Trusted Network Accreditation Program

The Trusted Network Accreditation Program (TNAP) was developed to directly align with the development of the 21st Century Cures Act required Trusted Exchange Framework and Common Agreement (TEFCA). TNAP seeks to promote interoperability by assuring the security and privacy of trusted networks and the use of enabling technologies in the healthcare ecosystem. The program provides third-party review with accreditation for Trusted Exchange participants, addressing existing security and privacy compliance mandates, and rights management, as well as compliance with new TEFCA regulatory requirements.

TEFCA will affect a diverse group of industry stakeholders including Qualified Health Information Networks (QHINs), Health Information Exchanges (HIEs), Accountable Care Organizations (ACOs), data registries, labs, providers, payers, vendors and suppliers – and TNAP has been designed to address their needs.

TNAP reviews organizations in the areas of privacy, security, mandated standards and operating rules, and key operational functions. The accreditation program assesses an organization’s ability to comply with privacy and security, HIPAA, HITECH including Omnibus Rule, ARRA and ACA legislative reform provisions as applicable, as well as technical performance, business processes and resource management. The comprehensive third-party review provides an additional level of confidence for QHINs and other organizations that are under competitive pressures to continually ensure compliance with regulatory requirements, business metrics and best practices.

The Trusted Network Accreditation Program ensures a consistent focus on privacy, security and other core industry requirements including a focus on organizational structure, delineation of third parties and their contractual and agency statuses, PHI data flow, business practices and management of human and physical resources. TNAP criteria is publicly reviewed and enhanced at a minimum of once per year, and more often when necessary due to regulatory requirements or other significant factors.

Developed through a coalition of industry collaborators, TNAP is:

  • Built on the HITRUST CSF privacy and security framework
  • Designed to affirm compliance with General Data Protection Regulation (GDPR) requirements
  • Vendor and technology agnostic to support blockchain and other enabling technologies

EHNAC follows a structured, transparent and industry-inclusive process that provides for continual improvement. Criteria for the Trusted Network Accreditation Program will be available on the EHNAC Criteria Page.

To begin the application process for Trusted Network Accreditation Program, please email or complete the application form.

“Now is the time for our industry to work together to close privacy and security gaps across networks, address vulnerabilities across HIPAA compliance, cyber protection and ransomware prevention, address authentication and ID verification issues all the while assuring the highest levels of stakeholder trust.”

-Lee Barrett, Executive Director & CEO, EHNAC