risk3sixty white papers

Navigating the CMS

Enhanced Direct Enrollment Audit

Navigating the CMS Enhanced Direct Enrollment Audit


Beginning enrollment period 2019, all qualified health plan issuer or web-broker in the Federally-facilitated Exchange must follow the Direct Enrollment rules and obtain a CMS audit from an independent auditor to host application and enrollment services on your website.

What is in the Whitepaper:

  • Part 1: CMS Requirements including business requirements audit, the security and privacy audit, and associated reporting.
  • Part 2: Describes the our simple 3-step process to completing the assessment.
  • Part 3: Provides a list of documents that should be submitted to CMS.
  • Part 4: Provides links to further resources provided by CMS.

This whitepaper helps simplify the new CMS requirements and describes the audit process, so you can take the next step.

Team Specialist

Phil Brudney


Philip leads Security, Privacy, and Compliance research and quality assurance at risk3sixty. He oversees privacy and attestation reporting and is the co-quality assurance manager for the assurance practice where he is responsible for ensuring each engagement meets risk3sixty’s rigorous quality standards in line with AICPA requirements. Phil leads development and peer review of thought leadership, research, and whitepapers. In addition, Phil acts as the Data Protection Officer (DPO) for a wide array of US based firms facing GDPR compliance.

Speak With An Expert

Let Us Know How We Can Help

Fill out the form and let us know what service you’re interested in; or ask any general question and we’ll get back to you as soon as possible.