Broker Agreement

Agent/Broker/Entity Acknowledgment
Of Obligations And Requirements To Be Included In The Maine Health Insurance Marketplace

This agent/broker/entity acknowledgment of obligations and requirements to be included in the Maine Health Insurance Marketplace (“Acknowledgement”) is an agreement and acknowledgment entered into between the Maine Bureau of Insurance, Maine Office of the Health Insurance Marketplace (OHIM) referred to as CoverME.gov and the agent, broker, or entity (hereafter referred to as “Agent/Broker/Entity”) who registered and established an Agent/Broker/Entity account with CoverME.gov. This Acknowledgement is pursuant to section 1312(e) of the Patient Protection and Affordable Care Act (“PPACA”) and the regulations promulgated thereunder, as required by 45 CFR 155.220(d). OHIM is responsible for the management and oversight of the Maine Health Insurance Marketplace, CoverME.gov, which accesses the Federal Data Services Hub (“Hub”). Agent/Broker/Entity, who is registered with CoverME.gov, seeks to assist Consumers, Applicants, Qualified Individuals, and Enrollees in applying for Advance Payments of the Premium Tax Credit (“APTC”) and/or Cost-sharing Reductions (“CSRs”) for Qualified Health Plans (“QHPs”), and/or in completing enrollment in QHPs offered in the individual market through CoverME.gov, and to provide related Customer Service. CoverME.gov and Agent/Broker/Entity are each hereinafter referred to as a “Party”, or collectively, as the “Parties”.

This document is also available in PDF form.

WHEREAS:

Section 1312(e) of the PPACA provides that the Secretary of the U.S. Department of Health and Human Services (HHS) shall establish procedures under which Agents or Brokers may participate in an Exchange such as CoverME.gov. 45 CFR 155.220 provides that Agents and Brokers may enroll individuals in a Qualified Health Plan (“QHP”) as soon as the QHP is offered through an Exchange in the State; enroll Qualified Individuals in a QHP in a manner that constitutes enrollment through the Exchange; and assist individuals in applying for Advance Payments of the Premium Tax Credit (“APTC”) and/or Cost-Sharing Reductions (“CSRs”), to the extent that Agents and Brokers are permitted to do so by the State in which they operate.
45 CFR 155.220(d) requires all Agents or Brokers enrolling Qualified Individuals in QHPs in a manner that constitutes enrollment through the Exchange or assisting Qualified Individuals in applying for APTC, CSRs, and/or for QHPs, to comply with the terms of an agreement between the Agent or Broker and the Exchange.
Pursuant to section 155.220(d) and subject to Maine insurance statutes and regulations, this Acknowledgement establishes the general standards and requirements for Agents/Brokers/Entities to: (a) assist Consumers, Applicants, Qualified Individuals, and Enrollees in applying for APTC, and/or CSRs for QHPs; and (b) enroll Qualified Individuals in a QHP through the individual market in a manner that constitutes enrollment through an Exchange.
To participate in CoverME.gov, Agents/Brokers/Entities must complete all necessary registration and training requirements.
To facilitate the operation of CoverME.gov Authorized Functions, CoverME.gov desires to permit Agent/Broker/Entity to create, collect, disclose, access, maintain, store, or use the Personally Identifiable Information (“PII”) from CoverME.gov, Consumers, Applicants, Qualified Individuals, and Enrollees, or their legal representative or Authorized Representative, to the extent that these activities are necessary to carry out the Authorized Functions that the PPACA and implementing regulations permit.
Agent/Broker/Entity is an entity or individual licensed by the Maine Bureau of Insurance (BOI) who desires to create, collect, disclose, access, maintain, store, and use PII from CoverME.gov, Consumers, Applicants, Qualified Individuals, and Enrollees to perform the Authorized Functions described in Section III.a of this Acknowledgement.
45 CFR 155.260(b) provides that an Exchange like CoverME.gov must, among other things, require privacy and security standards that are consistent with the principles in 45 CFR 155.260(a)(1) through (a)(6) and with 45 CFR 155.260(b)(3), as a condition of contract or agreement with Non-Exchange Entities, and Agent/Broker/Entity is a Non-Exchange Entity under federal law.
OHIM, in the administration of the CoverME.gov platform, has adopted privacy and security standards concerning PII consistent with 45 C.F.R. 155.260, as set forth in section III.f and Appendix A, “Privacy and Security Standards and Implementation Specifications.”

Now, therefore, in consideration of the promises and covenants herein contained, the adequacy of which the Parties acknowledge, the Parties agree as follows.

I. DEFINITIONS

Capitalized terms not otherwise specifically defined herein shall have the meaning set forth in Appendix B, “Definitions.” If the term is not defined herein or in the attached Appendix B, the definition in 45 CFR 155.20 shall apply.

II. OBLIGATIONS AND CONDITIONS

In order to enroll Qualified Individuals in a QHP through CoverME.gov and assist individuals in applying for APTC and/or CSRs, and to perform authorized CoverME.gov functions listed below in section III, Agent/Broker/Entity hereby agrees to:

Register with CoverME.gov in advance of assisting Consumers, Applicants, Qualified Individuals, and Enrollees, or enrolling Qualified Individuals in QHPs through CoverME.gov;
Ensure all agency staff with access to accounts through the Broker Agency Account on CoverME.gov receive appropriate training and comply with all relevant conditions and obligations of this agreement.
Receive and complete training by the deadline provided from OHIM on the use of the CoverME.gov platform, the range of QHP options and Insurance Affordability Programs offered through CoverME.gov, and any changes in eligibility rules or processes from previous OE periods;
Maintain the privacy and security of Consumer, Applicant, Qualified Individual, and Enrollee personally identifiable information (PII) and comply with the privacy and security standards required by federal law and adopted by CoverME.gov pursuant to 45 CFR 155.260(b) and set forth in section III below. If Agent/Broker/Entity must disclose CoverME.gov consumer PII to a subcontractor or agent for the purpose of enrolling consumers in a QHP through CoverME.gov, Agent/Broker/Entity must ensure that the subcontractor/agent/representative will safeguard and maintain the confidentiality of the consumer PII consistent with the requirements of this Acknowledgement that apply to the Agent/Broker/Entity;
Comply with the standards of conduct set forth in section III below;
Comply with all applicable State law related to Agents and Brokers, including but not limited to State laws related to confidentiality, conflicts of interest and appointments, as a condition of assisting Consumers, Applicants, Qualified Individuals, and Enrollees, or enrolling Qualified Individuals in QHPs through CoverME.gov;
Maintain valid professional licensure in Maine;
Comply with the PPACA and all applicable regulations and guidance; and
Comply with all Federal and State laws, statutes, regulations, or ordinances that are applicable to the conduct of the activities that are the subject of this Acknowledgement, including but not necessarily limited to the Health Insurance Portability and Accountability Act (HIPAA), section 6103(b)(2) of the Internal Revenue Code, the Medicaid Act (42 USC 1396a et seq.), the Children’s Health Insurance Program Act (42 USC 1397aa et seq.), and any additional applicable standards required by statute; and any regulations or policies implementing or interpreting such statutory provisions.

