Questions? Feedback? powered by Olark live chat software
Skip Navigation

Microsoft enabling customers to "go to" MARS-E

Posted on August 31, 2016

Cloud Security Director, Cloud Health & Security Engineering

We’re not referring to the planet (maybe one day?), but we are still excited to announce Microsoft Azure is the first hyper-scale cloud computing platform to enable Affordable Care Act (ACA) Administering Entities (AEs) to address the Minimum Acceptable Risk Standards for Exchanges (MARS-E) 2.0 security and privacy control requirements.

Azure provides controls and capabilities that can be used by customers to help manage MARS-E 2.0 control requirements, reaffirming Microsoft’s continued commitment to enable healthcare industry customers to meet their security, legal, and regulatory needs.

Microsoft Azure enables our customers who process healthcare information to meet their obligations for protecting data in a manner that is compliant with MARS-E security requirements. Microsoft offers a comprehensive portfolio of authorizations and achieving MARS-E compliance complements our existing FedRAMP, HIPAA/HITECH offerings, strongly positioning us to help our customers comply with a myriad of healthcare industry requirements.

MARS-E was originally published in 2012 and contains the information security guidance, requirements, and templates for AEs including state and federal Health Insurance Exchanges (HIX) or marketplaces who facilitate purchase of health insurance by consumers and small businesses. The exchanges handle Personally Identifiable Information (PII), Protected Health Information (PHI) or Federal Tax Information (FTI) of U.S. citizens. MARS-E provides guidance for state and federal HIXs and their contractors regarding the minimum-level security controls that must be implemented to protect information and information systems that Centers for Medicare and Medicaid Services (CMS) oversees. The new MARS-E 2.0 framework has been effective as of September 2015, and includes significant updates to security and privacy controls.

While we are still grounded here on Earth, healthcare industry companies can now operate and build in an environment when leveraging the Microsoft Azure platform, which has a layer of assurance specifically enforcing the type of data protection critical to the healthcare industry and its regulators. This milestone is another example of our commitment to being the leader in providing trusted cloud solutions. Visit the Microsoft Trust Center for more information.