EHNAC Announces Finalized 2023 Accreditation Criteria Versions for All Accreditation Programs
Key updates include those for 19 existing and 3 new programs; address capacity planning, utilization monitoring, and improved mapping to the NIST Cybersecurity Framework
FARMINGTON, Conn. – January 3, 2023 – The Electronic Healthcare Network Accreditation Commission (EHNAC), a non-profit standards development organization and accrediting body for organizations that electronically exchange healthcare data, today announced the release of new versions of program criteria for its 19 accreditation programs and 3 beta accreditation programs for use, starting January 1, 2023.
The new updates by the EHNAC Criteria Committee include addressing capacity planning and utilization monitoring criteria, as well as improvements to some of the criteria within ePAP-EHN. This year’s developments also include improved mapping to the NIST Cybersecurity Framework and various other clarifications and grammatical enhancements.
“We are excited about the finalization of this year’s criteria as these critical updates not only improve our existing programs, but also expand our accreditation offerings as we bring to the industry three new beta programs focused on Explanation of Provider Payments, CARIN Code of Conduct, and Privacy by Design,” said Lee Barrett, Executive Director and CEO of EHNAC. “We are continuously grateful for those who provided invaluable feedback as we continue to strengthen and advance our accreditation criteria so that industry stakeholders are at the forefront of legislative and regulatory revisions to ensure compliance while reducing risk of breach or cyberattack and assuring stakeholder trust.”
Following the standard, 60-day public comment period, EHNAC’s Criteria Committee and Commission have incorporated public feedback to finalize and adopt the enhanced and final criteria versions for the following nineteen accreditation programs:
- ACOAP – Accountable Care Organization Accreditation Program (V4.2)*
- DRAP – Data Registry Accreditation Program (V4.2)*
- DT P&S – DirectTrust Privacy & Security (V2.2)*
- EHNAC P&S – EHNAC Privacy & Security (V2.2)*
- ePAP-EHN – e-Prescribing Accreditation Program (V9.2)*
- EPCSCP-Pharmacy – Electronic Prescription of Controlled Substances Certification Program – Pharmacy Vendor (V4.3)
- EPCSCP-Prescribing – Electronic Prescription of Controlled Substances Certification Program – Prescribing Vendor (V4.3)
- FSAP-EHN – Financial Services Accreditation Program for Electronic Health Networks (V5.2)*
- FSAP-Lockbox – Financial Services Accreditation Program for Lockbox Services (V5.2)*
- HIEAP – Health Information Exchange Accreditation Program (V4.2)*
- HNAP-EHN – Healthcare Network Accreditation Program for Electronic Health Networks [Includes Payer] (V13.2)*
- HNAP-Medical Biller – Healthcare Network Accreditation Program for Medical Billers (V4.2)*
- HNAP-TPA – Healthcare Network Accreditation Program for Third Party Administrators (V4.2)*
- MSOAP – Management Service Organization Accreditation Program (V4.2)*
- OSAP – Outsourced Services Accreditation Program1 (V4.2)*1
- PMSAP – Practice Management System Accreditation Program (V4.2)*
- TDRAAP-Basic – Trusted Dynamic Registration & Authentication Accreditation Program Basic (V1.4)
- TDRAAP-Comprehensive – Trusted Dynamic Registration & Authentication Accreditation Program Comprehensive (V1.4)*
- TNAP-HIN – Trusted Network Accreditation Program (V2.1)
Criteria versions for the following three beta programs are also now released for use:
- EPPAP – Explanation of Provider Payment Accreditation Program (V1.0-Beta)
- CCCAP – CARIN Code of Conduct Accreditation Program (V1.0-Beta)
- PBDAP – Privacy by Design Accreditation Program (V1.0-Beta)
The EHNAC criteria for each of its accreditation programs sets the foundational requirements for measuring an organization’s ability to meet/align with federal and state healthcare reform mandates such as HIPAA/HITECH, 21st Century Cures Act, TEFCA and other mandates and best practices like NIST, for health care organizations focusing on the areas of privacy, security, cybersecurity, breach handling, confidentiality, best practices, procedures, and assets.
Healthcare industry stakeholders are encouraged to regularly visit www.ehnac.org to download and review the latest EHNAC criteria versions in full detail. Applicant candidates commencing the accreditation or re-accreditation process in 2023 will be required to adhere to these updated criteria versions.
The Electronic Healthcare Network Accreditation Commission (EHNAC) is a voluntary, self-governing standards development organization (SDO) established to develop standard criteria and accredit organizations that electronically exchange healthcare data. These entities include accountable care organizations, data registries, electronic health networks, EPCS vendors, e-prescribing solution providers, financial services firms, health information exchanges, health information service providers, management service organizations, medical billers, outsourced service providers, payers, practice management system vendors, third-party administrators, and trusted networks. The Commission is an authorized HITRUST CSF Assessor, making it the only organization with the ability to provide both EHNAC accreditation and HITRUST CSF certification.
EHNAC was founded in 1993 and is a tax-exempt 501(c)(6) nonprofit organization. Guided by peer evaluation, the EHNAC accreditation process promotes quality service, innovation, cooperation, and open competition in healthcare. To learn more, visit www.ehnac.org, contact firstname.lastname@example.org, or follow us on Twitter, LinkedIn and YouTube.
* Indicates that applicants may select from two distinct sets of security criteria:
- EHNAC Security criteria with Privacy based on HIPAA/HITECH, GDPR, CCPA, and Health and Wellness; and Security based on NIST 800-171 and NIST CSF (Cybersecurity Framework)
- HITRUST CSF Security Criteria, now updated to Version 9.6.2 of the HITRUST CSF
1OSAP includes 10 different accreditation programs tailored for Accountable Care Organization Technology Service Providers; Call Centers; Data Centers; DRP Facilities; Health Information Exchange Technology Service Providers; Media Storage; Network Administrators; Printing; Product Development; and Scanning.