Dedicated to providing the latest
HIPAA compliance news

EHNAC and HITRUST Streamline Accreditation Processes

Share this article on:

The Electronic Healthcare Network Accreditation Commission (EHNAC) and the Health Information Trust Alliance (HITRUST) have announced a new collaboration. The aim is to reduce – and hopefully eliminate – redundant assessments and their associated costs. It is hoped by streamlining the organizations’ accreditation and certification programs the benefits for industry stakeholders will be preserved, while much of the complexity of information protection and compliance will be eliminated.

EHNAC is an accreditation program for organizations that exchange healthcare information electronically, such as health information exchanges, health information service providers, accountable care organizations, medical billing companies, and electronic health networks. The HITRUST common risk and compliance management framework (CSF) is the most widely adopted security framework in the healthcare industry and is used by more than 84% of hospitals and health plans.

EHNAC and HITRUST mapped their respective programs and discovered a considerable overlap between EHNAC HIPAA-related privacy and security criteria and those of the HITRUST CSF. While there were clear differences between the controls used to determine compliance, in the most part they were only minor. A collaboration was the logical step to take to reduce the burden on industry stakeholders involved in multiple assessments.

The collaboration will see EHNAC replace its HIPAA-related privacy and security controls with HITRUST CSF provisions and controls, although it will retain its stakeholder-specific benefits. EHNAC will become the only standards development organization to be able to provide both EHNAC accreditation and HITRUST CSF certification. Any organization that has already achieved HITRUST CSF certification will be able to leverage its assessment to become accredited under one of EHNAC’s stakeholder-specific accreditation programs.

“The healthcare industry is plagued by well-meaning yet inefficient processes, standards and protocols,” said HITRUST CEO Daniel Nutkis. “It is through this partnership with EHNAC, and potentially other like-minded standards organizations, that we are growing our vision of helping the industry eliminate the complexity relating to information protection and compliance.”

In a recent statement on the collaboration, Lee Barrett, executive director of EHNAC, said “It is an incredible win for the industry that our organizations partner together to, most importantly, ensure the security and compliance of the healthcare industry, but to also do so in a way that offers more leadership and efficiency, and less complexity, redundancy and costs.”

EHNAC and HITRUST have now called on other standards development organizations and auditors to follow suit and streamline their assessment processes and better align their accreditation and certification programs.

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On