EHNAC and Announce Launch of Trusted Dynamic Registration & Authentication Accreditation Program

Supports scaling the interoperability requirements within ONC and related CMS Final Rules with a focus on technical standards; Enables trust and transparency for organizational and individual access to data 

FARMINGTON, Conn. – October 20, 2020 – The Electronic Healthcare Network Accreditation Commission (EHNAC), a non-profit standards development organization and accrediting body for organizations that electronically exchange healthcare data, today announced a collaboration with on the launch of the new Trusted Dynamic Registration & Authentication Accreditation Program (TDRAAP). Supporting interoperability requirements within the Office of the National Coordinator’s (ONC’s) Cures Act Final Rule and related CMS Interoperability and Patient Access Final Rule, TDRAAP is designed to help healthcare organizations and application developers demonstrate their ability to use trusted digital certificates for endpoint identity, registration, authentication and attribute discovery for electronic healthcare transactions in real-time.

“Through the creation of a technical and governance infrastructure, TDRAAP supports interoperability with a specific focus on technical standards enabling trust and transparency for both organizational and individual access to data,” said EHNAC Executive Director and CEO Lee Barrett. “We want everyone’s voice to be heard and invite all industry stakeholders to provide feedback to help guide the development of this important and very timely accreditation and technical certification program.”

Created for a number of healthcare stakeholders, TDRAAP offers candidates two program options: TDRAAP- Basic or TDRAAP-Comprehensive:

  • TDRAAP-Basic offers privacy and security self-attestation with targeted validation while the included UDAP technical framework certification demonstrates that an entity’s end-to-end API can be trusted by patients and other industry stakeholders. It is designed specifically for developers of consumer-facing apps, also referred to as a patient’s “App of their Choice,” as used in workflows mandated by ONC and CMS that include SMART app launch with individual sign-on. TDRAAP-Basic thus supports the use of individual queries for “one-patient-at-a-time FHIR data access” using the credentials issued by the healthcare system publishing the API for the Individual to access data.
  • TDRAAP-Comprehensive combines the extensive privacy and security requirements and in-depth validation of traditional EHNAC accreditation programs, with UDAP technical framework certification. It is designed for a diverse cross-section of organizations and systems choosing to demonstrate full HIPAA/HITECH Privacy Security compliance and supporting all relevant UDAP workflows including those for privileged client app or provider access such as in bulk data, broadcast, or targeted cross-organizational queries. Program candidates include payers, providers, mobile app developers, health information exchanges (HIEs), health information networks (HINs), identity and credential service providers, financial institutions, regulatory agencies, defense contractors, clearinghouses, as well as EHR, security, and cloud vendors.

“The open source UDAP profiles provide the ability to efficiently register and authenticate endpoints and applications, increasing confidence in FHIR and other open API transactions through the re-use of established, trusted identities and verified attributes,” said Julie Maas, CEO of EMR Direct and contributor. “We are excited to join EHNAC in bringing the industry a program for those seeking to signal enhanced security, privacy, and interoperability of their systems by certifying their compliance with the profiles. This empowers application developers, healthcare systems and other industry stakeholder organizations, patients, and other consumers with more efficient access to health data.”

The first draft criteria for TDRAAP v1.0 is now posted, along with new versions of program criteria for EHNAC’s 21 accreditation programs, for a 60-day public comment and review. During the review period, all interested stakeholders are encouraged to provide EHNAC with opinions, comments and suggestions that will prove helpful in determining the necessity, appropriateness and workability of the accreditation program. TDRAAP is scheduled to be released in January 2021, following an intensive beta program where several organizations will be selected as initial testing sites for its draft accreditation program.

The EHNAC criteria for each of its accreditation programs sets the foundational requirements for measuring an organization’s ability to meet/align with federal and state healthcare reform mandates such as HIPAA/HITECH, 21st Century Cures Act, TEFCA and other mandates and best practices like NIST, for health care organizations focusing on the areas of privacy, security, cybersecurity, breach handling, confidentiality, best practices, procedures and assets. Visit for more details.

The Electronic Healthcare Network Accreditation Commission (EHNAC) is a voluntary, self-governing standards development organization (SDO) established to develop standard criteria and accredit organizations that electronically exchange healthcare data. These entities include accountable care organizations, data registries, electronic health networks, EPCS vendors, e-prescribing solution providers, financial services firms, health information exchanges, health information service providers, management service organizations, medical billers, outsourced service providers, payers, practice management system vendors, third-party administrators and trusted networks. The Commission is an authorized HITRUST External Assessor, making it the only organization able to provide both EHNAC accreditation as well as to conduct HITRUST CSF assessment services.

EHNAC was founded in 1993 and is a tax-exempt 501(c)(6) nonprofit organization. Guided by peer evaluation, the EHNAC accreditation process promotes quality service, innovation, cooperation and open competition in healthcare. To learn more, visit, contact, or follow us on TwitterLinkedIn and YouTube.

The Unified Data Access Profiles (UDAP) published by increase confidence in open API transactions through the use of trusted identities and verified attributes. Interest in UDAP led to the development of additional implementation guides focused on key use cases in the deployment of reusable identities, including Dynamic Client Registration and Tiered OAuth. The profiles can be used to help scale the secure use of open APIs, while also protecting the personal information of network participants. To learn more about UDAP, visit, or follow @udapTools on Twitter.