Cloud-Enabled Accreditation Criteria
EHNAC’s Cloud-Enabled Accreditation Criteria provides a higher level of stakeholder confidence for organizations under competitive pressures to demonstrate the rigor and structure of cloud-enabled platforms and applications. Developed by industry-peers, these criteria are offered exclusively for the users of FedRAMP-authorized services offered by Cloud Service Providers (CSPs) – regardless of the healthcare data exchange model (public/private cloud) the CSP supports.
In response to the privacy and security challenges of healthcare data exchange across the cloud, EHNAC’s Cloud-Enabled Criteria establish a trust framework between stakeholders and recognizes superior capabilities through the extensive review in the areas of privacy, security, mandated standards and key operational functions. These criteria assess health information and oversight for meeting privacy and security including, HIPAA, HITECH, 21st Century Cures Act, Omnibus Rule and ACA requirements, as well as technical performance, business processes and resource management. These comprehensive criteria require that the CSP-specific criteria be met by candidate organizations, which includes the demonstration of additional coordination with the CSP vendor.
These criteria are available to all organizations applying for EHNAC accreditation that use a FedRAMP-authorized CSP.
The criteria, standards and framework create a core set of requirements for compliance. In addition, the program:
- Ensures stakeholder trust for managing healthcare data exchange across cloud-enabled networks;
- Reviews the key functions of platform structure under FedRAMP guidelines including the areas of integrity, portability, interoperability, compliance monitoring, reporting and industry accreditation; and
- Serves as a baseline for the CSP FedRAMP-standard platform service for stakeholders to assure compliance with federal guidelines and industry adopted frameworks and best practices.
Also, are you looking for hands-on support to help you through the pre-assessment steps, readiness planning process and more? Learn about DirectTrust’s Consulting and Advisory Services which have been designed to support the Cloud-Enabled Accreditation Program.