III. ACCEPTANCE OF STANDARD RULES OF CONDUCT

Agent/Broker/Entity hereby acknowledges and agrees to accept and abide by the standard rules of conduct set forth below in this section including the “Privacy and Security Standards and Implementation Specifications,” while engaging in any activity as an Agent or Broker for purposes of facilitating enrollment through CoverME.gov. Agent/Broker/Entity shall be bound to and strictly adhere to the privacy and security standards, and to ensure that its Workforce that creates, collects, accesses, stores, maintains, discloses, or uses PII strictly adheres to the same.

Authorized Functions. Agent/Broker/Entity may create, collect, disclose, access, maintain, store, and use PII only for:
1. Assisting with applications for QHP eligibility;
2. Supporting QHP selection and enrollment by assisting with plan selection and plan comparisons;
3. Assisting with applications for the receipt of APTC and/or CSRs, and selecting an APTC amount;
4. Facilitating the collection of standardized attestations acknowledging the receipt of the APTC and/or CSRs determination, if applicable;
5. Assisting with filing appeals of CoverME.gov eligibility determinations;
6. Transmitting information about the Consumer’s, Applicant’s, Qualified Individual’s, or Enrollee’s decisions regarding QHP enrollment and/or CSRs, and/or APTC information to CoverME.gov;
7. Facilitating payment of the initial premium amount for the appropriate QHP;
8. Facilitating an Enrollee’s ability to disenroll from a QHP;
9. Educating Consumers, Applicants, Qualified Individuals, or Enrollees on Insurance Affordability Programs, and if applicable, informing such individuals of potential eligibility for Medicaid or Children’s Health Insurance Program (CHIP) through MaineCare;
10. Assisting an Enrollee’s ability to report changes in eligibility status to CoverME.gov throughout the coverage year, including changes that may impact eligibility (e.g., adding a dependent);
11. Correcting errors in the application for QHP enrollment;
12. Informing or reminding Enrollees when QHP coverage should be renewed or when Enrollees may no longer be eligible to maintain their current QHP coverage because of age, or to inform Enrollees of QHP coverage options at renewal;
13. Providing appropriate information, materials, and programs to inform and educate Consumers, Applicants, Qualified Individuals, and Enrollees about the use and management of their health information and services and options offered through the selected QHP and among the available QHP options;
14. Contacting Consumers, Applicants, Qualified Individuals, and Enrollees to assess their satisfaction or resolve complaints with services provided by Agent/Broker/Entity in connection with CoverME.gov;
15. Providing assistance in communicating with QHP Issuers;
16. Carrying out Agent/Broker/Entity’s legal responsibilities related to QHP Issuer functions in connection with CoverME.gov, as permitted or required by Agent/Broker/Entity’s contractual relationships with QHP Issuers; and
17. Other functions substantially similar to those enumerated above and such other functions that may be approved by CoverME.gov in writing from time to time.
Note: An Agent/Broker/Entity may not under any circumstances create a CoverME.gov account for a consumer, log into a consumer’s CoverME.gov account, or create, collect, disclose, access, maintain, store, or use PII for such purposes.
PII Received by Agent/Broker/Entity. Subject to the terms and conditions of this Acknowledgement and applicable laws, and only in performing the tasks contemplated under this Acknowledgement, Agent/Broker/Entity may create, collect, disclose, access, maintain, store, and use the following data and PII from Consumers, Applicants, Qualified Individuals, and Enrollees, or these individuals’ legal representative or Authorized Representative, including but not limited to:
- APTC percentage and amount applied
- Auto disenrollment information
- Applicant Name
- Applicant Address
- Applicant Birthdate
- Applicant Telephone number
- Applicant Email
- Applicant Social Security number
- Applicant spoken and written language preference
- Applicant Medicaid Eligibility indicator, start and end dates
- Applicant CHIP eligibility indicator, start and end dates
- Applicant QHP eligibility indicator, start and end dates
- Applicant APTC percentage and amount applied eligibility indicator, start and end dates
- Applicant household income
- Applicant Maximum APTC amount
- Applicant CSRs eligibility indicator, start and end dates
- Applicant CSRs level
- Applicant QHP eligibility status change
- Applicant APTC eligibility status change
- Applicant CSRs eligibility status change
- Applicant Initial or Annual Open Enrollment Indicator, start and end dates
- Applicant special enrollment period eligibility indicator and reason code
- Contact Name
- Contact Address
- Contact Birthdate
- Contact Telephone number
- Contact Email address
- Contact spoken and written language preference
- Enrollment group history (past six months)
- Enrollment type period
- Applicant ID
- Member ID
- Issuer Member ID
- Net premium amount
- Premium Amount, start and end dates
- Credit or Debit Card Number, Name on Card
- Checking account and routing number
- Special enrollment period reason
- Subscriber Indicator and relationship to subscriber
- Custodial parent
- Health coverage
- American Indian/Alaska Native status and name of tribe
- Marital status
- Race/ethnicity
- Requesting financial assistance
- Responsible person
- Applicant/Employee/dependent sex and name
- Student status
- Subscriber indicator and relationship to subscriber
- Total individual responsibility amount
Collection of PII for CoverME.gov Authorized Functions. PII collected from Consumers, Applicants, Qualified Individuals, or Enrollees, or these individuals’ legal representative or Authorized Representative, in the context of completing an application for QHP, APTC, or CSRs eligibility, or any data transmitted from or through CoverME.gov, may be used only for the Authorized Functions specified in Section III.a of this Acknowledgement. Such information may not be reused for any other purpose.
Collection and Use of Information Provided Under Other Authorities. This Acknowledgement does not preclude Agent/Broker/Entity from separately collecting information from Consumers, Applicants, Qualified Individuals, or Enrollees, or their legal representative or Authorized Representative, for a non-CoverME.gov purpose, and using, reusing, and disclosing such non-CoverME.gov information obtained separately as permitted by applicable law and/or other applicable authorities. Such information must be separately collected and stored from any PII collected in accordance with Section III.c of this Acknowledgement.
Ability of Consumer to Limit Collection and Use. Agent/Broker/Entity agrees to allow the Consumer, Applicant, Qualified Individual, or Enrollee, or these individuals’ legal representative or Authorized Representative, to limit the Agent/Broker/Entity’s creation, collection, use, maintenance, storage, and disclosure of their PII to the sole purpose of obtaining Agent/Broker/Entity’s assistance in applying for QHP, APTC, or CSRs eligibility, and for performing the Authorized Functions specified in Section III.a of this Acknowledgement.
PRIVACY AND SECURITY STANDARDS AND IMPLEMENTATION SPECIFICATIONS:
Agent/Broker/Entity agrees to comply with the privacy and security principles and standards required by 45 CFR 155.260 which are outlined here and in the implementation specifications in Appendix A to this Acknowledgement:
1. Individual Access to PII: Agents/Brokers/Entities that maintain and/or store PII must provide Consumers, Applicants, Qualified Individuals, and Enrollees, or these individuals’ legal representatives and Authorized Representatives, with a simple and timely means of appropriately accessing PII pertaining to them and/or the person they represent in a physical or electronic readable form and format.
  1. Standard: Agents/Brokers/Entities that maintain and/or store PII must implement policies and procedures that provide consumer access to PII upon request.
2. Openness and Transparency. Agent/Brokers/Entities must ensure openness and transparency about policies, procedures, and technologies that directly affect Consumers, Applicants, Qualified Individuals, and Enrollees and their PII.
