EHNAC Releases New Criteria for Health IT Accreditation Programs

The Electronic Healthcare Network Accreditation Commission (EHNAC), a non-profit health IT data standards development organization, has released the finalized criteria for its three accreditation programs.

The enhanced criteria programs include the Trusted Dynamic Registration & Authentication Accreditation Program (TDRAAP-Basic and TDRAAP-Comprehensive) and the Trusted Network Accreditation Program (TNAP-QHIN).

The EHNAC criteria for its three accreditation programs aim to create foundational requirements that measure an organization’s ability to meet federal and state healthcare regulation like HIPAA/HITECH, the 21st Century Cures Act, Trusted Exchange Framework and Common Agreement (TEFCA), and other mandates that focus on privacy, security, cybersecurity, breach handling, confidentiality, best practices, procedures, and asset management.

“Our industry is experiencing change at a rapid pace, and we must be ready to meet these new requirements as they arise, while holding security, confidentiality, integrity, and efficiency at the forefront when electronically exchanging healthcare data,” Lee Barrett, executive director and CEO of EHNAC, said in the press release. “EHNAC’s three newly enhanced accreditation programs are designed to ensure compliance and stakeholder-trust while mitigating risk as organizations address these ever evolving legislative and regulatory revisions.”

EHNAC created TDRAAP to help healthcare organizations and app developers demonstrate their ability to use trusted digital certificates for endpoint identity, registration, authentication, and attribute discovery for real-time electronic healthcare transactions.

Updates to the TDRAAP-Basic and TDRAAP-Comprehensive require results of UDAP testing from applicants, EHNAC stated.

Both accreditation programs will encompass criteria that require applicants to confirm the possibility of future testing due to emerging threats and other factors, for which the candidate will be provided at least 60 days' advance notice.

TDRAAP-Basic finalized criteria also seek specific information regarding the client application under review. Similarly, TDRAAP-Comprehensive standards will now require detailed information regarding the client or server applications under consideration.

In addition, TDRAAP-Basic and TDRAAP will include the CARIN Code of Conduct criteria for applicable organizations.

EHNAC revised TNAP-QHIN to align the criteria with TEFCA requirements.

TNAP provides third-party accreditation for healthcare exchange entities such as qualified health information networks (QHINs), participants, health information exchanges (HIEs), accountable care organizations, and data registries to better secure patient information.

Through TNAP, healthcare entities can gear up to become QHINs, as the program aims to provide structured and comprehensive means that demonstrate alignment with the TEFCA Common Agreement (CA) and QHIN Technical Framework (QTF).

Earlier this year, EHNAC and HITRUST partnered to ensure health data security requirements for TNAP aligned with TEFCA guidance. The organizations will provide additional updates as ONC releases future versions of TEFCA.

"EHNAC and HITRUST are committed to ensuring that all organizations are able to adhere to the latest best practices and standards in privacy and security while meeting federal and state compliance mandates," Barrett said in a separate press release.

"That's why it's critical for programs like TNAP to have the support of leading Standards Development Organizations," Barrett continued. "The value add to the program is immeasurable when ensuring stakeholder-trust in today's complex and cyber risk-based healthcare ecosystem."