Medicare beneficiaries get new online identity verification options

The U.S. Centers for Medicare & Medicaid Services (CMS) announced that is rolling out what it calls enhanced login options for Medicare.gov, giving beneficiaries who create a new account or verify their identity a choice of ID.me, Clear or Login.gov as part of a broader push to tighten account security and reduce fraud.

CMS said the new options are free, meet federal security standards, and are meant to better protect Medicare information from identity theft and unauthorized access.  The most relevant federal security standard is Identity Assurance Level 2 (IAL2) verification. 

The criteria for IAL2 is defined by the National Institute of Standards and Technology (NIST) in its Digital Identity Guidelines, SP 800-63. The Kantara Initiative accredited selfie biometrics solutions from Clear for IAL2 last year, Login.gov in 2024, and ID.me back in 2023.

Under the new setup, Medicare users do not need a smartphone, a REAL ID or even an existing Medicare.gov account to access general information, according to CMS.

The agency said beneficiaries can use options such as phone support, public computers and, in some cases, in person identity verification.

CMS also stressed that any facial recognition used by some providers is a one-time identity check, requires permission, and is not used for surveillance or tracking.

The move follows contract activity CMS began outlining late last year with private sector identity companies. At that time, ID.me had secured a CMS contract to provide identity verification and sign in services for Medicare.gov, with the integration expected to go live in early 2026.

CMS viewed the change as a way to strengthen security, streamline access and reduce fraud across Medicare’s online services, while also making use of credentials some beneficiaries may already have through other federal agencies.

Clear also won a CMS deal tied to Medicare.gov to provide biometric identity verification for Medicare beneficiaries and providers through its Clear1 platform, which the company described as a high assurance digital identity layer for healthcare.

The move was part of CMS’s wider digital transformation agenda, including its effort to create a more interoperable health technology ecosystem.

For CMS, the significance of its latest announcement is that those contract decisions are now becoming visible to the public as part of the Medicare login experience itself.

Beneficiaries can choose among private sector providers ID.me and Clear or the government run Login.gov service, while CMS keeps medical information in its own systems and says identity verification data is stored separately by the chosen provider.

Article Topics

biometrics  |  Centers for Medicare and Medicaid Services (CMS)  |  CLEAR  |  digital identity  |  fraud prevention  |  IAL2  |  ID.me  |  identity proofing  |  Login.gov  |  selfie biometrics  |  U.S. Government