HITRUST Certification

EHNAC and HITRUST: Creating the highest standards for healthcare data privacy and security

The HITRUST CSF certification – when attained in conjunction with the industry-specific EHNAC accreditation – demonstrates to business partners and prospects your commitment to the highest standards of data privacy and security.

EHNAC provides 18+ specific healthcare programs which include but are not limited to HIE’s, ePrescribers, clearinghouses and billing organizations. Each program contains many stakeholder specific requirements (unique to each program and their data handling responsibilities).  In addition to these requirements, EHNAC and HITRUST have worked together to align privacy and security requirements to benefit those candidates who choose to combine their programs.

The HITRUST CSF provides a comprehensive HIPAA privacy and security review, including HITECH and other applicable regulatory drivers such as PCI DSS, FTC Red Flags Rules and the FDA, etc.  The process includes a review of an organization’s risk management program and cyber readiness, and ensures consistency and accuracy of reporting on requirements for covered entities and business associates.

EHNAC is the only organization with the ability to provide both EHNAC accreditation and HITRUST CSF certification.

“We are pleased to have EHNAC as a CSF Assessor to help healthcare organizations with the process of adopting and utilizing the CSF’s requirements. Their long-standing expertise and leadership in health IT privacy and security solutions make EHNAC a perfect addition to our program.”

-Ken Vander Wal, CCO, HITRUST

“As the leading healthcare platform-as-a-service, PokitDok is revolutionizing how healthcare organizations bring new applications and services to market. After completing the OSAP-HIE and CEAP accreditations, we were confident that no auditor would be more thorough than EHNAC, nor have a better understanding of how data moves within healthcare. That’s why we selected them again when we decided to pursue HITRUST certification. Being the first company to complete the joint EHNAC & HITRUST assessment signifies to our customers that security is paramount with PokitDok.”

-Chris Kroner, Information Assurance Officer, PokitDok

 

Why choose EHNAC as your HITRUST CSF Assessor?

By selecting EHNAC as your organization’s HITRUST CSF Assessor, documentation required for the privacy and security requirements of the different frameworks are significantly similar such that internal compliance resource time, hassle and redundancy preparing for them will be significantly reduced.  What’s more, EHNAC Site Reviewers are also HITRUST Practitioners, meaning that, in many cases, the number of site visits may be reduced to obtain HITRUST CSF certification and EHNAC accreditation and may therefore reduce costs. Benefits include:

  • Using EHNAC for your HITRUST CSF assessment provides consistency between HITRUST certification and EHNAC accreditation programs for HIPAA privacy and security compliance.
  • Organizations achieving HITRUST certification will have 100% of their privacy and security credited to their EHNAC accreditation.
  • Organizations that already have EHNAC accreditation will have developed the majority of their HIPAA-related HITRUST CSF privacy and security to apply to that certification.
  • EHNAC site reviewers are also HITRUST Practitioners, making it easier for organizations to undergo audits.
  • Obtaining both HITRUST CSF certification and EHNAC accreditation at the same time significantly reduces the time, expense and redundancy needed to prepare documentation and undergo required site visits.
  • EHNAC is participating on key HITRUST workgroups, advocating strong continuing education and industry requirements regarding privacy and security are communicated and included in future CSF versions.

Click Here to Apply for HITRUST Certification