Migration from EDE to ARC-AMPE Program Management Controls

This white paper serves as a guide for Direct Enrollment Entities (DEEs) to transition their Enhanced Direct Enrollment (EDE) System Security and Privacy Plans (SSPPs) to the Acceptable Risk Controls for ACA, Medicaid, and Provider Entities (ARC-AMPE). It outlines the purpose of the migration, which is to enhance compliance with the Affordable Care Act (ACA) by implementing a new set of security and privacy controls. The document details the significant increase in the number of required controls from the previous EDE baseline, emphasizing the need for DEEs to prepare for a more rigorous compliance process. It also describes the new structure of the SSPP template, which has shifted from a Microsoft Word format to an Excel spreadsheet. The paper includes a mapping of controls from the EDE audit baseline to their new locations in ARC-AMPE, ensuring that DEEs understand the changes and requirements necessary for compliance. Additionally, it highlights the oversight role of the Centers for Medicare & Medicaid Services (CMS) in ensuring DEEs adhere to federal regulations.