DSHS 17-253 – DSHS Background Check System – BCS – Access Request

Jurisdiction: Country: United States | Province/State: Washington

What is a DSHS 17-253 – DSHS Background Check System (BCS) Access Request?

This form lets your organization get access to the state’s Background Check System. You use it to create, update, or close your BCS account. You also use it to add, change, or remove individual users in your account. It sets the rules for how your staff will access sensitive background check data.

The Background Check System supports screening for people who work with vulnerable adults and children. It routes requests and results through one secure portal. Your access to this system is not automatic. The Department will only grant access to qualified, eligible entities. The form documents that eligibility and your security obligations.

Who typically uses this form?

Providers licensed or contracted by the state. That includes adult family homes, assisted living facilities, nursing homes, home care agencies, supported living providers, behavioral health agencies, and other social service contractors. Some third‑party administrators and staffing agencies also use it. They use it when they run checks for a provider under a valid agreement.

You need this form if you must run background checks as part of state rules or contract terms. If you hire caregivers, case managers, drivers, or anyone with unsupervised access to clients, you likely need BCS access. You also need it if you manage volunteers or contractors who handle client data. Without BCS access, you cannot submit and receive official results in the standard process.

Typical usage scenarios include these

• You are opening a new adult family home and need to screen your staff before move‑in.
• You bought an existing assisted living facility and must set up a new account.
• Your home care agency expanded to a new branch and needs separate account structure.
• Your Primary Account Administrator left. You need to assign a new one and remove the old.
• You hired an HR manager who will submit and track checks. You need to add their user role.
• You no longer employ a scheduler who had access. You must revoke their access.
• You changed your legal business name or ownership. You must update your account profile.
• You use a third‑party HR vendor. You want to authorize that vendor to submit checks on your behalf.

The form anchors your responsibilities. It limits access to people who need it to do their jobs. It confirms you will protect confidential information and follow system rules. It also gives the Department the details needed to authenticate your account and users.

When Would You Use a DSHS 17-253 – DSHS Background Check System (BCS) Access Request?

You use this form at the start of your relationship with the Background Check System. If you are new to providing contracted or licensed services, complete the form to request your first account. Do this before you onboard staff who must be cleared. Approvals can take time, so plan ahead.

Use it when your organization changes. If your business changes ownership or legal name, you may need a new account. At a minimum, you need to update your profile and point of contact. If your licensing number changes, report it with this form. If you add or close locations, reflect that change.

Turnover triggers use of this form. When a Primary Account Administrator leaves, submit a request to assign a new one. Do not let the account sit without an administrator. You are responsible for access control. Removing former staff helps prevent misuse. You also use the form to add new users or change roles for existing users.

Growth prompts updates. As you hire recruiters, HR staff, and program managers, you add them as users. You select roles that match job duties. For example, you may allow a scheduler to view results but not submit new checks. You may allow a finance staffer to manage payment, but not see personal data.

Third‑party relationships can require this form. If you hire a vendor to run checks for you, you must authorize that access. You will list the vendor users tied to your account. You remain responsible for how they handle data. If the vendor relationship ends, you must remove that access.

Program shifts drive changes. If you add a new service line, like supported living or respite care, you may need new account settings. Update your provider type so the system routes your checks correctly. If your payment method changes from credit card to invoice, update that too.

Even small changes matter. Updates to your mailing address, email domain, or main phone affect system notices. Your users need reliable alerts for results and renewals. Use this form to keep contact details current. You also use it if you want to close your account when you stop services.

Typical users

• Owners
• Executive directors
• HR managers
• Compliance officers
• Office managers

In smaller settings, the provider or licensee often fills the form. In larger agencies, compliance or IT may handle it. But the signer must have authority to commit the organization.

Legal Characteristics of the DSHS 17-253 – DSHS Background Check System (BCS) Access Request

This form is part of a regulated access process. By signing, you accept legal duties tied to confidential information. The state grants you role‑based access to a government system. That access is a privilege, not a right. The privilege depends on your eligibility and your adherence to rules.

What ensures enforceability?