  1. Standard: Privacy Notice Statement. Prior to collecting PII, the Agent/Broker/Entity must provide a notice that is prominently and conspicuously displayed on a public facing website, if applicable, or on the electronic and/or paper form the Agent/Broker/Entity will use to gather and/or request PII.
3. Individual Choice. Agents/Brokers/Entities should ensure that Consumers, Applicants, Qualified Individuals, and Enrollees—or these individuals’ legal representatives or Authorized Representatives—are provided a reasonable opportunity and capability to make informed decisions about the creation, collection, disclosure, access, maintenance, storage, and use of their PII.
  1. Standard: Informed Consent. The Agent/Broker/Entity may create, collect, disclose, access, maintain, store, and use PII from Consumers, Applicants, Qualified Individuals, and Enrollees—or these individuals’ legal representatives or Authorized Representatives—only for the functions and purposes listed in the Privacy Notice Statement and any relevant agreements in effect as of the time the information is collected, and only if Agent/Broker/Entity obtains informed consent from such individuals.
4. Creation, Collection, Disclosure, Access, Maintenance, Storage, and Use Limitations. Agents/Brokers/Entities must ensure that PII is only created, collected, disclosed, accessed, maintained, stored, and used to the extent necessary to accomplish the authorized purpose(s) in the consent document. Such information shall never be used to discriminate against a Consumer, Applicant, Qualified Individual, or Enrollee.
  1. Standard: Creation, Collection, Disclosure, Access, Maintenance, Storage, and Use Limitations. In accordance with the consent procedures outlined above, the Agent/Broker/Entity shall only create, collect, disclose, access, maintain, store, and use PII.
  2. Standard: Non-discrimination. The Agent/Broker/Entity should not use PII from the Consumer, Applicant, Qualified Individual, or Enrollee in a discriminatory manner.
5. Data Quality and Integrity. Agents/Brokers/Entities should take reasonable steps to ensure that PII is complete, accurate, and up-to-date to the extent such data is necessary for the Agent/Broker/Entity’s intended use of such data, and that such data has not been altered or destroyed in an unauthorized manner, thereby ensuring the confidentiality, integrity, and availability of PII.
  1. Standard: Right to Amend, Correct, Substitute, or Delete PII. Agents/Brokers/Entities must offer Consumers, Applicants, Qualified Individuals, and Enrollees—or these individuals’ legal representatives or Authorized Representatives—an opportunity to request amendment, correction, substitution, or deletion of PII maintained and/or stored by the Agent/Broker/Entity if such individual believes that the PII is not accurate, timely, complete, relevant, or necessary to accomplish CoverME.gov-related functions, except where the information questioned originated from other sources, in which case the individual should contact the originating source.
  2. Standard: Verification of Identity for Requests to Amend, Correct, Substitute or Delete PII. Agents/Brokers/Entities that maintain and/or store PII must develop and implement policies and procedures to verify the identity of any person who requests access to, notification of, or modification—including amendment, correction, substitution, or deletion—of PII that is maintained by or for the Agent/Broker/Entity. This includes confirmation of an individuals’ legal or personal authority to access, receive notification of, or seek modification—including amendment, correction, substitution, or deletion—of a Consumer’s, Applicant’s, Qualified Individual’s, or Enrollee’s PII.
  3. Standard: Accounting for Disclosures. Except for those disclosures made to the Agent/Broker/Entity’s Workforce who have a need for the record in the performance of their duties, and the disclosures that are necessary to carry out the required functions of the Agent/Broker/Entity, Agents/Brokers/Entities that maintain and/or store PII shall maintain an accounting of any and all disclosures.
6. Accountability. Agents/Brokers/Entities must adopt and implement the privacy and security standards and implementation specifications described in this document that have been established by CoverME.gov under 45 CFR 155.260(b) in a manner that ensures appropriate monitoring and other means and methods to identify and report Incidents and/or Breaches.
  1. Standard: Reporting. The Agent/Broker/Entity must implement Breach and Incident handling procedures that are consistent with CoverME.gov’s Incident Report and Notification Procedures and memorialized in the Agent/Broker/Entity’s own written policies and procedures.
  2. Standard: Standard Operating Procedures. The Agent/Broker/Entity shall incorporate privacy and security standards and implementation specifications, where appropriate, in its standard operating procedures that are associated with functions involving the creation, collection, disclosure, access, maintenance, storage, or use of PII.
  3. Standard: Training and Awareness. The Agent/Broker/Entity shall develop training and awareness programs for members of its Workforce that create, collect, disclose, access, maintain, store, and use PII while carrying out any Authorized Functions.
7. Safeguarding PII. Agents/Brokers/Entities must ensure that PII is protected with reasonable operational, administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access, use, or disclosure.
  1. Standard: Security Controls. The Agent/Broker/Entity is required to establish and implement operational, technical, administrative, and physical safeguards that are consistent with any applicable laws.
  2. Standard: Required Monitoring of Security Controls. An Agent/Broker/Entity must monitor, periodically assess, and update its security controls and related system risks to ensure the continued effectiveness of those controls.
  3. Standard: An Agent/Broker/Entity must develop and utilize secure electronic interfaces when transmitting PII electronically.
Proper Use of CoverME.gov system and platform
1. Agent/Broker/Entity acknowledges and agrees that proper use of the CoverME.gov system and platform consistent with this Acknowledgement, federal and State regulations, guidance, standards, and other applicable law is a condition of Agent/Broker/Entity’s authority under this Acknowledgement, and acknowledges and agrees that proper uses may include, but are not limited to, the following:
  1. Agent/Broker/Entity may have only one CoverME.gov Agent/Broker/Entity account.
  2. Only Agent/Broker/Entity may use the log-in credentials Agent/Broker/Entity created to access the CoverME.gov platform. Agent/Broker/Entity agrees to safeguard Agent/Broker/Entity’s log-in credentials and not allow any other person, including but not limited to administrative assistants or other employees, to use Agent/Broker/Entity’s log-in credentials. Where an Entity has registered with CoverME.gov, only a licensed Agent or Broker associated with the Entity may use the log-in credentials for that Entity to access the CoverME.gov platform, provided that the CoverME.gov profile of the Entity must indicate the NPN of the Agent or Broker using the Entity’s log-in credentials.
  3. Agent/Broker/Entity may only conduct a single log-in session into Agent/Broker/Entity’s CoverME.gov account to conduct Person Searches and any other electronic searches.
  4. Scripting and other automation of interactions with the CoverME.gov platform is strictly prohibited, unless approved in advance in writing by OHIM. Agent/Broker/Entity acknowledges and agrees that conducting such prohibited automated activities may result in Agent/Broker/Entity’s CoverME.gov access being disabled immediately and without prior notice.
  Non-compliance with the CoverME.gov Rules of Behavior may be cause for civil and criminal actions against Agent/Broker/Entity. Depending on the severity of the violation and CoverME.gov discretion, consequences may include one or more of the following actions:
  - Suspension of access privileges;
  - Revocation of access to certain information, information systems, and/or facilities;
  - Report to licensing entity;
  - Termination of role with CoverME.gov;
  - Removal or disbarment from work in certain areas or projects;
  - Monetary fines; and/or
  - Criminal charges that may result in fines or imprisonment.

