EHNAC Seeks Public Review and Comment of New Criteria for Five Programs

Standards development organization solicits input from industry stakeholders on accreditation criteria

FARMINGTON, Conn. – October 1, 2008 – The Electronic Healthcare Network Accreditation Commission (EHNAC), a non-profit standards development organization and accrediting body, announced today that it has posted five new versions of program criteria for general public review and comment.

Parties are requested to provide opinions, comments and suggestions of the upgraded criteria versions for EHNAC’s Healthcare Network Accreditation Program (HNAP-EHN) and e-Prescribing Accreditation Program (ePAP), as well as the first versions of EHNAC’s Financial Services Accreditation Program (FSAP-EHN), Financial Services Lockbox Program (FSAP-Lockbox) and Healthcare Network Accreditation Plus Select SAS 70(©)1 Criteria Program (HNAP-70), each of which are proposed for adoption. The comment period will last 60 days, commencing on Oct. 1, 2008 and ending on Nov. 30, 2008.

“EHNAC prides itself on our thorough and appropriate evaluation criteria as well as our open process for adopting those criteria,” says Mark Gingrich, commissioner and criteria committee chair of EHNAC. “We encourage all parties that have an interest in these areas to participate in providing their feedback with regard to the necessity, appropriateness and workability of the criteria versions proposed for adoption.”

The latest version of EHNAC’s HNAP-EHN has been revised in coordination with evolving industry standards. HNAP accreditation recognizes excellence in health data processing and transactions, and indicates compliance with industry-established standards and HIPAA regulations. The new changes to the criteria include:

  • Modifications and additions to the criteria to better align with the CMS-published “Information Request for Onsite Compliance Reviews”
  • Elimination or combination of similar criteria
  • Addition of new “Mandatory” designations as recommended by the EHNAC Criteria Committee
  • Miscellaneous updates including timing requirements for DRP recovery, shredding requirements, and minor wording changes
  • Scoring changes such that now an overall average is computed rather than an averaging of scores achieved per section.

The updated version of EHNAC’s ePAP has been modified to incorporate feedback received from industry professionals, with changes to better evaluate and account for healthcare organizations’ technical environments. ePAP accreditation ensures quality business performance through compliance with all necessary and relevant industry-established guidelines, standards and criteria. The new changes to the criteria include:

  • Alignment with HNAP-EHN HIPAA Privacy and Security criteria for consistency
  • Addition of new “Mandatory” designations for consistency with the HNAP program logic
  • Scoring changes such that now an overall average is computed rather than an averaging of scores achieved per section

In addition to the two updated versions of criteria for HNAP-EHN and ePAP, EHNAC has developed the first stand-alone version of its FSAP-EHN and has also introduced the new FSAP-Lockbox and HNAP-70 programs.

FSAP-EHN demonstrates that an organization meets a high standard of quality in handling protected health information as well as ensuring that it follows industry-established criteria for processing payments and other financial transactions. Some highlights of the criteria include:

  • HNAP-EHN criteria with enhancements appropriate for financial service industry
  • Additional criteria to ensure the accredited organization’s general IT controls are more comprehensive to assist in the preparation of other audits, such as SAS 70 or Sarbanes-Oxley.

FSAP-Lockbox differs from the other EHNAC programs in that certain performance metrics are modified or not included. For instance, a lockbox operation does not receive standards-based transactions. Also, specific document handling and delivery criteria are unique to this program.

Finally, HNAP-70 has been introduced to meet the goal some organizations have expressed for an EHNAC program that ensures their general IT controls are more comprehensive to assist in the preparation of other audits, such as SAS 70(©)1  or Sarbanes-Oxley.

1 SAS 70(©) is a proprietary term owned by the American Institute of Certified Public Accountants (AICPA).

The Electronic Healthcare Network Accreditation Commission (EHNAC) is a voluntary, self-governing standards development organization (SDO) established to develop standard criteria and accredit organizations that electronically exchange healthcare data. These entities include electronic health networks, payers, financial services firms and e-prescribing solution providers.

EHNAC was founded in 1993 and is a tax-exempt 501(c)(6) nonprofit organization.

Guided by peer evaluation, the EHNAC accreditation process promotes quality service, innovation, cooperation and open competition in healthcare. To learn more, visit or contact