EHNAC Releases New 2019 Accreditation Criteria Versions for Public Review Through Dec. 6
Most significant criteria changes to the organization’s accreditation programs includes incorporation
of GDPR and New York State Cybersecurity Requirements
FARMINGTON, Conn. – October 1, 2018 – The Electronic Healthcare Network Accreditation Commission (EHNAC), a non-profit standards development organization and accrediting body for organizations that electronically exchange healthcare data, announced today that it has posted new versions of program criteria of its 18 accreditation programs for public review. The open process for adopting criteria will commence on Oct. 1, 2018 and end on Dec. 6, 2018.
Significant updates to the 2019 criteria include the upgrade of all 18 stakeholder-specific accreditation programs to HITRUST CSF® Version 9.1. This update, incorporated by EHNAC in September of this year, includes the addition of EU General Data Protection Regulation (GDPR) and New York State Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500). In addition to enhancing EHNAC’s accreditation programs with criteria that will support GDPR and NYCRR requirements, all 18 accreditation programs will include new criteria regarding the use of international vendors and locations as well as added third-party Cloud Service Provider (CSP) criteria.
During the 60-day public review period, all interested stakeholders are encouraged to provide EHNAC with opinions, comments and suggestions that will prove helpful in determining the necessity, appropriateness and workability of the criteria versions proposed for 2019.
The 18 enhanced criteria programs and the new version numbers associated include:
- ACOAP – Accountable Care Organization Accreditation Program (V3.2)
- CEAP – Cloud Enabled Accreditation Program1 (V1.3)
- DRAP – Data Registry Accreditation Program (V3.2)
- DTAAP-CA – Direct Trusted Agent Accreditation Program for Certificate Authorities (V3.2)
- DTAAP-HISP P&S – Direct Trusted Agent Accreditation Program for Health Information Service Providers (V1.1)
- DTAAP-RA – Direct Trusted Agent Accreditation Program for Registration Authorities (V3.2)
- ePAP-EHN – e-Prescribing Accreditation Program (V8.2)
- EPCSCP-Pharmacy – Electronic Prescription of Controlled Substances Certification Program – Pharmacy Vendor (V3.2)
- EPCSCP-Prescribing – Electronic Prescription of Controlled Substances Certification Program – Prescribing Vendor (V3.2)
- FSAP-EHN – Financial Services Accreditation Program for Electronic Health Networks (V4.2)
- FSAP-Lockbox – Financial Services Accreditation Program for Lockbox Services (V4.2)
- HIEAP – Health Information Exchange Accreditation Program (V3.2)
- HNAP-EHN – Healthcare Network Accreditation Program for Electronic Health Networks [Includes Payer] (V12.2)
- HNAP-Medical Biller – Healthcare Network Accreditation Program for Medical Billers (V3.2)
- HNAP-TPA – Healthcare Network Accreditation Program for Third Party Administrators (V3.2)
- MSOAP – Management Service Organization Accreditation Program (V3.2)
- OSAP – Outsourced Services Accreditation Program2 (V3.2)
- PMSAP – Practice Management System Accreditation Program (V3.2)
1The Cloud Enabled Accreditation Program has been modified for 2019. Many criteria covered by the prerequisite to use only FedRAMP-certified CSPs has been eliminated.
2OSAP includes 10 different accreditation programs tailored for Accountable Care Organization Technology Service Providers; Call Centers; Data Centers; DRP Facilities; Health Information Exchange Technology Service Providers; Media Storage; Network Administrators; Printing; Product Development; and Scanning. Support has been added for accrediting Cloud Service Providers to OSAP.
The Electronic Healthcare Network Accreditation Commission (EHNAC) is a voluntary, self-governing standards development organization (SDO) established to develop standard criteria and accredit organizations that electronically exchange healthcare data. These entities include accountable care organizations, data registries, electronic health networks, EPCS vendors, e-prescribing solution providers, financial services firms, health information exchanges, health information service providers, management service organizations, medical billers, outsourced service providers, payers, practice management system vendors and third-party administrators. The Commission is an authorized HITRUST CSF Assessor, making it the only organization with the ability to provide both EHNAC accreditation and HITRUST CSF certification.
EHNAC was founded in 1993 and is a tax-exempt 501(c)(6) nonprofit organization. Guided by peer evaluation, the EHNAC accreditation process promotes quality service, innovation, cooperation and open competition in healthcare. To learn more, visit www.ehnac.org, contact email@example.com, or follow us on Twitter, LinkedIn and YouTube.