It is legally binding because you make formal certifications. You confirm who you are, your business status, and your program type. You state you will use the system only for lawful, authorized purposes. You agree to protect personal and criminal history information. You accept that misuse can result in sanctions.

Enforceability rests on several features. The form has required signatures. It states your obligations and the scope of permitted use. It sets conditions for account management and audit. The Department retains authority to grant, deny, or revoke access. System logs track user actions. Those logs support investigations and enforcement.

You must get the applicant’s consent before you submit a check. You must verify the applicant’s identity. You must keep records of authorizations and results as required. You must restrict access to people with a direct business need. You must follow retention and disposal rules for sensitive data.

Security is central. You must maintain unique accounts for each user. You must not share passwords or logins. You must store results in secure systems. You must report suspected breaches or misuse promptly. You must remove access when staff leave or change roles.

Payment obligations also apply. If your entity pays for checks, you accept fees and billing terms. You must ensure funds are available. If you use a payment account with the Department, you must keep that account in good standing. Non‑payment can affect your access.

The Department can audit your use. Audits may review user lists, consent forms, and internal policies. They may review whether you followed required steps for each check. They may review whether you limited access to least privilege. Findings can lead to corrective action or revocation.

Finally, account access does not replace licensing rules or contract duties. You remain responsible for ensuring staff meet all screening standards. If a result triggers action, you must follow your program’s requirements. The system’s status messages do not absolve you of those duties.

How to Fill Out a DSHS 17-253 – DSHS Background Check System (BCS) Access Request

Follow these steps to complete the form accurately and avoid delays.

1) Confirm your eligibility and purpose.

• Make sure your organization is licensed or contracted for covered services.
• Identify the program types you operate. Examples include adult family home, assisted living, home care, supported living, or behavioral health.
• Decide if you need a new account, an update to an existing account, or closure of an account.

2) Choose your Primary Account Administrator (PAA).

• Pick a trusted employee with authority and time to manage users.
• The PAA creates, edits, and deactivates user accounts.
• The PAA monitors results, renewals, and system notices.
• If you have multiple locations, decide whether to use one PAA or separate PAAs.

3) Gather your organization identifiers.

• Legal business name and any doing‑business‑as name.
• Federal Tax ID and state business identifier if you have one.
• Licensing or certification numbers related to your program type.
• Contract or provider numbers if you have state contracts.
• Physical address and mailing address.
• Main phone number and general email for notices.
• The name and title of your authorized representative.

4) Plan your account structure.

• Decide if you need one account for all locations or distinct accounts by site.
• List each site’s name, address, and license number if separate.
• Identify which users need access to which site or the entire organization.
• Define roles: administrator, standard user, read‑only, or payment‑only as needed.

5) Decide your payment method.

• If your checks are covered by contract, note that in the form.
• If you will pay per check, confirm your credit card or other accepted payment method.
• If you use a billing account, provide the account details required by the form.

6) List your users and roles.

• For each user, collect full name, job title, work email, and phone.
• Assign the least privilege needed to do their job.
• Note whether each user needs to submit checks, view results, manage users, or manage payment.
• If a vendor will act for you, list vendor users and limit their scope to your account.

7) Complete the organization section.

• Enter your legal name exactly as registered.
• Provide addresses and contact information.
• Select your provider or program type. Choose all that apply if permitted.
• Enter your license and contract numbers. Use current and accurate numbers.

8) Complete the access request section.

• Check the box for “New Account” if you do not have BCS access yet.
• Check “Update Existing Account” for changes to users, roles, contact info, or payment.
• Check “Close Account” if you have ended services and no longer need access.
• If updating, specify what you are changing and the effective date.

9) Complete the administrator and user schedules.

• In the PAA section, enter the full details for the Primary Account Administrator.
• In the secondary admin section, add backup administrators if the form supports them.
• In the user schedule, list all standard users and their roles.
• If you have many users, attach an additional schedule as allowed.

10) Acknowledge security and confidentiality obligations.

• Read the security and confidentiality clauses carefully.
• Confirm you will keep user accounts unique, secure, and current.
• Confirm you will use information only for lawful hiring or service decisions.
• Confirm you will report any suspected breach or misuse.

