EHNAC provides multiple reports to organizations that have achieved accreditation, each intended for a specific audience. EHNAC does not control how these reports are shared, we only provide recommendations. Here is a listing of the reports we provide with most of our programs, along with the intended use for each:
Executive Summary Report:
Developed for senior management, providing a concise summary of the overall review.
Includes the detailed criteria and responses, along with specific recommendations identified to be addressed prior to the next accreditation cycle. Because this report is so comprehensive, it may also be helpful in satisfying third party assessment questionnaires.
Summary Report for Third Parties:
This is the report intended for third parties that have an interest in the accreditation status but don’t require the detailed information.
Recognized Security Practices (HIPAA Safe Harbor Law) Reports:
According to the 2021 H.R. 7898 – Public Law 116-321 (also known as the “HIPAA Safe Harbor Law”), in order for an organization to avail themselves of decreased enforcement penalties/fines and audit scrutiny, each HIPAA Covered Entity and/or Business Associate must be able to demonstrate compliance with Recognized Security Practices for at least a 12-month period of time. EHNAC accreditation demonstrates compliance against these Recognized Security Practices. Therefore, this report provides confirmation of compliance with HIPAA Security, the NIST Cybersecurity Framework, the applicable components of the HITECH Breach Act as well as the relevant components of HIPAA Privacy. Also, NIST SP 800-171 Rev2 scoring is provided, demonstrating compliance against the specified NIST 800-53 Rev 4 families of security controls per the 800-171 Rev 2 framework. The organization’s compliance against these standards is provided in graphical format.