DirectTrust Releases New Health IT Accreditation Criteria for Review

DirectTrust, a non-profit healthcare industry alliance created to support secure, identity-verified electronic exchanges of protected health information, has posted new versions of program criteria for 19 of its health IT accreditation programs for public review and comment.

The open process for adopting criteria began on September 22 and will end on November 28, 2023.

DirectTrust's Electronic Healthcare Network Accreditation Commission (EHNAC) governs the organization's accreditation and certification programs.

The criteria review process aims to allow health information exchange (HIE) stakeholders to voice their recommendations and shape standards-based health IT accreditation.

Updates include the elimination of duplicate criteria for programs with the HITRUST security option, as well as various clarifications and grammatical enhancements.

New enhancements also aim to ensure consistent alignment of criteria within the Accountable Care Organization, Data Registry, Health Information Exchange, and the Outsourced Services Accreditation Programs with their corresponding DirectTrust versions.

The completed merger of EHNAC into DirectTrust this year led to the discontinuation of the EHNAC Privacy and Security Accreditation program, leaving the DirectTrust Privacy and Security Accreditation Program in place.

Other key updates for 2024 include the criteria within the DirectTrust Electronic Prescription of Controlled Substances Certification Program for Pharmacy Vendors and the DirectTrust Electronic Prescription of Controlled Substances Certification Program for Prescribing Vendors, which have been updated to improve support of FDA Code of Federal Regulations Title 21 § 1311.

Criteria versions for the following 19 enhanced programs are available for review:

1. Accountable Care Organization Accreditation Program (ACOAP) - v4.3*
2. Data Registry Accreditation Program (DRAP) - v4.3*
3. DirectTrust Privacy & Security - v4.3*
4. E-Prescribing Accreditation Program (ePAP-EHN) - v9.3*
5. Electronic Prescription of Controlled Substances Certification Program for Pharmacy Vendors (EPCSCP-Pharmacy) - v4.4
6. Electronic Prescription of Controlled Substances Certification Program for Prescribing Vendors (EPCSCP-Prescribing) - v4.4
7. Financial Services Accreditation Program for Electronic Health Networks (FSAP-EHN) - v5.3
8. Financial Services Accreditation Program for Lockbox Services (FSAP-Lockbox) - v5.3*
9. Health Information Exchange Accreditation Program (HIEAP) - v4.3*
10. Healthcare Network Accreditation Program for Electronic Health Networks - Includes Payer (HNAP-EHN) - v13.3*
11. Healthcare Network Accreditation Program for Medical Billers (HNAP-Medical Biller) - v4.3)*
12. Healthcare Network Accreditation Program for Third Party Administrators (HNAP-TPA) - v4.3*
13. Management Service Organization Accreditation Program (MSOAP) - v4.3*
14. Outsourced Services Accreditation Program (OSAP) 1 - v4.3*1
15. Practice Management System Accreditation Program (PMSAP) - v4.3*
16. Trusted Dynamic Registration & Authentication Accreditation Program Basic (TDRAAP-Basic) - v1.5
17. Trusted Dynamic Registration & Authentication Accreditation Program Comprehensive - (TDRAAP-Comprehensive) - v1.5*
18. Trusted Network Accreditation Program for Qualified Health Information Network (QHIN) Applicants (TNAP-QHIN) - v2.2
19. Trusted Network Accreditation Program for Qualified Health Information Network (QHIN) Participants (TNAP-Participant) - v2.1

* Indicates that applicants may select from two distinct sets of security criteria:

• DirectTrust Security criteria with Privacy based on HIPAA/HITECH, GDPR, CCPA, and Health and Wellness; and Security based on NIST 800-171 and NIST CSF (Cybersecurity Framework)
• HITRUST CSF Security Criteria, now updated to Version 9.6.2 of the HITRUST CSF