Management Service Organizations

The MSOAP program assesses organizations that offer centralized administrative and hosted technology services, such as electronic health records, to healthcare providers to assure that protected health information (PHI) is stored, accessed and/or transmitted in a private and secure manner. Other areas of focus include privacy and confidentiality, technical performance, business processes, resources and security.

In the process of a thorough, objective MSOAP evaluation, your organization will identify strategies and tactics to improve efficiency, elevate quality of service, and remain current with existing marketplace trends.

EHNAC’s MSOAP program

  • Reduces risk to PHI and operations through the demonstration of a risk management program with effective controls that appropriately minimize threats
  • Prepares your organization for third party audits including trading partner audits (some payers require EHNAC accreditation as a condition of processing their transactions) and state compliance (EHNAC accreditation is required for processing healthcare transactions in the states of Maryland and New Jersey)
  • Enhances trust for your customers, trading partners, and other stakeholders

To begin the application process for the Management Service Organization (MSOAP) program, please complete the application form through our website.  Program criteria are located on the criteria page.


Here’s what a couple MSO-accredited organizations recently said about the program:

“Going through the EHNAC MSO accreditation process has enabled Syndicus to enhance its business model, and establish policies, procedures and other standard practices to more effectively help Maryland healthcare providers to both adopt EHRs and comply with local, state and federal regulations.” 

-Michael McNees, President and CEO, Syndicus, Inc.


“Becoming EHNAC MSO accredited not only exemplifies our organization’s commitment to comply with rigorous industry standards, it also complements our HIPAA Privacy and Security Program and has proven extremely beneficial in moving GBMC toward meeting Meaningful Use requirements around risk assessment and analysis.”

-Stacey L. McGreevy, CPA, Chief Audit Executive and Compliance Officer, GBMC HealthCare, Inc.