tax ID and NPI combination and submit.
  3. You’ll either receive an email if your account is approved, or being reviewed. If approved, you'll be prompted to complete registration. If you're account is in review, we’ll let you know when your account has been approved so you can complete registration.
  4. Your group/facility affiliation request will be sent to the Security Admin for that group. You’ll receive a separate email once the pSA has approved your request for access.

If you’re a pSA for your provider group or facility

The pSA is responsible for approving or denying  any prism user requesting an affiliation to their group. Approving the affiliation gives the user access to the group’s data, like claims, authorizations and reporting. Click on the headings below for more information on how to view and approve or deny requests and add or remove additional pSAs.

  1. Login to prism and click the Security Admin link at the top of your homepage. Only pSAs can see this link and access this page.
  2. View your affiliation requests under the Affiliations Requests tab.

  1. Under Affiliation Requests, you’ll see all requests submitted by other prism users who want access to your group or facility.
  2. Review each user, their account/group affiliation, and email address. Approve or Deny each request.
  3. The status of the user’s application will update in prism once you make a selection, and they will get an email notifying them of their status change. If approved, users will have access to your group right away.
  4. If approved, the request will move to the Approved Affiliations tab. If denied, the request will be removed from the list.

Third Party Administrators (TPA)

If a user is from a TPA, the TPA column will display Yes. To approve or deny a TPA user, you must open the TPA request details by clicking the link in the TPA column for that request. A separate window will appear giving you additional details on the user’s affiliation, with the option to either Approve or Deny links.

If a user leaves your organization or should no longer have access to the data, you’re responsible for removing their access.

  1. In prism, go to your Security Admin page to view all users affiliated to your group or facility.
  2. Select Approved Affiliations.
  3. Review all users or use the search to find a specific user by name or email.
  4. On the contact’s affiliation row, click the trash can icon. Select Yes when asked “are you sure?”
  5. The user is removed from your group and will no longer have access to your data. This action won’t affect the user’s access to prism or other affiliations. The user will get an email notifying them of this change, with the pSA contact information to reach out with questions. 

Every year between June 1 and Aug. 1, follow these steps to review your affiliated users:

  1. In your prism account, select Security Administration, then Affiliation Requests.
  2. Navigate to your Affiliations table and select Affiliation Renewals at the far right of the table.
  3. Review the users currently affiliated with your provider group/facility and determine if they should be renewed. Once you select the user by checking the box, an Approve or Deny button will appear. Note: you can select multiple users at one time to approve or deny.
  4. Confirm your selection.

Unsure if the users are still employed by your organization or need to check with another department before you renew? You can select Download Pending Renewals to get an Excel sheet to share with others. 

Important: If users aren’t renewed, they'll automatically be removed from the provider affiliation after Aug. 1. It’s important for pSAs to review all renewals and take action to ensure access isn’t disrupted. 

Adding additional pSAs to your provider group

To add a prism security admin to your group, submit a General Request and select prism Security Admin (pSA) Assignment under the Web Tools & Services section. We’ll review the request for additional pSAs.

Removing or changing your group’s pSA

To remove additional pSAs from your group, you can remove their affiliation, which will remove their pSA access.

If you need to remove a pSA from your group without removing their affiliation to the group, submit a General Request and select prism Security Admin (pSA) Assignment under Web Tools & Services to remove their pSA status.

Note: If your role changes within your organization or a different pSA needs to be assigned, please follow the steps above to submit a replacement pSA for your group. A new pSA must be assigned before removing the current pSA user.

prism Security Administration (pSA) FAQs

Q: What’s a prism Security Administrator (pSA)?

A: A pSA is a prism user assigned through their organization to review and approve or deny prism users who request access to their group or facility. Previously, users could automatically get access in prism by adding an NPI and TIN.

Q: Why does my provider group need a pSA?

A: To improve the security of your practice and patient data, we’ve implemented additional security within prism and created the prism Security Administrators role. This allows your group to review and approve all affiliation requests, and access your data, instead of Priority Health.

Q: Do all provider groups need a pSA?

A:Yes, it's required for all provider organizations, including practices, facilities and hospitals to have at least one pSA assigned to their group (NPI/TIN). We strongly recommend several pSAs be assigned for larger provider entities who may have more than 20 users affiliated. 

