In an effort to stabilize the health insurance market and provide additional ways for consumers to access coverage, the Center for Consumer Information and Insurance Oversight (CCIIO) and the Centers for Medicare and Medicaid (CMS), have launched a new streamlined and simplified enhanced direct enrollment (EDE) process. This process will allow consumers to utilize third-party providers’ websites and apply for individual market coverage through Health Insurance Exchanges or direct enrollment (DE) entities. DE entities can utilize the standalone eligibility service (SES) to host application and enrollment services on their own website.
The advantages of using the new EDE process will allow DE entities to determine the eligibility of consumers online through an electronic application, increasing efficiencies and enrollment rates.
CMS Administrator Seema Verma stated, “It is time to get the federal government out of the way and give patients the best tools to make their own healthcare decisions. We look forward to continuing to work with private partners to make sure these streamlined enrollment pathways are available, secure, and ensure a high degree of program integrity.”
Third-Party Auditor Operational Readiness Review
What does this mean for DE entities and Health Insurance Exchanges? It means that all qualified health plan issuers and web-brokers registered with the Federally-facilitated Exchange (FEE) and State-based Exchanges on the Federal Platform, that provides a non-Exchange website to assist consumers in the selection and enrollment of health insurance, will now have to undergo an Operational Readiness Review (ORR) to validate compliance with the program requirements stated in the Health Insurance Exchange Guidance, issued in February 2018.
Direct enrollment (DE) entities wishing to use the proxy DE pathway must sign an agreement with CMS that details specific requirements for using the proxy DE pathway and identifies the auditor the DE entity has selected for verifying program compliance.
The ORR encompasses two separate audits that an auditor will need to perform for the DE entity:
- A business requirements audit such as an Agreed Upon Procedures Examination with the addition of the CMS requirements added and;
- A privacy and security audit such as a FISMA Assessment utilizing NIST 800-53 controls.
These audits will verify the website being used to collect consumer eligibility application information for the EDE pathway is compliant and following the terms and conditions of the EDE Agreement and the Health Insurance Exchange Guidance.
A-LIGN Can Assist DE Entities with ORR Compliance
DE entities must select an independent auditor to conduct an ORR verifying the DE entity’s proxy DE pathway, including its website and operations, for compliance with the EDE agreement, the DE entity’s respective agreement(s) with CMS, and applicable program requirements.
A-LIGN has audit experience, conducting operational and security and privacy audits for federal, state, and private programs and is qualified by having relevant experience in and possessing one and more of the following certifications:
- Certified Public Accountant (CPA)
- Certified Internal Auditor (CIA)
- Certification in Risk Management Assurance (CRMA)
- Certified Information Systems Auditor (CISA)
- Certified Information Privacy Professional (CIPP)
- Certified Information Systems Security Professional (CISSP)
Additionally, A-LIGN has extensive experience in the healthcare industry and understands the policies, procedures, and processes that are required to protect electronic protected health information (ePHI). As the regulatory oversight related to information security and privacy increases, it’s more important than ever to safeguard your customers’ information and remain in compliance.
Want to become compliant with the ORR and take advantage of the new EDE process? Contact us or call (888) 702-5446 to speak with one of our healthcare professionals today to have your questions answered.