IV. DESTRUCTION OF PII

Agent/Broker/Entity covenants and agrees to destroy all PII in its possession at the end of the record retention period specified in section III. If, upon the termination or expiration of this Acknowledgement, Agent/Broker/Entity has in its possession PII for which no retention period is specified in Section III, such PII shall be destroyed within 30 Days of the termination or expiration of this Acknowledgement. Agent/Broker/Entity’s duty to protect and maintain the privacy and security of PII, as provided for in Section III of this Acknowledgement, shall continue in full force and effect until such PII is destroyed and shall survive the termination or expiration of this Acknowledgement.

V. MISCELLANEOUS

Effective Date, Term and Renewal. This Acknowledgement becomes effective on the date that Agent/Broker/Entity electronically executes this Acknowledgement and ends on the day before the first day of the open enrollment period under 45 CFR 155.410(e)(2) for the benefit year beginning January 1, 2024. This Acknowledgement is renewable for subsequent one (1)-year terms upon thirty (30) days' advance written notice to Agent/Broker/Entity at CoverME.gov’s sole and absolute discretion, which notice of renewal shall be acknowledged by the Agent/Broker/Entity.
Termination and Reconsideration.
1. The termination of this Acknowledgement and the reconsideration of any such termination shall be governed by the termination and reconsideration standards adopted by the HHS/Federally-facilitated Exchange under 45 CFR 155.220. Notwithstanding the foregoing, Agent/Broker/Entity shall be considered in “Habitual Default” of this Acknowledgement in the event that it has been served with a non-compliance notice under 45 CFR 155.220(g) more than three (3) times in any calendar year, whereupon CoverME.gov may, in its sole discretion, immediately thereafter terminate this Acknowledgement upon notice to Agent/Broker/Entity without any further opportunity to resolve the breach and/or non-compliance.
2. Termination for Failure to Maintain Valid State Licensure. Agent/Broker/Entity acknowledges and agrees that valid State licensure is a precondition to Agent/Broker/Entity’s authority under this Acknowledgement. Accordingly, CoverME.gov may terminate this Acknowledgement if Agent/Broker/Entity fails to maintain valid licensure. Any such termination shall be governed by the termination and reconsideration standards adopted by the HHS/Federally-facilitated Exchange under 45 CFR 155.220(g)(3)(ii) and (h). In addition:
  1. Agent/Broker/Entity acknowledges and agrees that CoverME.gov is entitled to, and must be able to, confirm that Agent/Broker/Entity has and maintains valid state licensure.
  2. To facilitate CoverME.gov’s confirmation of Agent/Broker/Entity’s state licensure status, the Agent/Broker/Entity covenants and further agrees to maintain a correct and up-to-date CoverME.gov registration profile and a correct and up-to-date profile in the National Insurance Producer Registry (https://nipr.com/). These profiles shall include a correct and up-to-date National Producer Number (NPN), email address, phone number, and business street address.
Notice. All notices specifically required under this Acknowledgement shall be given in writing and shall be delivered as follows:
- If to CoverME.gov:
  - Office of the Health Insurance Marketplace
    Maine Department of Health and Human Services
    109 Capitol Street
    11 State House Station
    Augusta, Maine 04333
  - SBMBrokers.dhhs@maine.gov
  - If to Agent/Broker/Entity, to Agent/Broker/Entity's address, including email address, on record with CoverME.gov through the registration process, and any updates Agent/Broker/Entity provides in the CoverME.gov system.
  Notices sent by hand, by overnight courier service or via email, or mailed by certified or registered mail, shall be deemed to have been given when received; notices sent by facsimile shall be deemed to have been given when the appropriate confirmation of receipt has been received; notices not given on a business day (i.e., Monday – Friday excluding Federal holidays) between 9:00 a.m. and 5:00 p.m. local time where the recipient is located shall be deemed to have been given at 9:00 a.m. on the next business day for the recipient. CoverME.gov and Agent/Broker/Entity may change their contact information for notices and other communications by providing thirty (30) days’ written notice of such change in accordance with this provision.
Assignment and Subcontracting. Agent/Broker/Entity shall not assign this Acknowledgement in whole or in part, whether by merger, acquisition, consolidation, reorganization, or otherwise, nor subcontract any portion of the services to be provided by Agent/Broker/Entity under this Acknowledgement, nor otherwise delegate any of its obligations under this Acknowledgement, without the express, prior written consent of CoverME.gov, which consent may be withheld, conditioned, granted, or denied in CoverME.gov’s sole and absolute discretion. Agent/Broker/Entity further shall not assign this Acknowledgement or any of its rights or obligations hereunder without the express, prior written consent of CoverME.gov. If Agent/Broker/Entity attempts to make an assignment, subcontract its service obligations, or otherwise delegate its obligations hereunder in violation of this provision, such assignment, subcontract, or delegation shall be deemed void ab initio and of no force or effect, and Agent/Broker/Entity shall remain legally bound hereto and responsible for all obligations under this Acknowledgement. Agent/Broker/Entity shall further be thereafter subject to such compliance actions as may otherwise be provided for under applicable law.
Survival. Agent/Broker/Entity's duty to protect and maintain the privacy and security of PII under this agreement shall survive this agreement shall survive the expiration or earlier termination of this Agreement.
Severability. The invalidity or unenforceability of any provision of this Acknowledgement shall not affect the validity or enforceability of any other provision of this Acknowledgement. In the event that any provision of this Acknowledgement is determined to be invalid, unenforceable, or otherwise illegal, such provision shall be deemed restated, in accordance with applicable law, to reflect as nearly as possible the original intention of the parties, and the remainder of the Acknowledgement shall be in full force and effect.
Disclaimer of Joint Venture. Neither this Acknowledgement nor the activities of Agent/Broker/Entity contemplated by and under this Acknowledgement shall be deemed or construed to create in any way any partnership, joint venture, or agency relationship between CoverME.gov and Agent/Broker/Entity. Neither CoverME.gov or Agent/Broker/Entity is, nor shall either CoverME.gov or Agent/Broker/Entity hold itself out to be, vested with any power or right to bind the other contractually or to act on behalf of the other, except to the extent expressly set forth in the PPACA and the regulations codified thereunder, including as codified at 45 CFR part 155.
Remedies Cumulative. No remedy herein conferred upon or reserved to CoverME.gov under this Acknowledgement is intended to be exclusive of any other remedy or remedies available to CoverME.gov under operative law and regulation, and each and every such remedy, to the extent permitted by law, shall be cumulative and in addition to any other remedy now or hereafter existing at law or in equity or otherwise.
Compliance with Law. Agent/Broker/Entity covenants and agrees to comply with any and all applicable federal and State laws, statutes, regulations, or ordinances that are applicable to the conduct of the activities that are the subject of this Acknowledgement, including but not necessarily limited to, any additional and applicable standards required by statute, and any regulations or policies implementing or interpreting such statutory provisions hereafter issued by CMS or CoverME.gov. In the event of a conflict between the terms of this Acknowledgement and any statutory, regulatory, or sub-regulatory guidance, the requirement that constitutes the stricter, higher, or more stringent level of compliance shall control.
Governing Law and Consent to Jurisdiction. This Acknowledgement will be governed by the laws and common law of the State of Maine, without regard to any conflict of laws, statutes, or rules. Agent/Broker/Entity further agrees and consents to the jurisdiction of the Maine Superior Court, Federal Courts located within Maine and the courts of appeal therefrom and waives any claim of lack of jurisdiction or forum non conveniens.
Amendment. CoverME.gov may amend this Acknowledgement for purposes of reflecting changes in applicable law or regulations, with such amendments taking effect upon thirty (30)- Days’ written notice to Agent/Broker/Entity (“CoverME.gov notice period”). Any amendments made under this provision will only have prospective effect and will not be applied retrospectively. Agent/Broker/Entity may reject such amendment, by providing to CoverME.gov, during the CoverME.gov notice period, thirty (30)-Days’ written notice of its intent to reject the amendment (“rejection notice period”). Any such rejection of an amendment made by CoverME.gov shall result in the termination of this Acknowledgement upon expiration of the rejection notice period.
Audit. Agent/Broker/Entity agrees that CoverME.gov, the Center for Medicare and Medicaid Services (CMS), the Comptroller General, the Office of the Inspector General of HHS, or their designees have the right to audit, inspect, evaluate, examine, and make excerpts, transcripts, and copies of any books, records, documents, and other evidence of Agent/Broker/Entity compliance with the requirements of this Acknowledgement, upon reasonable notice to Agent/Broker/Entity and during ABE’s regular business hours and at ABE’s regular business location. Agent/Broker/Entity further agrees to allow reasonable access to the information and facilities requested by CoverME.gov, CMS, the Comptroller General, the Office of the Inspector General, or their designees for the purpose of such an audit.

