Microsoft yesterday announced that Azure now allows its customers to enable Affordable Care Act (ACA) Administering Entities (AEs) to address the Minimum Acceptable Risk Standards for Exchanges (MARS-E) 2.0 security and privacy control requirements. It provides controls and capabilities that can be used by customers to help manage MARS-E 2.0 control requirements.
MARS-E was originally published in 2012 and contains the information security guidance, requirements, and templates for AEs including state and federal Health Insurance Exchanges (HIX) or marketplaces who facilitate purchase of health insurance by consumers and small businesses. The exchanges handle Personally Identifiable Information (PII), Protected Health Information (PHI) or Federal Tax Information (FTI) of U.S. citizens. MARS-E provides guidance for state and federal HIXs and their contractors regarding the minimum-level security controls that must be implemented to protect information and information systems that Centers for Medicare and Medicaid Services (CMS) oversees. The new MARS-E 2.0 framework has been effective as of September 2015, and includes significant updates to security and privacy controls.
Read more about it from Microsoft Trust Center site.