The New York State Department of Health (DOH) Data Exchange Application and Agreement requires that business partners who desire access to DOH provided Medicaid data must adhere to the following:

  • Submit the Critical Controls Attestation Form (notarized) to the Systems Security and Privacy Bureau following a self-assessment
  • Address all gaps identified during the self-assessment by either remediating or planning the remediation formally documented via a Plan of Action and Milestone
  • Within six months following the self-assessment, engage an independent third-party to audit the plan and provide a formal audit report and an updated SSP Attestation against the NIST SP 800-53 controls

Whether you are looking to complete the Critical Controls Attestation Form, develop a remediation plan, or engage an independent audit firm, Clearwater’s experts can help you achieve compliance with this regulation.

For further insight, access our on-demand webinar Complying with Data Exchange Requirements in NY.