BROKER/AGENT/ENTITY ACKNOWLEDGMENT OF OBLIGATIONS AND REQUIREMENTS TO BE INCLUDED IN THE MAINE HEALTH INSURANCE MARKETPLACE SIGNATURE:

No signatures by the Office of the Health Insurance Marketplace (OHIM) shall be affixed to this agreement, nor shall any wet handwritten signature be required for this Agreement to be legally enforceable notwithstanding a contrary requirement in any law or regulation. By attesting in CoverME.gov’s registration system that you have read and accepted this Agreement, you are entering into a binding Agreement with CoverME.gov, the affirmation of which will be considered your electronic signature as to the date and time such affirmation was made. By submitting your registration, you are signing this Agreement electronically. You agree your electronic signature is the legal equivalent of your wet signature on this Agreement, and you consent to be legally bound by this Agreement's terms and conditions. You further agree that your use of a keypad, mouse, or other device to select an item, button, icon or similar act/action, or to otherwise access or make any transaction regarding any agreement, acknowledgement, consent terms, disclosures or conditions constitutes your signature (hereafter referred to as “E-Signature”), acceptance and agreement as if actually signed by you in writing. You also agree that no certification authority or other third-party verification is necessary to validate your E-Signature and that the lack of such certification or third party verification will not in any way affect the enforceability of your E-Signature on this Agreement or any resulting contract between you and CoverME.gov. You also represent that you are authorized to enter into this Agreement for all persons who own or are authorized to access any of your accounts and that such persons will be bound by the terms of this Agreement. You further agree that each use of your E-Signature in accessing the CoverME.gov Platform constitutes your agreement to be bound by the terms and conditions of this Agreement, any policies and procedures adopted by the Office of the Health Insurance Marketplace, and Federal and State Law.

By accepting your affirmation and otherwise certifying you to operate on the CoverME.gov Platform, OHIM has electronically agreed to the terms of this Agreement. The promulgation of this Agreement shall constitute the necessary legal signatures on this Agreement.

The parties hereby agree not to contest the validity or enforceability of this Agreement executed electronically, or acknowledgment issued electronically, under the provisions of a statute of frauds or any other applicable law relating to whether certain agreements be in writing and signed by the party bound thereby. Any genuine agreement or acknowledgment executed or issued electronically, if introduced as evidence on paper in any judicial, arbitration, mediation, or administrative proceedings, will be admissible as between the parties to the same extent and under the same conditions as other business records originated and maintained in documentary form. Neither party shall contest the admissibility of copies of a genuine agreement or acknowledgments under either the business records exception to the hearsay rule or the best evidence rule on the basis that the agreement or acknowledgment wereas not in writing or signed by the parties. An agreement or acknowledgment shall be deemed to be genuine for all purposes if it is transmitted to the location designated for such documents.

APPENDIX A

PRIVACY AND SECURITY STANDARDS AND IMPLEMENTATION SPECIFICATIONS:

Agent/Broker/Entity must comply with the following privacy and security principles and standards that are required by 45 CFR 155.260:

