MARS-E Compliance

MARS-E is based on the NIST Special Publication 800-53, but has its own peculiarities. Our senior-level security consultants are well versed in both the nuances of the requirements and their technical implementation in today’s leading cloud-enabled healthcare systems.

38North’s team of senior cloud security advisors can help your exchange achieve MARS-E compliance, and deliver critical, secure cloud-enabled services to your enrollees and the public. Trust Us to Get You There.

Contact Us Now

Key MARS-E Requirements for NIST Special Publication 800-53

EHR Certification

Security Guidance

Privacy Guidance

EHR Certification

MARS-E 2.0 requires the use of a certified Electronic Health Record (EHR) system in order to be compliant. The certification must meet the requirements of the Office of the National Coordinator for Health Information Technology (ONC).

We’ve helped numerous organizations meet and prove these requirements. Just give us a call today.

Security Guidance

The Centers for Medicare & Medicaid Services identified a Catalog of Minimum Acceptable Risk Security and Privacy Controls for Exchanges (MARS-E), which focuses on systems with Moderate security categorization, provides a baseline for minimum acceptable security risk, outlines FTI protection requirements, and specifies implementation standards with linkages to CMS ACA security implementation guidance documents. The controls are based on the HHS ACA Regulations specified in 45 CFR §155.260 and NIST SP 800-53 Rev 4.

Got all that? Don’t worry. We speak MARS-E and can help you identify which controls are needed to ensure security.

Privacy Guidance

The Centers for Medicare & Medicaid Services requires exchanges to provide user access to view and correct personal data stored in the exchange, and transparency around data integrity, among many other requirements. Baking these controls into your cloud-enabled services requires a team that has intimate knowledge of the requirements. Run-of-the-mill security consultants may give you the runaround when they encounter MARS-E.

38North MARS-E Compliance Services

We can do everything from showing where your program is lacking to building a fully-compliant security program.

MARS-E Gap Analysis

This is perfect for organizations that are new to MARS-E and don’t know how to get started. Our MARS-E gap analysis educates you on the process while taking a look at your information security and privacy programs to see how they fare against the three HIPAA rules. We also advise you on how much it will cost to attain compliance, identify any risks and/or challenges and focus on the most critical items to get you ready for action.

MARS-E Risk Assessment

We conduct a detailed MARS-E-focused risk assessment to gain an understanding of your business and existing security and privacy controls to see how they fare against all requirements. We then present you with a detailed roadmap with prioritized recommendations on remediating weaknesses with existing administrative, physical and technical safeguards.

MARS-E Remediation Support

Once you’ve obtained an unbiased view of your compliance posture, it’s time to start planning, developing and implementing remedial measures. This may be in the form of new technologies, policies, plans and/or procedures or training and awareness sessions. It also may include tailoring organizational processes to squeeze a little more out of your existing investments.

Obtain MARS-E Compliance with 38North

Book an initial MARS-E compliance conversation with one of our global security experts today and we’ll show you how MARS-E compliance can help open new markets and provide industry-leading assurance.

Contact Us

Name(Required)

First Name Last Name

Company Name

Email Address

Phone Number

Message

(Please do not provide additional PII in this box)

Comments

This field is for validation purposes and should be left unchanged.