Programs and Criteria

Our Programs

We’re proud to offer a wide variety of accreditation and certification programs! Learn more about each program through the links below.

Looking for our program Criteria? Find the Criteria for each accreditation and certification program at the bottom of this page.

Accountable Care Organizations

Today’s Accountable Care Organizations (ACOs) have taken the lead in driving the value-based care model and placing the importance of improving patient outcomes above all else.

CARIN
Code of Conduct

This program enables health plans, health systems, EHR vendors, implementers of HL7® FHIR®-based APIs, and third-party app developers to demonstrate their support of secure consumer access to health data.

Certificate
Authorities

This program recognizes that an organization operates at a very high level of privacy, security, and trust in identity, and signals to users/subscribers that it is a trustworthy agent and service provider for issuing certificates for Direct Secure Messaging. Accreditation also means that its anchor certificates may be included in the DirectTrust Network, and for use by relying parties in Direct exchange.

Data
Registry

This program assesses health information and oversight for meeting privacy and security, HIPAA, HITECH, 21st Century Cures Act, Omnibus Rule and ACA requirements, as well as technical performance, business processes and resource management.

DirectTrust Privacy and Security

This program accredits organizations against our core criteria including privacy and security, customer service, business practices, personnel requirements, third-party cloud service providers, and more.

e-Prescribing

These programs assess electronic prescribing transactions for compliance with industry standards and government regulations and provide an organization’s existing and prospective customers with confidence that appropriate risk-based security and privacy controls are in place and key performance metrics are being met on an ongoing basis.

Financial Services

These programs ensure that your organization follows HIPAA security and privacy rules, supports ASC X12N 835 for electronic remittance advice transactions, and meets a range of criteria applicable specifically to financial electronic health networks. In addition, achieving accreditation assures your customers that their business partner follows industry-established standards for processing payment and other transactions involving protected health information.

Health Information Exchanges

This program assesses technical performance, business processes, and resource management.

Health Information Service Providers (HISP)

This program recognizes that an organization operates at a very high level of privacy, security, and trust in identity, and signals to users/subscribers that it is a trustworthy agent and service provider for Direct Secure Messaging.

Healthcare Network

These accreditation programs indicate that you exceed industry-established standards and comply with HIPAA regulations in areas such as privacy and confidentiality measures, level-of-service and escalation procedures, transaction response times, and systems availability.

Management Service Organization

This program assesses organizations that offer centralized administrative and hosted technology services. This includes organizations that provide electronic health record systems for healthcare providers, ensuring that protected health information (PHI) is stored, accessed and/or transmitted in a private and secure manner. Other areas of focus for this program include privacy and confidentiality, technical performance, business processes, resources, and security.

Outsourced Services

These programs assess your organization in areas such as privacy and confidentiality measures, level-of-service and escalation procedures, transaction response times, and systems availability. It also assesses the security infrastructure and data integrity measures including disaster recovery, business continuity, contingency plans, and intrusion detection and response.

Practice Management System

The program provides a comprehensive review of Practice Management System vendors in the areas of privacy, security, mandated standards, and operating rules, as well as key operational functions.

Registration Authorities (RA)

This program recognizes that an organization operates at a very high level of privacy, security, and trust in identity, and signals to users/subscribers that it is a trustworthy agent and service provider for Direct Secure Messaging. Accreditation also means that its anchor certificates may be included in the DirectTrust Network, and for use by relying parties in Direct exchange.

Trusted Dynamic Registration and Authentication

This program is designed to help healthcare organizations demonstrate their ability to use trusted digital certificates for endpoint identity, registration, authentication, and attribute discovery for electronic healthcare transactions in real-time.

Trusted Network

This program provides third-party review with accreditation for Trusted Exchange participants, rights management, as well as compliance with TEFCA regulatory requirements.

Program Criteria

All of the DirectTrust criteria can be downloaded from this page by selecting the program you are interested in. If this is an updated version, it will have the accompanying Release Notes, which indicate changes in the criteria from the previous version.

DirectTrust Assessors use a rating method to determine overall compliance with criteria. Applicants in candidacy status must meet the requirements of all MANDATORY criteria and must achieve an overall score of at least 85%, including responses to all non-mandatory criteria, to achieve full accreditation (subject to Commission approval). The Assessor will assign a score of 0 – 5 (in whole numbers) for each criterion in scope, based upon an applicant’s ability to demonstrate compliance. A score of 0 through 3 results in “Not Met” and a score of 4 or 5 results in “Met” in the final report. All Mandatory criteria must achieve a score of 4 or 5 or the entire accreditation fails.

Apply for Accreditation

See Accredited Organizations