EHNAC Announces Finalized Criteria for Trusted Network Accreditation Program (TNAP) and Trusted Dynamic Registration & Authentication Program (TDRAAP)

Important updates include alignment with final TEFCA and addition of CARIN Code of Conduct

SIMSBURY, Conn. – July 19, 2022 – The Electronic Healthcare Network Accreditation Commission (EHNAC), a non-profit standards development organization and accrediting body for organizations that electronically exchange healthcare data, today announced the release of new criteria versions for three of its accreditation programs – the Trusted Network Accreditation Program (TNAP-QHIN) and the Trusted Dynamic Registration & Authentication Accreditation Programs (TDRAAP-Basic and TDRAAP-Comprehensive).

Key updates to both Basic and Comprehensive TDRAAP include the addition of criteria requiring the candidate to confirm the possibility of future testing due to emerging threats and other factors, for which the candidate will be provided at least 60 days advance notice. The finalized TDRAAP-Basic criteria require specific information regarding the client application under review and the TDRAAP-Comprehensive criteria now require specific information regarding the client or server applications under review. Additionally, both programs require results of UDAP testing and include the addition of CARIN Code of Conduct criteria for applicable organizations.

Developed through industry collaboration, the Trusted Network Accreditation Program (TNAP-QHIN) has been revised to align with the final publication of Trusted Exchange Framework and the Common Agreement (TEFCA). This program is designed for organizations that desire to become Qualified Health Information Networks (QHIN)* by providing Health Information Networks with a structured and comprehensive means of demonstrating the requirements of aligning with the TEFCA Common Agreement (CA) and QHIN Technical Framework (QTF). Earlier this year, EHNAC announced a partnership with HITRUST® to ensure the privacy and security requirements for TNAP align with the current guidance for TEFCA.

“Our industry is experiencing change at a rapid pace, and we must be ready to meet these new requirements as they arise, while holding security, confidentiality, integrity, and efficiency at the forefront when electronically exchanging healthcare data,” said Lee Barrett, Executive Director and CEO of EHNAC. “EHNAC’s three newly enhanced accreditation programs are designed to ensure compliance and stakeholder-trust while mitigating risk as organizations address these ever evolving legislative and regulatory revisions.”

Following the standard, 60-day public comment period, EHNAC’s Criteria Committee and Commission have incorporated public feedback to finalize and adopt the enhanced and final criteria versions for the following three accreditation programs:

  1. TDRAAP-Basic – Trusted Dynamic Registration & Authentication Accreditation Program Basic (V1.3)
  2. TDRAAP-Comprehensive¹ – Trusted Dynamic Registration & Authentication Accreditation Program Comprehensive (V1.3)
  3. TNAP-QHIN – Trusted Network Accreditation Program (V2.0)

The EHNAC criteria for each of its accreditation programs will establish the foundational requirements for measuring an organization’s ability to meet/align with federal and state healthcare reform mandates such as HIPAA/HITECH, 21st Century Cures Act, TEFCA, and other mandates and best practices like NIST, for health care organizations focusing on the areas of privacy, security, cybersecurity, breach handling, confidentiality, best practices, procedures, and asset management.

Healthcare industry stakeholders are encouraged to regularly visit to download and review the latest EHNAC criteria versions in full detail. Applicant candidates commencing the accreditation or re-accreditation process in 2022 will be required to adhere to these updated criteria versions.

¹ The TDRAAP-Comprehensive program is available with either EHNAC Security criteria or HITRUST CSF V9.5.1 Security criteria.
*Only the ONC-established Recognized Coordinating Entity (RCE) can designate that a Health Information Network is a QHIN.  

The Electronic Healthcare Network Accreditation Commission (EHNAC) is a voluntary, self-governing standards development organization (SDO) established to develop standard criteria and accredit organizations that electronically exchange healthcare data. These entities include accountable care organizations, data registries, electronic health networks, EPCS vendors, e-prescribing solution providers, financial services firms, health information exchanges, health information service providers, management service organizations, medical billers, outsourced service providers, payers, practice management system vendors, third-party administrators and trusted networks. The Commission is an authorized HITRUST CSF Assessor, making it the only organization with the ability to provide both EHNAC accreditation and HITRUST CSF certification.

EHNAC was founded in 1993 and is a tax-exempt 501(c)(6) nonprofit organization. Guided by peer evaluation, the EHNAC accreditation process promotes quality service, innovation, cooperation and open competition in healthcare. To learn more, visit, contact, or follow us on Twitter, LinkedIn and YouTube.