11) Certify authorized use and consent process.

• Affirm that you will obtain signed consent from each applicant before submission.
• Affirm that you will verify the applicant’s identity and information.
• Affirm that you will keep required records for the retention period.
• Affirm that you understand penalties for misuse.

12) Sign and date the form.

• The authorized representative signs and dates. This person must have authority to bind the organization.
• Print the signer’s name and title.
• The PAA may also need to sign their role acceptance if the form requires it.
• If the form requests two signatures, provide both.

13) Attach required documents.

• Include proof of licensure or certification if requested.
• Include contract or provider numbers confirmation if requested.
• Include any separate user schedule if you have more users than the main form allows.
• If changing ownership or name, include documentation of the change.

14) Review for accuracy and completeness.

• Check that all fields are filled, even if “N/A” where not applicable.
• Verify emails and phone numbers are correct and monitored.
• Confirm role assignments match job duties and least privilege.
• Ensure the form is legible if handwritten or use a fillable version if available.

15) Submit the form as instructed.

• Use the submission method listed on the form.
• If the form is electronic, follow the upload or e‑signature steps.
• Keep a copy for your records, including all attachments.
• Calendar follow‑up dates in case you need to check status.

16) Prepare for approval and onboarding.

• Ensure the PAA is ready to receive the approval notice.
• The PAA should set up user accounts promptly after approval.
• Provide internal training on appropriate use of the system.
• Set up procedures for consent, identity verification, and record retention.

17) Maintain your account going forward.

• Remove access immediately when staff leave or change roles.
• Review your user list at least quarterly.
• Update contact details and payment information when they change.
• Respond to system notices and renewals on time.

Practical examples of how to complete key parts

• New adult family home: Select “New Account.” Enter your legal name and your adult family home license number. Name the provider or licensee as the authorized representative. Appoint yourself as PAA if you will manage HR. List any co‑owner or manager who will submit checks as standard users. Choose a payment method. Sign and date.
• Home care agency with multiple branches: Decide whether to use one account with site distinctions or separate accounts per branch. If one account, appoint a corporate PAA. Add branch HR leads as standard users with access only to their locations. Enter all relevant license or certification numbers. Set up a billing method used across the account.
• Change of ownership: Select “Update Existing Account” or “Close Account” plus “New Account” depending on instructions from your licensor. Update the legal name, Tax ID, and license number. Assign a new PAA from the new ownership group. Remove prior administrators and users. Include proof of ownership change. Sign as the new authorized representative.
• Vendor engagement: If you use a vendor to process checks, list vendor staff as users under your account with restricted roles. Limit their access to submission tasks. Keep result viewing limited to your internal team if preferred. Ensure your contract with the vendor aligns with these limits. Remove vendor access when the engagement ends.

Role selection guidance

• Primary Account Administrator: Full administrative rights. Should be a trusted employee. Avoid using generic mailboxes. Use a named, individual account.
• Secondary Administrator: Backup for the PAA. Can cover absences and help manage users.
• Standard User: Can submit checks and view results as permitted. Assign to HR or hiring managers.
• Read‑Only User: Can view results but cannot submit or manage users. Assign to supervisors who need to see clearance status.
• Payment‑Only User: Can manage payment details. Assign to finance staff if needed.

Common mistakes to avoid

• Leaving off license or contract numbers. This slows eligibility verification.
• Using personal email addresses. Use work emails you control.
• Assigning more access than needed. Keep to least privilege.
• Failing to remove former employees. Revoke access the day they leave.
• Not listing vendor users. Do not let vendors share internal logins.
• Ignoring signature requirements. Unsigned forms will not be processed.

Recordkeeping tips

• Store signed applicant consent forms securely. Tie them to each submission.
• Keep a copy of the access request form and all updates.
• Maintain a current roster of users and roles. Note the date of each change.
• Document your internal procedures for consent, identity checks, and data handling.
• Set a schedule to review access and training at least annually.

If you follow these steps, your request should move without unnecessary delay. You will have a clear account structure, defined roles, and a compliant process. That positions you to run timely background checks and protect client safety.

