Incorporated within this change includes: HIPAA/HITECH privacy, security and breach handling; National Institute of Standards and Technology (NIST) 800-171 (including elements of 800-53), NIST 800-66, and NIST CSF (Cybersecurity Framework); core EU General Data Protection Regulation (GDPR) requirements; core California Consumer Privacy Act (CCPA) requirements; and Personal Health and Wellness Data privacy guidelines. In addition to enhancing EHNAC’s accreditation programs with criteria that will support certain international and state privacy and security requirements, the new criteria also includes expanded scoring options. This change aligns with EHNAC’s strategic program and service improvements. EHNAC has also released a Privacy & Security Toolkit
to assist with policy development.
“While we typically release criteria updates annually, EHNAC strongly believes it is important that we remain flexible and attentive to the changes we see impacting our rapidly evolving healthcare ecosystem,” said Lee Barrett, CEO and executive director of EHNAC. “Continuing to ensure the highest levels of stakeholder-trust and assisting organizations to achieve their third-party assurance requirements is paramount to healthcare organizations and we appreciate the partnership we have with the industry to help assure their corporate risk strategies. Additionally, EHNAC has focused on development of its new image and our expanded offerings over the past year including recent announcements about our toolkit, acceptance from CMS for the Data at the Point of Care Pilot, and our newly enhanced Review with Accreditation Report and Scorecard.”
Initially, we are assessing the EHNAC P&S – EHNAC Privacy & Security (V2.0)
The EHNAC criteria for each of its accreditation programs sets the foundational requirements for measuring an organization’s ability to meet/align with federal and state healthcare reform mandates such as HIPAA/HITECH, 21st Century Cures Act, TEFCA and other mandates and best practices like NIST, for health care organizations focusing on the areas of privacy, security, cybersecurity, breach handling, confidentiality, best practices, procedures and assets. Visit www.ehnac.org
for more details.
The Electronic Healthcare Network Accreditation Commission (EHNAC) is a voluntary, self-governing standards development organization (SDO) established to develop standard criteria and accredit organizations that electronically exchange healthcare data. These entities include accountable care organizations, data registries, electronic health networks, EPCS vendors, e-prescribing solution providers, financial services firms, health information exchanges, health information service providers, management service organizations, medical billers, outsourced service providers, payers, practice management system vendors, third-party administrators and trusted networks. The Commission is an authorized HITRUST External Assessor, making it the only organization able to provide both EHNAC accreditation as well as to conduct HITRUST CSF assessment services.
EHNAC was founded in 1993 and is a tax-exempt 501(c)(6) nonprofit organization. Guided by peer evaluation, the EHNAC accreditation process promotes quality service, innovation, cooperation and open competition in healthcare. To learn more, visit www.ehnac.org, contact [email protected], or follow us on Twitter, LinkedIn and YouTube.