Onpoint Achieves QECP Security Compliance

Onpoint is excited to announce that we have officially achieved security compliance from the U.S. Centers for Medicare & Medicaid Services (CMS) through its rigorous Qualified Entity Certification Program (QECP) to support our APCD clients.

The Affordable Care Act of 2010 allows standardized extracts of Medicare claims data under Parts A, B, and D to be made available to Qualified Entities (QEs) for the purpose of measuring healthcare provider and supplier performance. The QECP process was developed to facilitate this transfer and enable CMS to easily certify and monitor all QEs.

To become certified as a QE and begin receiving 100-percent identifiable claims data under the QE data use agreement, applicants must successfully complete an exacting data security compliance process involving a comprehensive set of guidelines and requirements to ensure the privacy and confidentiality of Medicare beneficiaries’ claims data. In addition to inventorying and scanning information systems for Advanced Persistent Threat (APT), applicants must follow the National Institute of Standards and Technology (NIST) Special Publication 800-53, “Security and Privacy Controls for Federal Information Systems and Organizations,” which includes the review and fulfillment of more than 200 security controls.

As reform initiatives across the country increasingly turn to APCD data for their healthcare transformation initiatives, the importance of keeping that data secure has never been more critical. Onpoint has always put the highest priority on data security, serving not only as data aggregator for hundreds of commercial and government payer submitters across the country but also as the designated Custodian for Medicare data on behalf of multiple clients. Onpoint’s QECP security compliance is part of our ongoing commitment to maintaining a state-of-the-art information security platform.