Note: On January 1, 2021, Public Knowledge, LLC merged with the Center for System Integrity (CSI) and the Center for the Support of Families (CSF), formerly part of SLI Government Solutions (SLI), to form Public Knowledge®. This merger united three leaders in management consulting, enhancing expertise, and expanding services. CSI adds IT consulting capabilities in project oversight, quality assurance, and security assessments, while CSF brings proven strategies to improve service delivery systems for children and families. Together, Public Knowledge® focuses on Programs, People, and Systems to deliver impactful solutions nationwide.

United States – June 26, 19, 2018 – The Mississippi Division of Medicaid (DOM) and the Colorado Governor’s Office of Information Technology (OIT) for the Connect for Health Colorado health insurance exchange are the latest agencies to award contracts to SLI Government Solutions for Minimum Acceptable Risk Standards for Exchanges (MARS-E) assessment services. MARS-E defines a set of standards for security risk that State Health Insurance Exchanges must address. Adherence to these requirements, which must be verified every three years, is enumerated in the federal Patient Protection and Affordable Care Act of 2010 (ACA).

SLI’s MARS-E assessment staff review compliance with the federal risk avoidance requirements of the FISMA, HIPAA, HITECH, and Federal Tax Information (FTI) regulatory programs, in addition to State-specific security requirements. Recommendations are provided to address any areas of risk or non-compliance. SLI’s MARS-E services encompass a comprehensive review of privacy controls, including administrative controls, technical controls, and physical safeguards for the proper handling of users’ Personally Identifiable Information (PII). The MARS-E services also provide a full information security and interrelated privacy controls assessment to verify that the information collected, used, maintained, shared, and disposed of by programs and systems are being handled and managed properly. A full MARS-E assessment takes 6-8 weeks to complete to meet Centers for Medicare & Medicaid Services (CMS) requirements.

Our process includes six steps:

• Assessment Stage
• Discovery Stage
• Stage 1 – Planning
• Stage 2 – Data Gathering
• Stage 3 – Analysis
• Stage 4 – Reporting

SLI schedules onsite time with both the Department and the vendor(s) for interviews and document review. Off-site, the SLI team reviews formal security plans, procedures, training materials, and results of any internal security reviews. A formal report is written and submitted to the client, and an in-person management briefing is held with the state leadership team and CMS, as appropriate. SLI makes findings and specific recommendations to address security risks. Risks are prioritized so that those with the biggest impact are acted upon first. SLI’s experienced security professionals have provided Information Security Auditing, Consulting, and Professional Services to our clients for over 15 years.

On the Mississippi Eligibility Modernization Project, SLI provides full-time Independent Verification & Validation (IV&V) support services in addition to security assessment work. “We have had SLI as a trusted partner with MS DOM since 2010. We count on SLI for their independence and quality of their staff. We count on SLI to deliver on time and on budget” said Stephen M. Oshinsky, Managing Consultant, Office of the Governor, Mississippi DOM.

For the State of Colorado OIT, SLI performs periodic project oversight and IV&V reviews using the most recent release of the Medicaid Eligibility and Enrollment Certification Toolkit (MEET) and reports the review results to CMS and Colorado Department of Health Care Policy and Financing. Based on the quality of our work, Colorado awarded SLI a contract to conduct the MARS-E assessment.

Steven Esposito, SLI Government Solutions President and CEO, says, “These are meaningful awards for SLI. For over a decade, we have been providing IT project oversight services to Mississippi and Colorado and were delighted to be selected to deliver their MARS-E security assessments.” Mr. Esposito added, “We are committed to providing the most robust set of project oversight and consulting services to government agencies and we are excited to expand our services into this critical area of comprehensive security assessments.”

About Public Knowledge®

Public Knowledge® is a national management consulting firm focused on Programs, People, and Systems. We exist to help our clients solve tough problems and thrive in complex environments. For more than 30 years, we have helped our clients achieve their goals by understanding their needs and objectives as a foundation for our problem-solving process. Our goal is to provide our clients unparalleled service and act as their catalyst for change. Learn more by visiting pubknow.com.