CMS DE and EDE Pathway


Transforming Healthcare: Your Journey with CMS DE and EDE Pathway

The passing of the Affordable Care Act in 2010 created insurance exchanges that sold health insurance plans that met the consumer protection standards outlined in the health law. In March 2012 private web-brokers gained the ability to enroll subsidy-eligible people in these “Marketplace” plans, and in October 2013, enrollment in Marketplace coverage through the Affordable Health Act’s health insurance exchanges began.

How Can We Help

Project Planning

Especially for EDE Entities, Elevate can help you build your project plan once you have decided to move forward with an EDE implementation. Elevate’s team of experts has a deep understanding of all requirements and steps through the process to approval.


Whether you are a Hybrid Upstream Issuer or EDE Entity, Elevate has a deep understanding of all requirements by entity type. This includes a complete audit of Business Requirements for the EDE Entity and completion of all toolkits and complete packages. Moreover, Elevate has audited full EDE Security and Privacy Audits of the 294 NIST 800-53 and CMS-specific controls or subsets depending on if the hybrid upstream entity or DE Classic entity. We will prepare and complete all required toolkits for business requirements audits, packages, and business requirements reports, in addition to the Privacy and Security audit requirements (SAP, SAR, Risk Assessment, POA&M, scans, and penetration test).

Audit Preparation

Elevate can provide advice on how to meet audit requirements for the privacy and security portion of the audit. Elevate will never have system access or any privileges to the system to remain independent of the process. However, we understand how to architect a secure and operational platform that will pass CMS requirements.

Penetration Testing

We understand the scope and notification requirements from CMS to perform a thorough and complete penetration test of the environment in scope.

Ongoing Vulnerability Scans

We perform the monthly required scans to be provided to CMS quarterly as part of their continuous monitoring requirements.

Ongoing Monetary Advisory

Staying in compliance with CMS is not a “set it and forget it” situation. You must maintain a robust compliance program and quarterly reporting to CMS. Elevate can help you design your ongoing compliance program to ensure proper compliance.

Skip to content