Legal Terms You Might Encounter

• Background Check System (BCS) is the secure online system you use to submit and manage background checks. On this form, you request permission for your organization and specific staff to access that system.
• Primary Account Administrator is the person you designate to manage your organization’s BCS account. This person adds and removes users, assigns roles, and ensures your organization follows security rules. The form asks you to name this person and accept their responsibilities.
• Backup Administrator is a secondary account manager. This person steps in when the primary administrator is unavailable. Listing a backup on the form helps prevent account lockouts and delays.
• Authorized User is any staff member you list who will log in to BCS. Each authorized user needs a unique email, a specific role, and a defined business need. The form collects each user’s information and agreement to follow the rules.
• Subject (or Applicant) is the person whose background you will check. You use BCS only for subjects connected to your services and only when you have a valid reason. The form ties your access to that legitimate purpose.
• Authorization (or Consent) is the signed permission from the subject allowing you to run a background check. Even though consent is not attached to this access request, the form assumes you will obtain and keep it before you submit any checks.
• Confidential Information is any sensitive data you view or handle through BCS. That includes names, dates of birth, identification numbers, and results. The form requires you to protect this information, limit access, and prevent sharing.
• Minimum Necessary is the rule that you access only the information you need to do your job. On this form, you confirm your users will follow this rule when they use BCS.
• Audit is a review the agency can conduct to verify you follow the terms of access. By signing, you agree to cooperate with audits and keep records that show proper use of BCS.
• Adverse Action is when you make a negative decision about a subject based on background results. The form does not decide those actions, but your access carries duties to use results fairly and keep required notices and records when decisions rely on them.
• Record Retention is how long you must keep your BCS-related records, such as authorizations, results, and logs. The form binds you to follow retention and secure destruction standards.
• Data Breach is any unauthorized access, disclosure, or loss of confidential information. By signing, you agree to report suspected breaches quickly and to take steps to contain and correct them.

FAQs

Do you need a separate user account for every staff member who will use BCS?

Yes. Do not share logins. Each user must have a unique email and be listed on the form or added later by your administrator. Shared accounts are a common reason for denial or suspension.

Do you need subject consent before you run a background check?

Yes. Always obtain a signed authorization from the subject that clearly states the purpose of the check. Keep it on file. The form grants access, but it does not replace subject consent.

Do you have to be a licensed or contracted provider to get access?

You need a legitimate, program-related reason to run checks. The form will ask you to identify the type of services you provide and why you need access. Be ready to show proof your work requires background checks.

Do you need to list every physical location your organization operates?

List the legal business name and the main service location tied to this access. If different sites will request checks, include them or attach a list if instructed on the form. This helps the agency understand your footprint and contact points.

Do you need training before access is approved?

You must review security, privacy, and data-use rules and agree to them on the form. Some programs may require additional training or policy acknowledgments. Make sure your administrators brief users on your internal procedures before they log in.

Do you pay a fee to request access with this form?

The access request itself is typically not billed. However, some background checks may carry per-check fees depending on the type of search. Clarify your expected costs internally and set a payment process before you begin submitting checks.

Do you need to renew your access?

Expect periodic confirmation of users and administrators. Inactive or unverified accounts may be disabled. Put a reminder on your calendar to review your user roster at least quarterly and after any staffing changes.

Do you have to notify the agency when users leave or change roles?

Yes. Remove access promptly when someone leaves or no longer needs it. Your primary or backup administrator should disable or update user roles the same day, and no later than a few days after the change.

Checklist: Before, During, and After the DSHS 17-253 – DSHS Background Check System (BCS) Access Request

Before signing: Gather information and documents

• Legal business name exactly as registered.
• Mailing and physical service addresses.
• Federal tax ID and any state-issued identifiers your program uses.
• Primary Account Administrator and Backup Administrator names, job titles, direct phone numbers, and unique work emails.
• List of initial users, with unique emails and defined roles.
• Description of your services and why you need BCS access.
• Written internal policy for background checks: when you request them, how you use results, and how you notify subjects.
• Data security measures: password standards, device protections, physical file security, and secure disposal procedures.
• Sample subject authorization form you will use for checks.
• Contact person for audit or records requests.
• Any required attachments noted on the form (for example, proof you operate the program for which checks are required).

