EHNAC and Offer Roadmap for Interoperability Requirements with the Launch of TDRAAP Star Level Glide Path

New structure provides industry with a roadmap to increased scalability and security

WEST HARTFORD, Conn. – April 6, 2021 – The Electronic Healthcare Network Accreditation Commission (EHNAC), a non-profit standards development organization and accrediting body for organizations that electronically exchange healthcare data, in collaboration with, today announced the launch of the Trusted Dynamic Registration & Authentication Accreditation Program (TDRAAP) Star Level Glide Path. Through this new program structure, healthcare stakeholders – including application developers, healthcare systems and payer organizations – are provided with a roadmap offering a consistent methodology to be followed by the industry during the collective move from the basic use of OAuth 2.0, to a more scalable and efficient framework providing advanced security and scalability through reusable client application, server, identity provider and end user credentials.

The TDRAAP Star Level Glide Path offers levels of authentication on a one through five star scale. As built into the rules of the program, basic OAuth 2.0 authorization code flow is the baseline level. From there, organizations are encouraged to advance along the Glide Path incorporating the use of the Unified Data Access Profiles (UDAP), until they ultimately reach level five, which promotes the broadest scalability, greatest security and the best cost savings for clients, servers, identity services and patients.

“With the release of the final Cures Act and related CMS Interoperability and Patient Access rules, it is clear the ability to efficiently register and authenticate endpoints is a core component of interoperability,” said EHNAC Executive Director and CEO Lee Barrett. “The Glide Path offers stakeholders with a roadmap to help navigate the healthcare information highway as organizations are being required to implement new standards for handling data, and EHNAC provides the privacy and security assurance while we leverage this new technical framework.”

“Attaining a star level – one through five – on the Glide Path signals, with transparency, the specific UDAP workflows in which a participant is ready to exchange with others. This improves interoperability and reduces friction while preserving privacy and increasing transaction security confidence,” said Julie Maas, CEO of EMR Direct and contributor. “The Star level format was developed in response to community feedback and we expect it will allow application developers, healthcare systems and other industry stakeholder organizations to more easily indicate their current cross-system capabilities, accelerating secure access to health data across organizational boundaries.”

In October 2020, EHNAC and launched the TDRAAP. Supporting interoperability requirements within the Office of the National Coordinator’s (ONC’s) Cures Act Final Rule and related CMS Interoperability and Patient Access Final Rule, TDRAAP is designed to help healthcare organizations and application developers demonstrate their ability to use trusted digital certificates for endpoint identity, registration, authentication and attribute discovery or validation for electronic healthcare transactions in real-time.

The Electronic Healthcare Network Accreditation Commission (EHNAC) is a voluntary, self-governing standards development organization (SDO) established to develop standard criteria and accredit organizations that electronically exchange healthcare data. These entities include accountable care organizations, data registries, electronic health networks, EPCS vendors, e-prescribing solution providers, financial services firms, health information exchanges, health information service providers, management service organizations, medical billers, outsourced service providers, payers, practice management system vendors, third-party administrators and trusted networks. The Commission is an authorized HITRUST External Assessor, making it the only organization able to provide both EHNAC accreditation as well as to conduct HITRUST CSF assessment services.

EHNAC was founded in 1993 and is a tax-exempt 501(c)(6) nonprofit organization. Guided by peer evaluation, the EHNAC accreditation process promotes quality service, innovation, cooperation and open competition in healthcare. To learn more, visit, contact, or follow us on TwitterLinkedIn and YouTube.

The Unified Data Access Profiles (UDAP) published by increase confidence in open API transactions through the use of trusted identities and verified attributes. Interest in UDAP workflows led to the development of profiles and implementation guides focused on use cases for trusted endpoints and reusable identities, including Trusted Dynamic Client Registration, JWT-Based Authentication, Tiered OAuth, and other profiles listed at The profiles can be used to help scale the secure use of open APIs, while also protecting the personal information of network participants. To learn more about UDAP, visit, or follow @udapTools on Twitter.