In 2010, the Patient Protection and Affordable Care Act (ACA) was enacted, creating the state and federal health insurance marketplaces. Through the ACA the Department of Health and Human Services (HHS) is required to develop secure protocols and standards that enable the safe electronic enrollment of individuals in these marketplaces.

With no single comprehensive approach to privacy and security that aligns with all federal requirements, in 2012, the Centers for Medicare and Medicaid Services published the Minimum Acceptable Risk Standards for Exchanges (MARS-E).

MARS-E provided security guidelines for federal and state marketplaces regarding federal tax information, protected health information and personally identifiable information of U.S. residents and citizen. It also provided guidelines for federal and state health exchanges, as well as their contractors, concerning the minimal level of security controls that need to be established and implemented in order to protect the data and information systems CMS manages.

In 2015, CMS released MARS-E 2.0 to align with the updated security guidelines as published by the NIST. As such, MARS-E 2.0 provided updated guidelines to address the availability, confidentiality and integrity of protected health information, personally identifiable information and federal tax information in health exchanges.

Potential Risks
Your organization needs to establish and implement policies and procedures aimed at protecting data security and privacy under the ACA. These policies and procedures need to be managed effectively so they’re adhered to throughout the organization. Plus, they need to be adapted when required by any updates to MARS-E. In addition, you may need to provide attestation of your organization’s compliance with MARS-E by having your policies and procedures audited by an independent third party.

Failure to be in compliance with MARS-E 2.0 can result in hefty penalties.

How We Can Help
CompliancePoint will analyze and evaluate your organization’s MARS-E compliance. We understand the complex technical and operational details outlined in the MARS-E guidelines and will utilize the cumulative experience of our expert teams to work to ensure your company is in compliance and prepared for these evolving guidelines.

Why take chances? Failure to comply with relevant requirements can have a devastating impact on your organization and lead to hefty penalties.