Title 45
SECTION 155.221
155.221 Standards for direct enrollment entities and for third-parties to perform audits of direct enrollment entities.
§ 155.221 Standards for direct enrollment entities and for third-parties to perform audits of direct enrollment entities. Link to an amendment published at 86 FR 6176, Jan. 19, 2021.(a) Direct enrollment entities. The Federally-facilitated Exchanges will permit the following entities to assist consumers with direct enrollment in QHPs offered through the Exchange in a manner that is considered to be through the Exchange, to the extent permitted by applicable State law:
(1) QHP issuers that meet the applicable requirements in this section and § 156.1230 of this subchapter; and
(2) Web-brokers that meet the applicable requirements in this section and § 155.220.
(b) Direct enrollment entity requirements. For the Federally-facilitated Exchanges, a direct enrollment entity must:
(1) Display and market QHPs and non-QHPs on separate website pages on its non-Exchange website;
(2) Prominently display a standardized disclaimer in the form and manner provided by HHS;
(3) Limit marketing of non-QHPs during the Exchange eligibility application and QHP plan selection process in a manner that minimizes the likelihood that consumers will be confused as to what products are available through the Exchange and what products are not;
(4) Demonstrate operational readiness and compliance with applicable requirements prior to the direct enrollment entity's internet website being used to complete an Exchange eligibility application or a QHP selection; and
(5) Comply with applicable Federal and State requirements.
(c) Direct enrollment entity application assister requirements. For the Federally-facilitated Exchanges, to the extent permitted under state law, a direct enrollment entity may permit its direct enrollment entity application assisters, as defined at § 155.20, to assist individuals in the individual market with applying for a determination or redetermination of eligibility for coverage through the Exchange and for insurance affordability programs, provided that such direct enrollment entity ensures that each of its direct enrollment entity application assisters meets the requirements in § 155.415(b).
(d) Federally-facilitated Exchange direct enrollment entity suspension. HHS may immediately suspend the direct enrollment entity's ability to transact information with the Exchange if HHS discovers circumstances that pose unacceptable risk to the accuracy of the Exchange's eligibility determinations, Exchange operations, or Exchange information technology systems until the incident or breach is remedied or sufficiently mitigated to HHS' satisfaction.
(e) Third parties to perform audits of direct enrollment entities. A direct enrollment entity must engage an independent, third-party entity to conduct an initial and annual review to demonstrate the direct enrollment entity's operational readiness and compliance with applicable direct enrollment entity requirements in accordance with paragraph (b)(4) of this section prior to the direct enrollment entity's internet website being used to complete an Exchange eligibility application or a QHP selection. The third-party entity will be a downstream or delegated entity of the direct enrollment entity that participates or wishes to participate in direct enrollment.
(f) Third-party auditor standards. A direct enrollment entity must satisfy the requirement to demonstrate operational readiness under paragraph (e) of this section by engaging a third-party entity that executes a written agreement with the direct enrollment entity under which the third-party entity agrees to comply with each of the following standards:
(1) Has experience conducting audits or similar services, including experience with relevant privacy and security standards;
(2) Adheres to HHS specifications for content, format, privacy, and security in the conduct of an operational readiness review, which includes ensuring that direct enrollment entities are in compliance with the applicable privacy and security standards and other applicable requirements;
(3) Collects, stores, and shares with HHS all data related to the third-party entity's audit of direct enrollment entities in a manner, format, and frequency specified by HHS until 10 years from the date of creation, and complies with the privacy and security standards HHS adopts for direct enrollment entities as required in accordance with § 155.260;
(4) Discloses to HHS any financial relationships between the entity and individuals who own or are employed by a direct enrollment entity for which it is conducting an operational readiness review;
(5) Complies with all applicable Federal and State requirements;
(6) Ensures, on an annual basis, that appropriate staff successfully complete operational readiness review training as established by HHS prior to conducting audits under paragraph (e) of this section;
(7) Permits access by the Secretary and the Office of the Inspector General or their designees in connection with their right to evaluate through audit, inspection, or other means, to the third-party entity's books, contracts, computers, or other electronic systems, relating to the third-party entity's audits of a direct enrollment entity's obligations in accordance with standards under paragraph (e) of this section until 10 years from the date of creation of a specific audit; and
(8) Complies with other minimum business criteria as specified in guidance by HHS.
(g) Multiple auditors. A direct enrollment entity may engage multiple third-party entities to conduct the audit under paragraph (e) of this section.
(h) Application to State Exchanges using a Federal platform. A direct enrollment entity that enrolls qualified individuals in coverage in a manner that constitutes enrollment through a State Exchange using the Federal platform, or assists individual market consumers with submission of applications for advance payments of the premium tax credit and cost-sharing reductions through a State Exchange using a Federal platform must comply with all applicable Federally-facilitated Exchange standards in this section.
[83 FR 17061, Apr. 17, 2018, as amended at 84 FR 17566, Apr. 25, 2019]