During signing: Verify every section

• Organization identity: Make sure the legal name, addresses, and identifiers match your records.
• Administrator details: Confirm the primary and backup administrators are correct and available. Include direct contact info.
• User roster: Use unique emails. No shared mailboxes or group accounts. Assign appropriate roles.
• Security and privacy attestations: Read each statement. Check every required box and initial where requested.
• Purpose of access: Describe your legitimate need clearly and concisely. Avoid vague phrases.
• Attachments: Include all required documents. Label them with your organization name and date.
• Signatures: Use ink or approved e-signature. Include printed names, titles, and dates.
• Legibility: Review for clear printing, correct spelling, and complete fields. Avoid abbreviations that could confuse reviewers.

After signing: Filing, notifying, and storing

• Submission method: Follow the form’s instructions for delivery. Do not send confidential data by unsecured channels.
• Confirmation: Record the date submitted, who sent it, and any confirmation ID you receive.
• Timelines: Set a follow-up reminder for the expected processing window. If you do not hear back, contact the listed reviewer.
• Internal notifications: Tell your IT or operations lead that access is pending so they can prepare devices and security settings.
• Secure storage: File a copy of the signed form and all attachments in a restricted-access folder, physical or digital.
• Policy alignment: Ensure your internal background check and data security policies match the commitments you made on the form.
• Readiness plan: Draft quick-start guidance for new users and a step-by-step procedure for subject consent, submission, and results handling.
• Audit file: Create an audit-ready folder with your policy, training acknowledgments, user roster, consent templates, and logs.

Common Mistakes to Avoid

• Listing only one administrator. Don’t forget to name a backup administrator. If your primary is out, you could be locked out of BCS. That can delay urgent hiring or placement.
• Using shared or generic emails for users. Avoid group mailboxes. Shared credentials are a frequent cause of denials and security findings. Each user must have a unique email and account.
• Leaving security attestations blank. Read and check every required box. Missing acknowledgments can stall approval and trigger requests for more information.
• Requesting access for staff without a business need. Keep access limited to those who submit checks or review results. Overbroad access invites audit risk and potential suspension.
• Skipping attachments or unclear purpose statements. Provide all required documents and a concise explanation of why you need access. Incomplete packets often go to the back of the queue.

What to Do After Filling Out the Form

1. Submit the packet as directed on the form. Use the specified channel and format. If the form allows electronic submission, follow the file naming and formatting rules.
2. Track your submission. Note the date, sender, and any confirmation details. Set a calendar reminder to follow up if you do not hear back within the typical processing time.
3. Respond quickly to follow-up requests. If the reviewer asks for corrections, updated attachments, or clarifications, answer within one business day. Provide clean, complete replacements rather than marked-up copies.
4. Prepare your environment. While you wait for approval, finalize your internal procedures for consent, submission, and results handling. Configure devices with encryption, screen-locks, and updated security software.
5. On approval, stage user onboarding. The primary administrator should verify each user’s identity, assign roles, and provide written instructions for proper use. Require users to acknowledge your policy before logging in.
6. Run a test scenario. Submit a permitted, low-risk transaction to validate your process. Confirm you can obtain consent, submit the request, receive results, and store records securely.
7. Maintain your records. Keep consent forms, submission receipts, results, and decision notes according to your retention schedule. Store them in a restricted-access location. Track who accessed what, when, and why.
8. Manage changes promptly. Add new users only when needed and remove departing staff the same day. Update the form with amendments if required by the program when administrators or locations change.
9. Review quarterly. Reconcile your user roster, check training acknowledgments, and test your breach response procedure. Document your review so you are audit-ready.
10. Plan for adverse actions. If results affect employment or placement decisions, follow your notification and documentation procedures. Keep a clear record of your decision basis and any subject communication.
11. Schedule renewal. If the program requires periodic verification, set reminders well in advance. Reconfirm administrators, users, and attachments so renewals are smooth.