Mountain West Farm Bureau Insurance
office workers empowered by business technology solutions
BLOG
8
19
2015
12.18.2020

The 3 Classes of MARS-E for ACA Compliance

Last updated:
9.16.2020
12.18.2020
No items found.

The Patient Protection and Affordable Care Act of 2010 (ACA) requires each state to have a health insurance Exchange, a marketplace where consumers can easily shop around for health insurance and find the best option for them by comparing price, benefits, services, and quality. In order to obtain Health Insurance Exchange (HIX) compliance, Section 1561 requires that certain security standards and protocols be met by these Exchanges in order to make every effort to protect and ensure the confidentiality, integrity, and availability of the system and its users.

MARS-E encompasses Management, Technical, and Operational classes

These Minimum Acceptable Risk Standards for Exchanges (MARS-E) are separated into three different classes: technical, operational, and management. These classes consist of nineteen various control families, handling everything from Personally Identifiable Information (PII) to Protected Health Information (PHI), and Federal Tax Information (FTI).

 

TECHNICAL

 

OPERATIONAL

MANAGEMENT

There is one last control family that is not a part of one of the three classes, and that is FTI Safeguards, the additional controls required by the IRS Publication 1075, which puts in place safeguards for protecting Federal Tax Returns and Return Information.

 

THINGS TO CONSIDER

When launching a MARS-E or HIX compliance program the first step you should take is getting to know the federal and state requirements. Then you go on to assess your levels of compliance within your company, and identify areas that are at risk or could be improved. You will also want to establish your system to monitor ongoing compliance, so that you can ensure compliancy at all times.

Recent Blog Posts

lunavi logo alternate white and yellow
7.21.2021
07
.
19
.
2021
How Lunavi Approaches Digital Transformation: HostingAdvice Company Profile

For prospective clients and partners, the history, ethos, and capabilities of a vendor are paramount. HostingAdvice.com recently profiled Lunavi to explore our approach.

Learn more
lunavi logo alternate white and yellow
5.20.2021
04
.
26
.
2021
Test Automation Best Practices: Balancing Confidence with Efficiency

Automation can instill confidence to release software and improve the team’s ability to create high-quality applications in the fastest and most efficient way possible. Essentially, it eliminates the need to compromise or choose one set of priorities over another. Instead, it allows teams to strike a balance between confidence/coverage and speed/efficiency. But automation isn’t a one-size-fits-all solution.

Learn more
lunavi logo alternate white and yellow
8.17.2021
04
.
20
.
2021
Building Your Cloud Foundation Part 1: Core Configuration & Governance

This first area of focus establishes your cloud policy, or the way your organization consumes and manages cloud resources. Learn how to establish proper scope and mitigate tangible risks through corporate policy and standards.

Learn more