Migration from EDE to ARC-AMPE Audit and Accountability Controls

This white paper serves as a guide for Direct Enrollment Entities (DEEs) to transition their Enhanced Direct Enrollment (EDE) System Security and Privacy Plans (SSPPs) to the Acceptable Risk Controls for ACA, Medicaid, and Provider Entities (ARC-AMPE). It outlines the purpose of the migration, which is to enhance security and privacy compliance in accordance with the Affordable Care Act (ACA). The document details the structure of ARC-AMPE, including the control families and the number of controls within each family. It emphasizes the importance of CMS oversight in ensuring DEEs comply with federal regulations and maintain consumer data integrity. The paper also discusses the significant increase in the number of controls required under ARC-AMPE compared to EDE, highlighting the need for DEEs to prepare for a more rigorous compliance process. Additionally, it presents the differences in the SSPP format between EDE and ARC-AMPE, indicating a shift from a Word document to an Excel spreadsheet for compliance documentation.