EHNAC and HITRUST: Creating the highest standards for healthcare data privacy and security
The HITRUST CSF certification – when attained in conjunction with the industry-specific EHNAC accreditation – demonstrates to business partners and prospects your commitment to the highest standards of data privacy and security.
EHNAC provides 18+ specific healthcare programs which include but are not limited to HIE’s, ePrescribers, clearinghouses and billing organizations. Each program contains many stakeholder specific requirements (unique to each program and their data handling responsibilities). In addition to these requirements, EHNAC and HITRUST have worked together to align privacy and security requirements to benefit those candidates who choose to combine their programs.
The HITRUST CSF provides a comprehensive HIPAA privacy and security review, including HITECH and other applicable regulatory drivers such as PCI DSS, FTC Red Flags Rules and the FDA, etc. The process includes a review of an organization’s risk management program and cyber readiness, and ensures consistency and accuracy of reporting on requirements for covered entities and business associates.
EHNAC is the only organization with the ability to provide both EHNAC accreditation and HITRUST CSF certification.
-Ken Vander Wal, CCO, HITRUST
-Chris Kroner, Information Assurance Officer, PokitDok
Why choose EHNAC as your HITRUST CSF Assessor?
By selecting EHNAC as your organization’s HITRUST CSF Assessor, documentation required for the privacy and security requirements of the different frameworks are significantly similar such that internal compliance resource time, hassle and redundancy preparing for them will be significantly reduced. What’s more, EHNAC Site Reviewers are also HITRUST Practitioners, meaning that, in many cases, the number of site visits may be reduced to obtain HITRUST CSF certification and EHNAC accreditation and may therefore reduce costs. Benefits include:
- Using EHNAC for your HITRUST CSF assessment provides consistency between HITRUST certification and EHNAC accreditation programs for HIPAA privacy and security compliance.
- Organizations achieving HITRUST certification will have 100% of their privacy and security credited to their EHNAC accreditation.
- Organizations that already have EHNAC accreditation will have developed the majority of their HIPAA-related HITRUST CSF privacy and security to apply to that certification.
- EHNAC site reviewers are also HITRUST Practitioners, making it easier for organizations to undergo audits.
- Obtaining both HITRUST CSF certification and EHNAC accreditation at the same time significantly reduces the time, expense and redundancy needed to prepare documentation and undergo required site visits.
- EHNAC is participating on key HITRUST workgroups, advocating strong continuing education and industry requirements regarding privacy and security are communicated and included in future CSF versions.