Q: How do affiliation requests work if a group doesn’t have a pSA?

A: If a group doesn’t meet the pSA requirement, their affiliation requests will be approved following the previous process.

Q: How do I become a pSA?

A: You should be a prism user who’s already affiliated to your group and in an administrator role at your organization or facility. To gain access, submit a request through prism under General Requests, then prism Security Admin (pSA) AssignmentNote: Contracted Third-party administrators (TPAs) for provider groups can't request themselves or others to become a pSA. 

Q: How will I know if I’m a pSA?

A: When you’re designated as a pSA in prism, you’ll receive an email about your assignment and emails for affiliation requests for access to your group or facility. When you log in to prism, you’ll see Security Admin on your prism homepage.

Q: Can a group have multiple pSAs?

A: Yes, and they can all view requests and see a list of other pSAs at the group, along with who’s approved each request. We recommend groups have at least two pSAs.

Q: Can I make other prism users pSAs for my group?

A: Yes, you’ll need to submit a General Request in prism to add additional pSAs to your group. Select prism Security Admin (pSA) Assignment.

Q: Can ACNs, PHOs and other larger organizations with many groups and facilities have a pSA at the administrator level?

A: No, pSAs need to be assigned for each individual provider group and facility (unique NPI) under the ACN.

Q: How do I know if I have access requests?

A: You’ll receive a daily email with a summary of all requests and can see all affiliation requests on your prism Security Administration page.

Q: Can I remove someone’s access after it’s approved?

A: Yes. pSAs can remove users from your list of approved affiliations anytime by clicking the trash can icon next to the user. If an employee leaves your organization, it’s the responsibility of the pSA to remove their access to your group in prism.

Q: Can I remove myself as a pSA?

A: No, only Priority Health Tech Support can change the pSA designation for a user. To remove yourself as your group’s pSA, you’ll submit a General Request under prism Security Admin (pSA) Access. Note: if you’re the only pSA for your group, another user must request pSA access prior to your access being removed.

Q: How often do I, as a pSA, have to review the users for my group?

A: pSAs will be prompted to review their users access annually, but you should be making updates as soon as someone requests access or needs to be removed.

Q: As a prism user, can I see who my pSA is?

A: If you've submitted a request for access to a provider group or facility, you can see your status and follow-up with your pSA by clicking on your profile, then selecting Follow-Up on the far right of the page. Your pSA's contact information will appear in the pop-up window. 

Q: If I’m already affiliated to my groups in prism before the security feature is implemented, do I need to get re-approved?

A: No; however, affiliations will be reviewed annually by the group’s Security Admin and you may need to resubmit an affiliation request or be contacted by the pSA.

Q: When I register for prism, what access will I have?

A: If you’re a new prism user, once your account is approved, you won’t have access to any provider groups/affiliations until your affiliation request is approved by the group’s pSA.

Q: How long will I have to wait to get access to a group or facility in my prism account?

A: The group’s pSA will be responsible for reviewing and approving all requests for access to their data. We ask pSAs to approve requests within two business days. Users will have the option to send a follow-up reminder to the group’s pSA through their prism account.

Q: How will I know when my request for access is approved?

A: You’ll receive an email that your request for access is approved. You can also see the status of your request in your profile page in prism.

Q: What should I do if my request is rejected?

A: You can reach out to the pSA listed on your profile page.

Q: What if a pSA isn’t approving or responding to my request for access?

A: Follow up with the group’s pSA by going to your pending requests in your profile, and selecting “Follow up”, which will send an automatic reminder to all the pSAs of that group that there’s a pending request. Users can follow up with the pSA as much as they’d like through this feature. You can also reach out to them directly through your organization’s communication channels.

Q: I request authorizations and can’t get access. What do I do so patient care isn’t delayed?

A: If you’ve made more than three attempts (follow-ups) to the pSA, contact Tech Support at 800.942.4765 for next steps.

Q: Can I have access to multiple provider groups?

A: Yes, but each provider group has a pSA that has to approve access to their organization or facility.

Q: My organization is large and I don’t know everyone who has access to our group/facility. What do I do?

A: You should work with your human resources of compliance teams to ensure the users who have access to your group should.