Migration from EDE to ARC-AMPE Planning Controls

This white paper serves as a guide for Direct Enrollment Entities (DEEs) to transition their Enhanced Direct Enrollment (EDE) System Security and Privacy Plans (SSPPs) to the Acceptable Risk Controls for ACA, Medicaid, and Provider Entities (ARC-AMPE). It outlines the purpose of the migration, emphasizing the need for compliance with updated security and privacy controls. The document details the background of the Affordable Care Act (ACA) and the Enhanced Direct Enrollment service, which allows third-party entities to facilitate a seamless enrollment experience for consumers. It also describes the oversight role of the Centers for Medicare & Medicaid Services (CMS) in ensuring DEEs adhere to federal regulations. The white paper highlights the ARC-AMPE framework, which includes a significant increase in the number of required controls compared to the previous EDE guidelines. Additionally, it provides a mapping of controls from EDE to ARC-AMPE and discusses the planning controls necessary for compliance, emphasizing the importance of documentation and regular updates.