(1) Individual Access to PII: Agents/Brokers/Entities that maintain and/or store PII must provide Consumers, Applicants, Qualified Individuals, and Enrollees, or these individuals’ legal representatives and Authorized Representatives, with a simple and timely means of appropriately accessing PII pertaining to them and/or the person they represent in a physical or electronic readable form and format.
1. Standard: Agents/Brokers/Entities that maintain and/or store PII must implement policies and procedures that provide access to PII upon request.
  1. Implementation Specifications:
    1. Access rights must apply to any PII that is created, collected, disclosed, accessed, maintained, stored, and used by the Agent/Broker/Entity to perform any of the Authorized Functions outlined in their agreement with CoverME.gov.
    2. The release of electronic documents containing PII through any electronic means of communication (e.g., e-mail, web portal) must meet the verification requirements for the release of “written documents” in Section (5)B below.
    3. Persons legally authorized to act on behalf of Consumers, Applicants, Qualified Individuals, and Enrollees regarding their PII, including individuals acting under an appropriate power of attorney that complies with applicable state and federal law, must be granted access in accordance with their legal authority. Such access would generally be expected to be coextensive with the degree of access available to the Subject Individual.
    4. At the time the request is made, the Consumer, Applicant, Qualified Individual, and Enrollee—or these individuals’ legal representatives or Authorized Representatives—should generally be required to specify which PII he or she would like access to. The Agent/Broker/Entity may assist them in determining their information or data needs if such assistance is requested.
    5. Subject to paragraphs 6 and 7 below, Agent/Broker/Entity generally must provide access to the PII in the form or format requested, if it is readily producible in such form or format.
    6. The Agent/Broker/Entity may charge a fee only to recoup the costs for labor for copying the PII, supplies for creating a paper copy or a copy on electronic media, postage if the PII is mailed, or any costs for preparing an explanation or summary of the PII if the recipient has requested and/or agreed to receive such summary. If such fees are paid, the Agent/Broker/Entity must provide the requested copies in accordance with any other applicable standards and implementation specifications.
    7. An Agent/Broker/Entity that receives a request for notification of, or access to, PII must verify the requestor’s identity in accordance with Section (5)B below.
    8. An Agent/Broker/Entity must complete its review of a request for access or notification (and grant or deny said notification and/or access) within 30 Days of receipt of the notification and/or access request.
    9. Except as otherwise provided in paragraph 10 below, if the requested PII cannot be produced, the Agent/Broker/Entity must provide an explanation for its denial of the notification or access request, and, if applicable, information regarding the availability of any appeal procedures, including the appropriate appeal authority’s name, title, and contact information.
    10. Agent/Broker/Entity may deny access to PII that they maintain or store without providing an opportunity for review, in the following circumstances:
      1. If the PII was obtained or created solely for use in legal proceedings;
      2. If the PII is contained in records that are subject to a law that either permits withholding the PII or bars the release of such PII.
Openness and Transparency. Agent/Brokers/Entities must ensure openness and transparency about policies, procedures, and technologies that directly affect Consumers, Applicants, Qualified Individuals, and Enrollees and their PII.
1. Standard: Privacy Notice Statement. Prior to collecting PII, the Agent/Broker/Entity must provide a notice that is prominently and conspicuously displayed on a public facing website, if applicable, or on the electronic and/or paper form the Agent/Broker/Entity will use to gather and/or request PII.
  1. Implementation Specifications:
    1. The statement must be written in plain language and provided in a manner that is accessible and timely to people living with disabilities and with limited English proficiency.
    2. The statement must contain at a minimum the following information:
      1. Legal authority to collect PII;
      2. Purpose of the information collection;
      3. To whom PII might be disclosed, and for what purposes;
      4. Authorized uses and disclosures of any collected information;
      5. Whether the request to collect PII is voluntary or mandatory under the applicable law;
      6. Effects of non-disclosure if an individual chooses not to provide the requested information.
    3. The Agent/Broker/Entity shall maintain its Privacy Notice Statement content by reviewing and revising it as necessary on an annual basis, at a minimum, and before or as soon as possible after any change to its privacy policies and procedures.
    4. If the Agent/Broker/Entity operates a website, it shall ensure that descriptions of its privacy and security practices, and information on how to file complaints with CoverME.gov and the Agent/Broker/Entity, are publicly available through its website.
Individual Choice. Agents/Brokers/Entities should ensure that Consumers, Applicants, Qualified Individuals, and Enrollees—or these individuals’ legal representatives or Authorized Representatives—are provided a reasonable opportunity and capability to make informed decisions about the creation, collection, disclosure, access, maintenance, storage, and use of their PII.
1. Standard: Informed Consent. The Agent/Broker/Entity may create, collect, disclose, access, maintain, store, and use PII from Consumers, Applicants, Qualified Individuals, and Enrollees—or these individuals’ legal representatives or Authorized Representatives—only for the functions and purposes listed in the Privacy Notice Statement and any relevant agreements in effect as of the time the information is collected, and only if Agent/Broker/Entity obtains informed consent from such individuals.
  1. Implementation Specifications:
    1. The Agent/Broker/Entity must obtain informed consent from individuals for any use or disclosure of information within the scope of the Privacy Notice Statement provided to individuals, and the Agent/Broker/Entity must also obtain informed consent for a use and disclosure of PII that is not permissible under the Privacy Notice Statement and any relevant agreements that were in effect as of the time the PII was collected. Such consent must be subject to a right of revocation.
    2. Any such consent that serves as the basis of a use or disclosure must:
      1. Be provided in specific terms and in plain language;
      2. Identify the entity collecting or using the PII, and/or making the disclosure;
      3. Identify the specific collections, use(s), and disclosure(s) of specified PII with respect to a specific recipient(s);
      4. (d) Provide notice of an individual’s ability to revoke the consent at any time.
    3. Consent documents must be appropriately secured and retained for 10 years.
Creation, Collection, Disclosure, Access, Maintenance, Storage, and Use Limitations. Agents/Brokers/Entities must ensure that PII is only created, collected, disclosed, accessed, maintained, stored, and used to the extent necessary to accomplish the authorized purpose(s) in the consent document. Such information shall never be used to discriminate against a Consumer, Applicant, Qualified Individual, or Enrollee.
1. Standard: Creation, Collection, Disclosure, Access, Maintenance, Storage, and Use Limitations. In accordance with the consent procedures outlined above, the Agent/Broker/Entity shall only create, collect, disclose, access, maintain, store, and use PII:
  1. i. To the extent necessary to ensure the efficient operation of CoverME.gov;
  2. ii. In accordance with its published Privacy Notice Statement and any applicable agreements that were in effect at the time the PII was collected, including the consent procedures outlined in Section (3) above; and/or
  3. iii. In accordance with the permissible functions outlined in the regulations and agreements between CoverME.gov and the Agent/Broker/Entity.
2. Standard: Non-discrimination. The Agent/Broker/Entity should not use PII from the Consumer, Applicant, Qualified Individual, or Enrollee in a discriminatory manner. To the greatest extent practicable, the Agent/Broker/Entity should collect PII directly from the consumer, Applicant, Qualified Individual, or Enrollee, when the information may result in adverse determinations
3. Standard: Prohibited uses and disclosures of PII.
  1. Implementation Specifications:
    1. The Agent/Broker/Entity shall not request information regarding citizenship, status as a national, or immigration status for an individual who is not seeking coverage for himself or herself on any application.
    2. The Agent/Broker/Entity shall not require an individual who is not seeking coverage for himself or herself to provide a Social Security number (SSN), except if an Applicant’s eligibility is reliant on a tax filer’s tax return and their SSN is relevant to verification of household income and family size.
    3. The Agent/Broker/Entity shall not use PII to discriminate, including employing marketing practices or benefit designs that will have the effect of discouraging the enrollment of individuals with significant health needs in QHPs.
