Navigating the CMS

Enhanced Direct Enrollment Audit

Request Whitepapers
Navigating the CMS Enhanced Direct Enrollment Audit


Beginning enrollment period 2019, all qualified health plan issuer or web-broker in the Federally-facilitated Exchange must follow the Direct Enrollment rules and obtain a CMS audit from an independent auditor to host application and enrollment services on your website.

What is in the Whitepaper:

  • Part 1: CMS Requirements including business requirements audit, the security and privacy audit, and associated reporting.
  • Part 2: Describes the our simple 3-step process to completing the assessment.
  • Part 3: Provides a list of documents that should be submitted to CMS.
  • Part 4: Provides links to further resources provided by CMS.

This whitepaper helps simplify the new CMS requirements and describes the audit process, so you can take the next step.

Request Whitepapers

Team Specialist

Phil Brudney


Philip leads Security, Privacy, and Compliance research and quality assurance at risk3sixty. He oversees privacy and attestation reporting and is the co-quality assurance manager for the assurance practice where he is responsible for ensuring each engagement meets risk3sixty’s rigorous quality standards in line with AICPA requirements. Phil leads development and peer review of thought leadership, research, and whitepapers. In addition, Phil acts as the Data Protection Officer (DPO) for a wide array of US based firms facing GDPR compliance.

Have any questions?

Let us know how we can help

Fill out the form and let us know what service you are interested in or asking any general questions and we will get back to you as soon as possible.