Proposed EHNAC HITECH Criteria

EHNAC has developed draft criteria reflecting new rules and regulations generated from the American Recovery and Reinvestment Act (ARRA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act signed into law by President Obama in February 2009. This legislation amends existing rules and regulations and provides new HIPAA standards to strengthen security and privacy protections. The HITECH Act contains privacy and security provisions applicable to covered entities and their third-party business associates. Perhaps most significantly, the new law increases the legal obligations of business associates and makes them directly subject to the requirements of HIPAA.

Because of this legislation, organizations that handle or manage PHI are subject to an expanded range of rules and regulations surrounding data privacy and security. Therefore EHNAC has taken the initiative to include key provisions of ARRA and HITECH and developed the draft criteria to enhance its requirements for all of its accreditation programs, where applicable. Additional guidance is forthcoming during first quarter of 2010 for this legislation and EHNAC is awaiting those revisions to finalize the draft criteria before making it available for public comment and review and incorporation into its programs. The draft criteria available should be used as guidance for those organizations currently engaged in the accreditation process and for those considering applying for the process.

HITECH Draft Criteria

Legislative Crosswalk

In an effort to more closely align with key provisions of the federal legislation, including the American Recovery and Reinvestment Act (ARRA) of 2009, and the Health Information Technology for Economic and Clinical Health (HITECH) Act, EHNAC developed these documents to outline the synergies and gaps within existing EHNAC program criteria.

Legislative Crosswalk based in 2009 Criteria
Legislative Crosswalk based in 2010 Criteria

The Legislative Crosswalk matrices include changes to the EHNAC program criteria which have been fully reviewed and managed by the EHNAC criteria committee.

The Legislative Crosswalk matrices provide information about EHNAC criteria changes as they relate to compliance with not only the security and privacy regulations within the 2009 legislation, but also Health Insurance Portability and Accountability Act of 1996 (HIPAA) rules and proper management of protected health information (PHI).

Downloadable Documents

HITECH Draft Criteria
Legislative Crosswalk 2009
Legislative Crosswalk 2010