SILVER SPRING, MD (June 26, 2018) – The Mississippi Division of Medicaid (DOM) and the Colorado Governor’s Office of Information Technology (OIT) for the Connect for Health Colorado health insurance exchange are the latest agencies to award contracts to SLI Government Solutions for Minimum Acceptable Risk Standards for Exchanges (MARS-E) assessment services. MARS-E defines a set of standards for security risk that State Health Insurance Exchanges must address. Adhereance to these requirements, which must be verified every three years, is enumerated in the federal Patient Protection and Affordable Care Act of 2010 (ACA). SLI’s MARS-E assessment staff review compliance with the federal risk avoidance requirements of the FISMA, HIPAA, HITECH, and Federal Tax Information (FTI) regulatory programs, in addition to State-specific security requirements. Recommendations are provided to address any areas of risk or non-compliance. SLI’s MARS-E services encompass a comprehensive review of privacy controls, including administrative controls, technical controls, and physical safeguards for the proper handling of users’ Personally Identifiable Information (PII). The MARS-E services also provide a full information security and interrelated privacy controls assessment, to verify that the information collected, used, maintained, shared and disposed of by programs and systems are being handled and managed properly. A full MARS-E assessment takes 6-8 weeks to complete to meet Centers for Medicare & Medicaid Services (CMS) requirements. Our process includes six steps:
- Assessment Stage
- Discovery Stage
- Stage 1 – Planning
- Stage 2 – Data Gathering
- Stage 3 – Analysis
- Stage 4 – Reporting
SLI schedules onsite time with both the Department and the vendor(s) for interviews and document review. Off-site, the SLI team reviews formal security plans, procedures, training materials, and results of any internal security reviews. A formal report is written and submitted to the client and an in-person management briefing is held with the State leadership team, and CMS, as appropriate. SLI makes findings and specific recommendations to address security risks. Risks are prioritized so that those with the biggest impact are acted upon first. SLI’s experienced security professionals have provided Information Security Auditing, Consulting and Professional Services to our clients for over 15 years.
On the Mississippi Eligibility Modernization Project, SLI provides full-time Independent Verification & Validation (IV&V) support services in addition to security assessment work. “We have had SLI as a trusted partner with MS DOM since 2010. We count on SLI for their independence and quality of their staff. We count on SLI to deliver on time and on budget” said Stephen M. Oshinsky, Managing Consultant, Office of the Governor, Mississippi DOM.
For the State of Colorado OIT, SLI performs periodic project oversight and IV&V reviews using the most recent release of the Medicaid Eligibility and Enrollment Certification Toolkit (MEET) and reports the review results to CMS and Colorado Department of Health Care Policy and Financing. Based on the quality of our work, Colorado awarded SLI a contract to conduct the MARS-E assessment.
Steven Esposito, SLI Government Solutions President and CEO, says, “These are meaningful awards for SLI. For over a decade, we have been providing IT project oversight services to Mississippi and Colorado and were delighted to be selected to deliver their MARS-E security assessments.” Mr. Esposito added, “We are committed to providing the most robust set of project oversight and consulting services to government agencies and we are excited to expand our services into this critical area of comprehensive security assessments.”
About SLI Global Solutions
SLI Global Solutions (SLI) is headquartered in Silver Spring, Maryland, with project locations in over a dozen capital cities across the US. SLI is committed to helping state agencies build quality and innovation into their system implementations and program improvement initiatives. SLI is committed to the use of a standards-based quality management methodology that has been proven effective in a wide range of system implementations and process improvement projects. SLI’s SQM3 methodology is ISO 9001:2015 certified. SLI has experienced staff ready to support your quality and risk management needs on both agile and traditional systems development projects.