EHNAC updates data security criteria for 18 accreditation programs
The Electronic Healthcare Network Accreditation Commission, which accredits a range of industry stakeholders for meeting best business practices that include privacy and security protections, has finalized 2018 criteria for its 18 accreditation programs.
These programs cover providers, insurers, accountable care organizations, cloud programs, medication management, financial services, health information exchanges, billing, outsourcing, practice management systems and third-party administrators, among others.
“The EHNAC criteria for each of its accreditation programs sets the foundational requirements for measuring an organization’s ability to meet federal and state healthcare reform mandates such as HIPAA, Omnibus, ARRA/HITECH, ACA and other mandates for covered entities and business associates focusing on the areas of privacy, security, confidentiality, best practices, procedures and assets,” says Lee Barrett, the organization’s executive director.
Since 1995, EHNAC has been accrediting stakeholder organizations and now is launching a series of new initiatives. A new criterion, for example, is “FedRAMP,” a highly secure cloud platform for the federal government; under the EHNAC program, business associates can be accredited for meeting EHNAC’s best practices.
A fundamental change to how EHNAC operates also is intended to make it easier for providers to use the organization’s services. Many providers not only get accredited by EHNAC but also by another accreditation service from HITRUST, and providers have complained about the extra work and cost required to go through multiple and redundant accreditations, Barrett acknowledges.
Consequently, EHNAC has replaced its privacy and security requirements with those of HITRUST's CSF Framework to streamline the process for those seeking both EHNAC accreditation and HITRUST certification. In many cases, one or both assessments may be required to remain compliant with certain state and industry mandates.
EHNAC further is seeking to achieve greater visibility and adoption of its programs for accrediting health information exchanges, accountable care organizations and data registries, all of which are becoming increasingly more important in the industry.
The organization also is evaluating partnering with data security consortiums such as DirectTrust, The Sequoia Project, WEDI and CommonWell, among others, to create an accreditation program for blockchain initiatives. For now, this is a project still in the thinking stages, Barrett notes.
The EHNAC 2018 accreditation criteria are available here.