The Centers for Medicare & Medicaid Services, CMS, is part of the Department of Health and Human Services (HHS). Four sources are available for the Centers of Medicare and Medicaid Services:
EHR Meaningful Use
The Medicare and Medicaid EHR Incentive Programs provide a financial incentive for the "meaningful use" of certified EHR technology to achieve health and efficiency goals. By putting into action and meaningfully using an EHR system, providers will reap benefits beyond financial incentives–such as reduction in errors, availability of records and data, reminders and alerts, clinical decision support, and e-prescribing/refill automation.
Acceptable Risk Safeguards
The Acceptable Risk Safeguards (ARS) contain a broad set of required security standards based upon NIST SP 800-53 Revision 1, Recommended Security Controls for Federal Information Systems, dated December 2006, and NIST 800-63 Version 1.0.2, Electronic Authentication Guideline, dated April 2006. The ARS contains additional standards based on CMS Policies, Procedures and Guidance, other Federal and non-Federal guidance resources and industry leading security practices. This document provides technical guidance to CMS and its contractors as to the minimum level of security controls that must be implemented to protect CMS information and information systems. All federal systems must incorporate IS controls to protect federal information assets. These controls cover areas of security ranging from the physical environment to auditing and logging. CMS developed the ARS utilizing the NIST SP 800-53 (as amended) as the primary resource to categorize the controls. The purpose of the ARS is to define information security minimum standards.
Managed Care Manual - 100-16
The Balanced Budget Act of 1997 (BBA) established a new Part C of the Medicare program, known then as the Medicare+Choice (M+C), effective January 1999. As part of the M+C program, the BBA authorized CMS to contract with public or private organizations to offer a variety of health plan options for beneficiaries, including both traditional managed care plans (such as those offered by HMOs under §1876 of the Social Security Act) and new options that were not previously authorized. This authoritative source content contains the Medicare Managed Care Manual (100-16).
Prescription Drug Manual - 100-18
Pub. 100-18 sets forth consolidated policy and operational guidance based on the current Part D program regulations. Except where specifically noted, the requirements in the manual apply to all Part D sponsors, including prescription drug plans (PDPs), Medicare Advantage prescription drug plans (MA-PD plans), and cost plans offering Part D coverage. This authoritative source content contains the Medicare Prescription Drug Manual (100-18).
This content is available in English only.
Mappings for CMS to the RSA Archer Control Standard Library are available in the authoritative source content pack.
The source of this content comes from the following:
- CMS Electronic Health Record (EHR) Meaningful Use
- CMS Information Security (IS) Acceptable Risk Safeguards (ARS) (100-25)
- CMS Managed Care Manual (100-16)
- CMS Prescription Drug Benefit Manual (100-18)
The Centers for Medicare and Medicaid Services authoritative source content is available with the use of the RSA Archer Policy Program Management, RSA Archer Controls Monitoring Program Management, and/or RSA Archer Authorization and Assessment use cases. No additional license is required.
For More Information
To learn more about the Centers for Medicare and Medicaid Services Authoritative Source Content:
- Review the RSA Archer Content Import Tip Sheet for instructions on how to import content; and
- Download the:
- CMS Prescription Drug Benefit Manual (100-18) Authoritative Source Content Package
- CMS Managed Care Manual (100-16) Authoritative Source Content Package
- CMS Information Security (IS) Acceptable Risk Safeguards (ARS) (100-25) Authoritative Source Content Package
- CMS Electronic Health Record (EHR) Meaningful Use Authoritative Source Content Package
For Additional Support
To learn more about this content, please contact your Account Rep for additional details. For technical support questions, please open a support case or contact RSA Archer at email@example.com for more information.