EHNAC’s Cloud-Enabled accreditation program (CEAP) provides a higher level of stakeholder confidence for organizations under competitive pressures to demonstrate the rigor and structure of cloud-enabled platforms and applications. Developed by industry-peers, CEAP is offered exclusively for the users of FedRAMP-authorized services offered by Cloud Service Providers (CSPs) – regardless of the healthcare data exchange model (public/private cloud) the CSP supports.
In response to the privacy and security challenges of healthcare data exchange across the cloud, EHNAC’s Cloud-Enabled Accreditation Program establishes a trust framework between stakeholders and recognizes superior capabilities through the extensive review in the areas of privacy, security, mandated standards and key operational functions. CEAP assesses health information and oversight for meeting privacy and security including, HIPAA, HITECH, Omnibus Rule and ACA requirements, as well as technical performance, business processes and resource management. The comprehensive CEAP program requires that its own unique criteria be met by candidate organizations, which includes the demonstration of additional coordination with the CSP vendor.
This program is available to organizations who are already accredited or have become candidates of at least one other EHNAC-accreditation program (the primary program). CEAP is always a Multiple Program, where CEAP is the secondary accreditation program. There is always an additional Site Visit day associated with CEAP accreditation. Interested organizations who are not currently accredited by EHNAC may apply but must also apply and ultimately achieve accreditation for another primary EHNAC accreditation program in addition to CEAP.
If an organization has achieved HITRUST Assessment with Certification covering BOTH Privacy and Security, and if that assessment covered the full scope of the areas EHNAC will be reviewing, then CEAP will not be required. The Organization will be required to submit their full HITRUST Assessment Report for EHNAC’s review.
The accreditation program’s criteria, standards and framework create a core set of requirements for compliance. In addition, the program:
- Ensures stakeholder trust for managing healthcare data exchange across cloud-enabled networks;
- Reviews the key functions of platform structure under FedRAMP guidelines including the areas of: integrity, portability, interoperability, compliance monitoring, reporting and industry accreditation; and
- Serves as a baseline for the CSP FedRAMP-standard platform service for stakeholders to assure compliance with federal guidelines and industry adopted frameworks and best practices.