Financial Services

FSAP has positioned EHNAC as a nationally recognized accreditation authority for financial institutions and vendors who process protected health information, manage insurance payments, or provide revenue cycle management services. FSAP ensures that your organization follows HIPAA security and privacy rules, supports ASC X12N 835 for electronic remittance advice transactions, and meets a range of criteria applicable specifically to financial electronic health networks. FSAP-accreditation assures your customers that their business partner follows industry-established standards for processing payment and other transactions involving protected health information.

EHNAC evaluates each FSAP applicant against sixteen financial criteria and three criteria that apply exclusively to financial and banking electronic health networks. Organizations are evaluated on technical requirements, timeliness of transactions, customer service, system availability, capacity, storage and retrieval, and other factors.

To review why it is critical for financial organizations to evaluate risk and implement proper controls with respect to healthcare data, see the “Compliance Guidelines for Financial Institutions in the Healthcare Sector: HITECH and the HIPAA Privacy and Security Rules” white paper published jointly by EHNAC, the Workgroup for Electronic Data Interchange (WEDI), Healthcare Information and Management Systems Society (HIMSS) Medical Banking Project, and The Electronic Payments Association (NACHA).

Because we recognize the unique needs of this market niche, EHNAC offers two types of FSAP Accreditation to more closely match your situation.

FSAP-EHN demonstrates that an organization meets a high standard of quality in handling protected health information as well as ensuring that it follows industry-established criteria for processing payments and other financial transactions. Some highlights of the criteria include:

  • HNAP-EHN criteria with enhancements appropriate for the financial services industry
  • Additional criteria to ensure the accredited organization’s general IT controls are more comprehensive to assist in the preparation of other audits, such as SSAE 16 (formerly SAS 70) or Sarbanes-Oxley16

FSAP-Lockbox differs from the other EHNAC programs in that certain performance metrics are modified or not included. For instance, a lockbox operation does not receive standards-based transactions. Also, specific document handling and delivery criteria are unique to this program.

Both of the FSAP programs:

  • Reduce risk to PHI and operations through the demonstration of a risk management program with effective controls that appropriately minimize threats.
  • Prepare your organization for third party audits including HIPAA/HITECH compliance audits that are now being conducted for the Office of Civil Rights (OCR); trading partner audits (some payers require EHNAC accreditation as a condition of processing their transactions); and state compliance (EHNAC accreditation is required for processing healthcare transactions in the states of Maryland and New Jersey).
  • Enhance trust for your customers, trading partners, and other stakeholders.


To begin the application process for the Financial Services (FSAP) program, please complete the application form through our website. Program criteria are located on the criteria page.


Here’s what a couple FSAP-accredited organizations recently said about the program:

“InstaMed integrates healthcare and payment transactions, two of the most regulated and scrutinized industries, so we place compliance and security as a top priority. The fact that we are the first organization to achieve the EHNAC HNAP and FSAP accreditations is a testament to our commitment to meeting the highest industry standards for security and enables us to grow the InstaMed Network securely.”

-Chris Seib, Chief Technology Officer and Co-Founder InstaMed


“PNC is accredited by EHNAC for healthcare clearinghouse and healthcare lockbox services, and we are also proud to have met EHNAC requirements for 5010 readiness in July 2011. The EHNAC accreditation process has provided a rigorous independent assessment of our healthcare business processes, which has assisted us in providing continued excellent service to our provider and payer clients in a dynamic industry environment.”

– Jeff Troutman, Executive Vice President PNC Healthcare