Data Quality and Integrity. Agents/Brokers/Entities should take reasonable steps to ensure that PII is complete, accurate, and up-to-date to the extent such data is necessary for the Agent/Broker/Entity’s intended use of such data, and that such data has not been altered or destroyed in an unauthorized manner, thereby ensuring the confidentiality, integrity, and availability of PII.
1. Standard: Right to Amend, Correct, Substitute, or Delete PII. Agents/Brokers/Entities must offer Consumers, Applicants, Qualified Individuals, and Enrollees—or these individuals’ legal representatives or Authorized Representatives—an opportunity to request amendment, correction, substitution, or deletion of PII maintained and/or stored by the Agent/Broker/Entity if such individual believes that the PII is not accurate, timely, complete, relevant, or necessary to accomplish CoverME.gov-related functions, except where the information questioned originated from other sources, in which case the individual should contact the originating source.
  1. Implementation Specifications:
    1. Such individuals shall be provided with instructions as to how they should address their requests to the Agent/Broker/Entity’s Responsible Official, in writing or telephonically. They may also be offered an opportunity to meet with such individual or their delegate(s) in person.
    2. Such individuals shall be instructed to specify the following in each request:
      1. The PII they wish to correct, amend, substitute or delete; and
      2. The reasons for requesting such correction, amendment, substitution, or deletion, along with any supporting justification or evidence.
    3. Such requests must be granted or denied within no more than ten (10) business days of receipt.
    4. If the Agent/Broker/Entity (or its delegate) reviews these materials and ultimately agrees that the identified PII is not accurate, timely, complete, relevant, or necessary to accomplish the function for which the PII was obtained/provided, the PII should be corrected, amended, substituted, or deleted in accordance with applicable law.
    5. If the Agent/Broker/Entity (or its delegate) reviews these materials and ultimately does not agree that the PII should be corrected, amended, substituted, or deleted, the requestor shall be informed in writing of the denial, and, if applicable, the availability of any appeal procedures. If available, the notification must identify the appropriate appeal authority including that authority’s name, title, and contact information.
2. Standard: Verification of Identity for Requests to Amend, Correct, Substitute or Delete PII. Agents/Brokers/Entities that maintain and/or store PII must develop and implement policies and procedures to verify the identity of any person who requests access to, notification of, or modification—including amendment, correction, substitution, or deletion—of PII that is maintained by or for the Agent/Broker/Entity. This includes confirmation of an individuals’ legal or personal authority to access, receive notification of, or seek modification—including amendment, correction, substitution, or deletion—of a Consumer’s, Applicant’s, Qualified Individual’s, or Enrollee’s PII.
  1. Implementation Specifications:
    1. The requester must submit through mail, via an electronic upload process, or in-person to the Agent/Broker/Entity’s Responsible Official, a copy of one of the following government-issued identification: a driver’s license, school identification card, voter registration card, U.S. military card or draft record, identification card issued by the federal, state or local government, including a U.S. passport, military dependent’s identification card, Native American tribal document, or U.S. Coast Guard Merchant Mariner card.
    2. If such requester cannot provide a copy of one of these documents, he or she can submit two of the following documents that corroborate one another: a birth certificate, Social Security card, marriage certificate, divorce decree, employer identification card, high school or college diploma, and/or property deed or title.
3. Standard: Accounting for Disclosures. Except for those disclosures made to the Agent/Broker/Entity’s Workforce who have a need for the record in the performance of their duties, and the disclosures that are necessary to carry out the required functions of the Agent/Broker/Entity, Agents/Brokers/Entities that maintain and/or store PII shall maintain an accounting of any and all disclosures.
  1. Implementation Specifications:
    1. The accounting shall contain the date, nature, and purpose of such disclosures, and the name and address of the person or agency to whom the disclosure is made.
    2. The accounting shall be retained for at least ten (10) years after the disclosure, or the life of the record, whichever is longer.
    3. Notwithstanding exceptions in Section (1) A.10, this accounting shall be available to Consumers, Applicants, Qualified Individuals, and Enrollees—or these individuals’ legal representatives or Authorized Representatives—on their request per the procedures outlined under the access standards in Section (1) above.
Accountability. Agents/Brokers/Entities must adopt and implement the privacy and security standards and implementation specifications described in this document that have been established by CoverME.gov under 45 CFR 155.260(b) in a manner that ensures appropriate monitoring and other means and methods to identify and report Incidents and/or Breaches.
1. Standard: Reporting. The Agent/Broker/Entity must implement Breach and Incident handling procedures that are consistent with CoverME.gov’s Incident and Breach Notification Procedures and memorialized in the Agent/Broker/Entity’s own written policies and procedures. Such policies and procedures would:
  1. Identify the Agent/Broker/Entity’s Designated Privacy Official, if applicable, and/or identify other personnel authorized to access PII and responsible for reporting Incidents or Breaches to CoverME.gov.
  2. Provide details regarding the identification, response, recovery, and follow-up of Incidents and Breaches, which should include information regarding the potential need for CoverME.gov to immediately suspend or revoke access to the CoverME.gov platform for containment purposes; and
  3. Require reporting any Incident or Breach of PII to the OHIM via email notification at SBMBrokers.dhhs@maine.gov within one hour of discovery.
2. Standard: Standard Operating Procedures. The Agent/Broker/Entity shall incorporate privacy and security standards and implementation specifications, where appropriate, in its standard operating procedures that are associated with functions involving the creation, collection, disclosure, access, maintenance, storage, or use of PII.
  1. Implementation Specifications:
    1. The privacy and security standards and implementation specifications shall be written in plain language and shall be available to all of the Agent/Broker/Entity’s Workforce members whose responsibilities entail the creation, collection, maintenance, storage, access, or use of PII.
    2. The procedures shall ensure the Agent/Broker/Entity’s cooperation with CoverME.gov in resolving any Incident or Breach, including (if requested by CoverME.gov) the return or destruction of any PII files it received under the Acknowledgement; the provision of a formal response to an allegation of unauthorized PII use, reuse, or disclosure; and/or the submission of a corrective action plan with steps designed to prevent any future unauthorized uses, reuses, or disclosures.
    3. The standard operating procedures must be designed and implemented to ensure the Agent/Broker/Entity and its Workforce comply with the standards and implementation specifications contained herein, and must be reasonably designed, taking into account the size and the type of activities that relate to PII undertaken by the Agent/Broker/Entity, to ensure such compliance.
3. Standard: Training and Awareness. The Agent/Broker/Entity shall develop training and awareness programs for members of its Workforce that create, collect, disclose, access, maintain, store, and use PII while carrying out any Authorized Functions.
  1. Implementation Specifications:
    1. The Agent/Broker/Entity must require such individuals to successfully complete privacy and security training, as appropriate for their work duties and level of exposure to PII, prior to when they assume responsibility for/have access to PII.
    2. The Agent/Broker/Entity must require periodic role-based training on an annual basis, at a minimum.
Safeguarding PII. Agents/Brokers/Entities must ensure that PII is protected with reasonable operational, administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access, use, or disclosure.
1. Standard: Security Controls. The Agent/Broker/Entity is required to establish and implement operational, technical, administrative, and physical safeguards that are consistent with any applicable laws and ensure that:
  1. PII is only used by or disclosed to those authorized to receive or view it;
  2. PII is protected against any reasonably anticipated threats or hazards to the confidentiality, integrity, and availability of such information;
  3. PII is protected against any reasonably anticipated uses or disclosures of such information that are not permitted or required by law; and
  4. PII is securely destroyed or disposed of in an appropriate and reasonable manner and in accordance with retention schedules.
2. Standard: Required Monitoring of Security Controls. An Agent/Broker/Entity must monitor, periodically assess, and update its security controls and related system risks to ensure the continued effectiveness of those controls.
3. Standard: An Agent/Broker/Entity must develop and utilize secure electronic interfaces when transmitting PII electronically.

