In a continuous effort to safeguard sensitive data in the healthcare industry, the Centers for Medicare and Medicaid Services (CMS) has recently released an updated version of the Minimum Acceptable Risk Standards for Exchanges (MARS-E) document suite. This new iteration, known as MARS-E 2.0, replaces its predecessor, MARS-E 1.0, which was published back in August 2012. The MARS-E 2.0 suite is specifically designed to meet the requirements of the Patient Protection and Affordable Care Act of 2010 and the Department of Health and Human Services Affordable Care Act Regulations. It encompasses all Affordable Care Act Administering Entities (AEs), including Exchanges or Marketplaces, contractors, and subcontractors.
Protecting Enrollees' Sensitive Information
The primary objective of MARS-E 2.0 is to furnish comprehensive security guidelines aimed at preserving the confidentiality, integrity, and availability of Personally Identifiable Information (PII), Protected Health Information (PHI), and Federal Tax Information (FTI) belonging to enrollees of Administering Entities. These guidelines, issued by CMS, address the emerging technologies and evolving security threats that accompany the digital landscape of today.
Ensuring Confidentiality and Compliance
Under the Affordable Care Act, the safeguarding of applicant information and the confidentiality of Personally Identifiable Information (PII) are of paramount importance. Governing these aspects is 45 CFR §155.260, which establishes security and privacy standards aligned with the Fair Information Practice Principles. To ensure efficient operation of the Health Insurance Exchange program, Exchanges must implement these standards and adhere to the requirements of §155.260 when forming agreements with Medicaid, CHIP, or BHP. Furthermore, Medicaid and CHIP downstream entities are also obligated to comply with these standards.
The MARS-E 2.0 Documentation Suite
Comprising four volumes, the MARS-E 2.0 documentation suite provides a comprehensive framework for enhancing data security and privacy in the healthcare industry:
Volume I: Overview of the Affordable Care Act Security and Privacy policy and standards.
Volume II: Catalog of Controls for security and privacy, which includes a table of security controls and a mapping of the guidelines to the Fair Information Practice Principles.
Volume III: Security and privacy control tables, alongside the IRS Requirements for Safeguarding FTI.
Volume IV: Instructions and a template for creating a System Security Plan.
Impact on Medicaid/CHIP Agencies
The introduction of MARS-E 2.0 has a significant impact on Medicaid/CHIP agencies. Notably, a new catalog of privacy controls has been added, necessitating compliance from all Administering Entities. This means that Medicaid/CHIP agencies, as well as their contractors and subcontractors, must incorporate these new privacy controls into their existing information security programs. By doing so, they contribute to upholding the confidentiality, integrity, and availability of the information exchanged under the Affordable Care Act.
In conclusion, MARS-E 2.0 represents a crucial update in response to the evolving technology landscape and emerging security threats. By adhering to these guidelines, Administering Entities, including Medicaid/CHIP agencies, can establish a robust framework for safeguarding Personally Identifiable Information (PII), Protected Health Information (PHI), and Federal Tax Information (FTI) belonging to enrollees. Compliance with the new privacy controls is vital to ensuring the privacy and security of exchanged information, reinforcing the objectives set forth by the Affordable Care Act.
This blog was written by the Activated Solutions team. If you are a business owner or an individual concerned about your cybersecurity, it's time to take action. Activated Solutions can help you to protect your business and personal data from potential cyber threats.
Contact Activated Solutions today to learn more about how they can help you protect your business. With our expertise and commitment to cybersecurity, you can have peace of mind knowing that you are taking proactive steps to protect yourself and your business from potential data breaches.
For more information, please visit: activatedsolutions.ca.
Sources
DEPT, US. “Minimum Acceptable Risk Standards for Exchanges (Mars-E) 2.0: Guidance Portal.” Minimum Acceptable Risk Standards for Exchanges (MARS-E) 2.0 | Guidance Portal, 19 June 2020, www.hhs.gov/guidance/document/minimum-acceptable-risk-standards-exchanges-mars-e-20.
Comments