HITRUST Certification

EHNAC and HITRUST: Creating the highest standards for healthcare data privacy and security

The HITRUST CSF certification – when attained in conjunction with the industry-specific EHNAC accreditation – demonstrates to business partners and prospects your commitment to the highest standards of data privacy and security.

EHNAC provides 18+ specific healthcare programs which include but are not limited to HIE’s, ePrescribers, clearinghouses and billing organizations. Each program contains many stakeholder specific requirements (unique to each program and their data handling responsibilities).  In addition to these requirements, EHNAC and HITRUST have worked together to align privacy and security requirements to benefit those candidates who choose to combine their programs.

The HITRUST CSF provides a comprehensive HIPAA privacy and security review, including HITECH and other applicable regulatory drivers such as PCI DSS, FTC Red Flags Rules and the FDA, etc.  The process includes a review of an organization’s risk management program and cyber readiness, and ensures consistency and accuracy of reporting on requirements for covered entities and business associates.

EHNAC is the only organization with the ability to provide both EHNAC accreditation and HITRUST CSF certification.

“We are pleased to have EHNAC as a CSF Assessor to help healthcare organizations with the process of adopting and utilizing the CSF’s requirements. Their long-standing expertise and leadership in health IT privacy and security solutions make EHNAC a perfect addition to our program.”

-Ken Vander Wal, CCO, HITRUST


“Because the healthcare industry is continuously faced with data and security issues involving PHI, it is important to us at Alpha II to not only provide credibility, but to also add strength to our technology solutions. The HITRUST CSF® certification of our solutions proves our commitment to maintaining the integrity of healthcare data for our partners and clients by providing a stamp of approval from a recognized independent source. EHNAC’s HITRUST Assessor has been instrumental in helping Alpha II complete our HITRUST Certification and HITRUST Interim Review in a timely manner.”

-Stuart Newsome, CPCO, VP, Corporate & Client Experience, Alpha II


“MedAllies decided to pursue HITRUST CSF certification to achieve security maturity levels meeting both industry best practices and regulatory requirements. Based on excellent past experiences with EHNAC, MedAllies chose to partner with them again as its HITRUST third party assessor. While the HITRUST process can be rigorous from attestation to validation with its breadth of domains and controls, EHNAC has made the experience as efficient as could be with utmost professionalism and deep knowledge of the framework.”

-Ethan Yehud, Chief Information Security Officer, MedAllies


Why choose EHNAC as your HITRUST CSF Assessor?

By selecting EHNAC as your organization’s HITRUST CSF Assessor, documentation required for the privacy and security requirements of the different frameworks are significantly similar such that internal compliance resource time, hassle and redundancy preparing for them will be significantly reduced.  What’s more, EHNAC Site Reviewers are also HITRUST Practitioners, meaning that, in many cases, the number of site visits may be reduced to obtain HITRUST CSF certification and EHNAC accreditation and may therefore reduce costs. Benefits include:

  • Using EHNAC for your HITRUST CSF assessment provides consistency between HITRUST certification and EHNAC accreditation programs for HIPAA privacy and security compliance.
  • Organizations achieving HITRUST certification will have 100% of their privacy and security credited to their EHNAC accreditation.
  • Organizations that already have EHNAC accreditation will have developed the majority of their HIPAA-related HITRUST CSF privacy and security to apply to that certification.
  • EHNAC site reviewers are also HITRUST Practitioners, making it easier for organizations to undergo audits.
  • Obtaining both HITRUST CSF certification and EHNAC accreditation at the same time significantly reduces the time, expense and redundancy needed to prepare documentation and undergo required site visits.
  • EHNAC is participating on key HITRUST workgroups, advocating strong continuing education and industry requirements regarding privacy and security are communicated and included in future CSF versions.

Also, are you looking for hands-on support to help you through the pre-assessment steps, readiness planning process and more? Learn about EHNAC’s Consulting and Advisory Services which have been designed to support HITRUST Certification.

Click Here to Apply for HITRUST Certification