Health Reform WK-EDGE CIIO issues minimum requirements for Web-brokers to participate in DE program
Monday, June 1, 2020

CIIO issues minimum requirements for Web-brokers to participate in DE program

By Jeffrey H. Brochin, J.D.

Latest guidance from CMS updates December 10, 2019 requirements for Web-brokers who operate in states using the federal platform including for FFE’s and SBE-FPs.

The Center for Consumer Information and Insurance Oversight (CIIO) of the CMS has issued an update to its December 10, 2018 guidance applicable to Web-brokers that operate in states using the federal platform, including Federally-facilitated Exchanges (FFEs) and State-based Exchanges on the Federal Platform (SBE-FPs) (collectively referred to as Marketplaces). The guidance—which supersedes the December, 2019 release—establishes the minimum requirements for Web-brokers participating in and seeking approval to participate in the Direct Enrollment (DE) program, whether those Web-brokers are using or seeking approval to use the classic direct enrollment (classic DE) pathway only, the enhanced direct enrollment (EDE) pathway only, or both the classic DE and EDE pathways (CCIIO Bulletin, May 21, 2010).

New requirements for onboarding Web-brokers. On December 10, 2019, CMS established new requirements for prospective Web-brokers onboarding on or after January 1, 2020 (prospective web-brokers) and existing Web-brokers that complete their Web-Broker Agreement renewal in 2020 in order to continue to operate as web-brokers for plan year (PY) 2021. The latest guidance dated May, 2020, updates the December 10, 2019 guidance and supersedes it.

Demonstrating operational readiness. Pursuant to 45 C.F.R. § 155.221(b)(4), DE Entities, including web-brokers, must demonstrate operational readiness and compliance with applicable requirements prior to their websites being used to complete an Exchange eligibility application or qualified health plan (QHP) selection. Web-brokers must also comply with the privacy and security standards pursuant to the Privacy and Security Standards and Implementation Specifications for Non-Exchange Entities.

Effective January 1, 2020, Web-brokers are required to comply with the following updated business requirements:

  • Annual data request: This includes providing licensure information, points of contact, third-party relationships, and other related data elements to CMS.
  • Testing, including renewal testing (If applicable): Existing Web-brokers that have not enrolled consumers using their DE websites in the past year, as well as all prospective web-brokers, must complete testing with the CMS Data Services Hub prior to renewing or executing their Web-broker Agreements. The ability to successfully complete an enrollment via the EDE pathway, as demonstrated during testing required to receive approval to use the EDE pathway, satisfies this requirement.
  • Web-broker Agreement: The Web-broker Agreement is effective from execution through the day before the first day of the following annual open enrollment period (OEP) and must be re-signed annually. Web-brokers must submit the signed Web-broker Agreement to maintain or obtain their Hub-issued Partner ID and must have a countersigned agreement to maintain access to the DE application programming interfaces (APIs) in production.

Both the annual data request and testing requirements, if applicable, are required as part of the initial onboarding for prospective web-brokers or as part of the annual renewal process for existing web-brokers.

Self-attestation no longer required. As of January 1, 2020, Web-brokers were no longer required to use the self-attestation (Annual Security and Privacy Attestation Report of the Web-broker Agreement) to document completion of the annual assessment. To demonstrate compliance with the requirements of the Web-broker Agreement, Web-brokers are now required to submit the complete set of documents outlined in Exhibit 2 of the guidance to CMS. All assessment activities that serve as the basis for the documentation in Exhibit 2 must have been completed within the last year.

Deadlines and Final Approval. Web-brokers must submit the privacy and security documentation ("Operational Readiness Review Privacy and Security Documentation Requirements") that took effect on January 1, 2020, as soon as possible during their respective renewal or onboarding processes, but no later than September 15, 2020, to mitigate risk of any delay in completing the onboarding process and/or participating in the plan year 2021 OEP.

Exhibit 3 of the guidance contains additional details regarding the privacy and security documentation submission options and deadlines that exist for Web-brokers who are prospective or existing EDE Entities. Web-brokers that submit the required documentation after September 15, 2020 may not be approved in time to operate during the plan year 2021 OEP. Web-brokers must also meet the updated operational readiness review business requirements ("Updated Operational Readiness Review Business Requirements") as of January 1, 2020, as part of the web-broker onboarding or renewal processes, as applicable.

ReportsLetters: OtherAgencyIssuances EnrollmentNews HealthInsuranceExchangeNews

Back to Top

Interested in submitting an article?

Submit your information to us today!

Learn More

Health Reform WK-EDGE: Breaking legal news at your fingertips

Sign up today for your free trial to this daily reporting service created by attorneys, for attorneys. Stay up to date on health reform legal matters with same-day coverage of breaking news, court decisions, legislation, and regulatory activity with easy access through email or mobile app.