PhilHealth EPRS TOTP Authentication: Security Setup Guide
Learn how to set up TOTP authentication for PhilHealth EPRS. Step-by-step guide for Google Authenticator and Microsoft Authenticator security setup.
PhilHealth has implemented Time-Based One-Time Password (TOTP) authentication for the Electronic Premium Remittance System (EPRS). This guide explains how to set up and use TOTP for enhanced account security.
What is TOTP Authentication?
TOTP generates a unique, six-digit code that refreshes every 30 seconds. You’ll need this code plus your password to access the EPRS, adding an extra layer of protection against unauthorized access.
Why TOTP Matters
| Benefit | Description |
|---|---|
| Enhanced Security | Dynamic codes prevent unauthorized access |
| No SMS Required | Codes generated offline by the app |
| Broad Compatibility | Works with popular authenticator apps |
| User-Friendly | Simple setup process |
Compatible Authenticator Apps
Download one of these TOTP-compliant apps:
Step-by-Step Setup
Step 1: Generate New Security Key
- Log in to PhilHealth EPRS
- You’ll be prompted to enter your OTP
- Click “Generate New Security Key”
- Check your registered email for instructions
Step 2: Download Authenticator App
Install your preferred TOTP app on your mobile device:
- Available on iOS and Android
- Free to download and use
Step 3: Scan the QR Code
- Open the email from PhilHealth
- Find the QR code provided
- Open your authenticator app
- Tap “Add Account” or ”+”
- Select “Scan QR Code”
- Point camera at the QR code
Step 4: Enter the TOTP Code
- Your app will display a 6-digit code
- The code refreshes every 30 seconds
- Enter the current code when prompted
- Setup complete!
Using TOTP for Login
Every time you access EPRS:
- Enter your username and password
- Open your authenticator app
- Find the PhilHealth EPRS entry
- Enter the current 6-digit code
- Click Login
Important: Codes expire every 30 seconds. If a code expires during login, wait for the new code and try again.
Important Reminders
Keep Your Email Updated
- Ensure your registered email is active and accessible
- Gmail is recommended for compatibility
- Update credentials if your email is inactive
To Update Your Email
- Download the PhilHealth Online Access Form (POAF)
- Submit to your local PhilHealth office, or
- Email to your assigned P-AIMS officer
Secure Your Device
- Use password or biometric lock on your phone
- Don’t share your authenticator app
- Back up your account if the app supports it
Avoid Unnecessary Key Generation
Do not click “Generate New Security Key” unless needed. This will:
- Unlink your current TOTP setup
- Require waiting for a new email
- Need complete re-setup with your authenticator
Troubleshooting
Lost Access to Authenticator App
- Go to EPRS login page
- Click “Generate New Security Key”
- Follow setup steps with your new device
Code Not Working
- Ensure your phone’s time is set to automatic
- Wait for a fresh code (codes refresh every 30 seconds)
- Make sure you’re using the correct account entry
No Email Received
- Check spam/junk folder
- Verify your registered email is correct
- Contact your P-AIMS officer for assistance
Frequently Asked Questions
What if I don’t have a smartphone? Visit your local PhilHealth office or contact your P-AIMS officer for alternative authentication options.
Can I use the same app for multiple accounts? Yes, most authenticator apps support multiple accounts. Simply scan each QR code separately.
Is TOTP required for all EPRS users? Yes, all EPRS users must use TOTP authentication effective June 3, 2025.
What happens if I get a new phone? Generate a new security key and set up TOTP on your new device.
Getting Help
For assistance with TOTP setup:
| Resource | Contact |
|---|---|
| Local PhilHealth Office | Find your LHIO |
| P-AIMS Officer | Contact through your employer |
| PhilHealth Hotline | (02) 866-225-88 |
| actioncenter@philhealth.gov.ph |
TOTP authentication is a critical security measure to protect your EPRS account. Set up your authenticator app today and ensure your PhilHealth transactions remain secure.