EHNAC Enhances All Accreditation Programs with Integration of Cloud-Focused Criteria


Public Review Period for this Criteria Extends through March 18


FARMINGTON, Conn. – January 16, 2019 – The Electronic Healthcare Network Accreditation Commission (EHNAC), a non-profit standards development organization and accrediting body for organizations that electronically exchange healthcare data, announced today that it has posted new versions of its third-party Cloud Service Provider (CSP) requirements for 60-day public comment review strengthening all its accreditation programs. This move replaces EHNAC’s Cloud Enabled Accreditation Program (CEAP) and allows those organizations who use a Third-Party CSP to more efficiently demonstrate the rigor and structure of cloud-enabled platforms and applications.

“Cloud-enabled technology offerings are becoming ubiquitous in healthcare and are helping to shape the future of our industry,” said Lee Barrett, executive director of EHNAC. “This 60-day public comment review period will allow for commentary and suggestions regarding the proposed enhancement to our accreditation programs allowing all accreditation candidates to select additional cloud criteria from within their current program so they can meet demanding CSP requirements without applying for a second accreditation.”

Cloud criteria within EHNAC’s accreditation programs help establish a trust framework between stakeholders and recognizes superior capabilities through an extensive review in the areas of privacy, security, mandated standards and key operational functions. The new cloud criteria will be available through all accreditation programs as of April 2, 2019, while the Cloud Enabled Accreditation Program will be phased out. Current CEAP-accredited organizations will maintain their status throughout their two-year accreditation period.

Barrett added: “Ensuring the privacy and security of data across public cloud service platforms is a complex challenge and EHNAC is dedicated to helping organizations address privacy and security vulnerabilities of exchanging healthcare data across the cloud.”

During the 60-day public review period, all interested stakeholders are encouraged to provide EHNAC with opinions, comments and suggestions that will prove helpful in determining the necessity, appropriateness and workability of the criteria versions proposed for this interim release scheduled for April 2, 2019.

The EHNAC criteria for each of its accreditation programs sets the foundational requirements for measuring an organization’s ability to meet federal and state healthcare reform mandates such as HIPAA, Omnibus, ARRA/HITECH, ACA and other mandates for covered entities and business associates focusing on the areas of privacy, security, confidentiality, best practices, procedures and assets. Visit for more details or to review the latest EHNAC criteria.

The Electronic Healthcare Network Accreditation Commission (EHNAC) is a voluntary, self-governing standards development organization (SDO) established to develop standard criteria and accredit organizations that electronically exchange healthcare data. These entities include accountable care organizations, data registries, electronic health networks, EPCS vendors, e-prescribing solution providers, financial services firms, health information exchanges, health information service providers, management service organizations, medical billers, outsourced service providers, payers, practice management system vendors and third-party administrators. The Commission is an authorized HITRUST CSF Assessor, making it the only organization with the ability to provide both EHNAC accreditation and HITRUST CSF certification.

EHNAC was founded in 1993 and is a tax-exempt 501(c)(6) nonprofit organization. Guided by peer evaluation, the EHNAC accreditation process promotes quality service, innovation, cooperation and open competition in healthcare. To learn more, visit, contact, or follow us on Twitter, LinkedIn and YouTube.