APPENDIX B

DEFINITIONS

Capitalized terms in this Acknowledgement are defined pursuant to federal regulations, unless stated otherwise, and are subject to change through future rulemaking.

Advance Payments of the Premium Tax Credit (APTC) has the meaning set forth in 45 CFR 155.20.
Agent or Broker: Has the meaning set forth in 45 CFR 155.20.
Agent/Broker/Entity: As defined for the purposes of this Acknowledgement, Agent/Broker/Entity is a collective term for Agents, Brokers, and Agent or Broker Entities that have entered into this Acknowledgement.
Applicant: Has the meaning set forth in 45 CFR 155.20.
Application Filer has the meaning set forth in 45 CFR 155.20.
Authorized Function means a task performed by an Agent/Broker/Entity that the Agent/Broker/Entity is explicitly authorized or required to perform based on applicable law or regulation, and as enumerated in the Acknowledgement that incorporates this Appendix B.
Authorized Representative means a person or organization meeting the requirements set forth in 45 CFR 155.227 (however, note that Medicaid has different requirements for authorized representatives set forth in 45 CFR 435.932).
Breach is defined in the Glossary of Office of Management and Budget (OMB) Memorandum M-17-12 (January 3, 2017) and means the loss of control, compromise, unauthorized disclosure, unauthorized acquisition, or any similar occurrence where (1) a person other than an authorized user accesses or potentially accesses personally identifiable information or (2) an authorized user accesses personally identifiable information for an other than authorized purpose.
CMS means the Centers for Medicare & Medicaid Services.
Compliance and Oversight Activities are the routine activities and processes conducted by a QHP Issuer, Agent, or Broker as related to ensuring operational integrity, including but not limited to internal reviews and audits of business procedures and processes and maintaining records as required by State or Federal law.
Consumer: As defined for the purposes of this Acknowledgement, a person who, for himself or herself, or on behalf of another individual, seeks information related to eligibility or coverage through a Qualified Health Plan (QHP) offered through an Exchange or an Insurance Affordability Program, or whom an Agent or Broker, Navigator, Certified Application Counselor, or other Entity assists in applying for coverage through a QHP, applying for APTC and/or CSRs, and/or completing enrollment in a QHP for individual health insurance coverage offered through CoverME.gov.
Cost-sharing Reductions (CSRs): Has the meaning set forth in 45 CFR 155.20.
CoverME.gov: CoverME.gov is the Maine Health Insurance Marketplace established pursuant to 22 M.R.S. section 5403 and operated by OHIM.
Customer Service means assistance regarding Health Insurance Coverage provided to a Consumer, Applicant, Qualified Employer, or Qualified Employee, including but not limited to responding to questions and complaints and providing information about Health Insurance Coverage and enrollment processes in connection with an FFE or SBE-FP.
Day or Days means calendar days unless otherwise expressly indicated in the relevant provision of the Acknowledgement that incorporates this Appendix B.
Designated Privacy Official means a contact person or office responsible for receiving complaints related to Breaches or Incidents, able to provide further information about matters covered by the notice, responsible for the development and implementation of the privacy and security policies and procedures of the Agent/Broker/Entity, and ensuring the Agent/Broker/Entity has in place appropriate safeguards to protect the privacy and security of PII.
Enrollee: As defined for the purposes of this Acknowledgement, an individual enrolled in a QHP or Insurance Affordability Program.
Enrollment Reconciliation is the process set forth in 45 CFR 155.400(d).
Exchange has the meaning set forth in 45 CFR 155.20.
Entity: As defined for the purposes of this Acknowledgement, means a legal organization whose business is directly related to enrollment through the Exchange, or to assisting Qualified Individuals in applying for APTC and/or CSRs, and applying for and enrolling in QHPs in a manner that is considered through the Exchange.
Exchange: Has the meaning set forth in 45 CFR 155.20 and is CoverME.gov in Maine.
Federal Data Services Hub (Hub) is the CMS Federally-managed service to interface data among connecting entities, including HHS, certain other Federal agencies, and State Medicaid agencies.
Federally-facilitated Exchange (FFE): As defined for the purposes of this Acknowledgement, an Exchange for individual health insurance coverage established by HHS and operated by CMS under section 1321(c)(1) of the PPACA.
Federally-facilitated Marketplace (FFM) has the same meaning as FFE.
Federal Privacy Impact Assessment (PIA) is an analysis of how information is handled: (i) to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; (ii) to determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system; and (iii) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks, as defined in OMB Memorandum M-03-22, OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002 (September 26, 2003).
Health Insurance Coverage has the meaning set forth in 45 CFR 155.20.
HHS means the U.S. Department of Health & Human Services.
Health Insurance Portability and Accountability Act (HIPAA) means the Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104-191, as amended, and its implementing regulations.
Incident or Security Incident is defined in the Glossary of Office of Management and Budget (OMB) Memorandum M-17-12 (January 3, 2017) and means an occurrence that (1) actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system; or (2) constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.
Information means any communication or representation of knowledge such as facts, data, or opinions in any medium or form, including textual, numerical, graphic, cartographic, narrative, or audiovisual.
Insurance Affordability Program: Has the meaning set forth in 45 CFR 155.300(a). 32. Issuer has the meaning set forth in 45 CFR 144.103.
Issuer has the meaning set forth in 45 CFR 144.103.
Patient Protection and Affordable Care Act (PPACA) means the Patient Protection and Affordable Care Act (Public Law 111-148), as amended by the Health Care and Education Reconciliation Act of 2010 (Public Law 111-152), which are referred to collectively as the Patient Protection and Affordable Care Act.
Non-Exchange Entity has the meaning at 45 CFR 155.260(b), including but not limited to Navigators, Agents, Brokers, and other Entities.
Personally Identifiable Information (PII): Has the meaning contained in the Glossary of Office of Management and Budget (OMB) Memorandum M-17-12 (January 3, 2017) and means information that can be used to distinguish or trace an individual's identity, either alone or when combined with other information that is linked or linkable to a specific individual.
Person Search: As defined for the purposes of this Acknowledgement, means the use of a CoverME.gov system to seek information about an Applicant’s or existing Enrollee’s Exchange application or plan, where the Applicant or Consumer has given the Agent/Broker/Entity consent to work with them for purposes of applying for and enrolling in a QHP or applying for APTC and/or CSRs.
Qualified Health Plan (QHP): Has the meaning set forth in 45 CFR 155.20.
Qualified Health Plan Issuer (QHP Issuer): Has the meaning set forth in 45 CFR 155.20. 38. Qualified Individual: Has the meaning set forth in 45 CFR 155.20.
Qualified Individual: Has the meaning set forth in 45 CFR 155.20.
Responsible Official means an individual or officer responsible for managing a Agent/Broker/Entity or Exchange’s records or information systems, or another individual designated as an individual to whom requests can be made, or the designee of either such officer or individual who is listed in a Federal System of Records Notice as the system manager, or another individual listed as an individual to whom requests may be made, or the designee of either such officer or individual.
Security Control means a safeguard or countermeasure prescribed for an information system or an organization designed to protect the confidentiality, integrity, and availability of its information and to meet a set of defined security requirements.
State means a State that has licensed the Agent or Broker that is a party to this Acknowledgement and in which the Agent or Broker is operating.
Subject Individual: As defined for the purposes of this Acknowledgment, refers to the individual consumer, enrollee, or applicant to whom a System of Records is assigned.
System of Records means a group of Records under the control of any Federal agency from which information is retrieved by name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual.
Workforce means an Agent/Broker/Entity’s, FFE’s, SBE-FP’s employees, agents, contractors, subcontractors, officers, directors, agents, representatives, and any other individual who may create, collect, disclose, access, maintain, store, or use PII in the performance of his or her duties.

Agent/Broker/Entity Acknowledgment Of Obligations And Requirements To Be Included In The Maine Health Insurance Marketplace