Integration & Interoperability News

EHNAC, HITRUST Partner to Strengthen TNAP Health Data Security

EHNAC and HITRUST have announced a collaboration that aims to ensure health data security requirements for TNAP align with TEFCA guidance.

EHNAC, HITRUST Partner to Strengthen TNAP Health Data Security

Source: Getty Images

By Hannah Nelson

- The Electronic Healthcare Network Accreditation Commission (EHNAC) and HITRUST have announced a partnership to strengthen the health data security framework of the Trusted Network Accreditation Program (TNAP).

TNAP provides third-party accreditation for healthcare exchange entities such as qualified health information networks (QHINs), participants, health information exchanges (HIEs), accountable care organizations, and data registries.

Through TNAP, EHNAC assesses an organization's ability to align with Trusted Exchange Framework and Common Agreement (TEFCA) requirements, including leveraging the HITRUST CSF for data privacy and security.

"EHNAC and HITRUST are committed to ensuring that all organizations are able to adhere to the latest best practices and standards in privacy and security while meeting federal and state compliance mandates," Lee Barrett, EHNAC executive director and CEO, noted in a press release.

"That's why it's critical for programs like TNAP to have the support of leading Standards Development Organizations," Barrett continued. "The value add to the program is immeasurable when ensuring stakeholder-trust in today's complex and cyber risk-based healthcare ecosystem."

HITRUST and EHNAC are working together to ensure the privacy and security requirements for TNAP (based on the HITRUST CSF) support the current guidance for TEFCA. The organizations will provide additional updates as ONC releases future versions of TEFCA.

The HITRUST CSF addresses security, privacy, and regulatory challenges facing organizations in many industries, including healthcare.

Organizations that obtain the HITRUST Risk-based, Two-year (r2) Certification and EHNAC Accreditation demonstrate that they can reach the highest data protection and privacy standards.

"Incorporating HITRUST r2 Certification as a requirement of TNAP enables organizations that may rely on a TNAP accreditation to know that the accreditation's standards for privacy and security are appropriate given the risk posed and compliance requirements," said Steve Baram, HITRUST executive vice president of customer engagement.

"This is of utmost importance as we seek to enable further interoperability in general and the TEFCA system in particular," he added.

Organizations applying for TNAP accreditation can select one of two programs: TNAP-QHIN accreditation or TNAP-Participant/Participant Member accreditation.

Healthcare information networks (HINs) that desire to align with TEFCA should select the TNAP-QHIN certification. TNAP-Participant/Participant Member accreditation is for those organizations that plan to participate in a QHIN or with an entity participating in a QHIN through another source.

"As an assessor for HITRUST, EHNAC is the only organization able to provide EHNAC accreditation and conduct HITRUST assessment services," Barrett explained. "Organizations that obtain HITRUST Certification may also leverage assessment reporting to obtain accreditation for any of EHNAC's 20 stakeholder-specific accreditation programs, including TNAP."