The Electronic Healthcare Network Accreditation Commission (EHNAC) announced the release of new criteria versions for all 18 of its accreditation programs for use starting January 2020. Significant updates to the 2020 criteria include the evolution of two Direct Trusted Agent programs (DTAAP-CA, DTAAP-RA) to accreditation offerings by DirectTrust. DirectTrust Privacy & Security (DT P&S) accredits against HIPAA Privacy and Security requirements for organizations pursuing DirectTrust accreditation as a HISP, a Certificate Authority and/or a Registration Authority. The EHNAC Privacy & Security (EHNAC P&S) program accredits organizations utilizing EHNAC’s core criteria including privacy and security, customer service, business practices, personnel requirements, third-party cloud service providers, and more. This program is applicable for organizations with stakeholder-specific services that are not addressed by any of EHNAC’s other accreditation programs.
“EHNAC continues to establish standard criteria and to accredit organizations that electronically exchange healthcare data for security, confidentiality, accountability and efficiency,” said Lee Barrett, Executive Director and CEO of EHNAC. “These latest enhancements to EHNAC’s accreditation programs demonstrate the commitment of our criteria committee and commission to address the latest legislative and regulatory revisions, best practices and other modifications to help organizations assure compliance, assess risks and remain competitive.”
In addition, 2020 criteria updates include those for the Trusted Network Accreditation Programs (TNAP), designed to address alignment with TEFCA and 21st Century Cures Act: TNAP-Participant/Participant Member and TNAP-QHIN.
Following the standard, 60-day public comment period, EHNAC’s Criteria Committee and Commission has incorporated public feedback to finalize and adopt the enhanced and final criteria versions for the 18 accreditation programs.
The EHNAC criteria for each of its accreditation programs establishes the foundational requirements for measuring an organization’s ability to meet federal and state healthcare reform mandates such as HIPAA, 21st Century Cures, Omnibus, ARRA/HITECH, ACA and other mandates for covered entities and business associates focusing on the areas of privacy, security, confidentiality, best practices, procedures and assets.