The HNAP-70 Program, or the Healthcare Network Accreditation Plus Select SAS 70©¹ Criteria Program, was developed for organizations that process healthcare transactions – broadening the scope of audit and review beyond traditional SAS 70 audits. EHNAC provides a greater concentration on healthcare privacy and security by including HIPAA requirements and technical performance criteria specific to healthcare IT providers.

While SAS 70 focuses on general IT controls as well as financial systems such as general ledger, purchasing cycle, close cycle, etc., it does not specifically address healthcare aspects of security, privacy and confidentiality including the sensitive nature of Protected Healthcare Information (PHI). During the HNAP-70 accreditation process, EHNAC reviews all areas of an organization where PHI is handled in an ongoing, production basis.

EHNAC’s HNAP-70 program:

• Reduces risk to PHI and operations through the demonstration of a risk management program with effective controls that appropriately minimize threats.
• Prepares your organization for third party audits including HIPAA/HITECH compliance audits that are now being conducted for the Office of Civil Rights (OCR); trading partner audits (some payers require EHNAC accreditation as a condition of processing their transactions); and state compliance (EHNAC accreditation is required for processing healthcare transactions in the states of Maryland and New Jersey).
• Enhances trust for your customers, trading partners, and other stakeholders.

To begin the application process for HNAP-70 accreditation, please complete the pre-application form through our Web site.

¹SAS 70© is a proprietary term owned by the American Institute of Certified Public Accountants (AICPA).