HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

EHNAC and HITRUST Streamline Accreditation Processes

The Electronic Healthcare Network Accreditation Commission (EHNAC) and the Health Information Trust Alliance (HITRUST) have announced a new collaboration. The aim is to reduce – and hopefully eliminate – redundant assessments and their associated costs. It is hoped by streamlining the organizations’ accreditation and certification programs the benefits for industry stakeholders will be preserved, while much of the complexity of information protection and compliance will be eliminated.

EHNAC is an accreditation program for organizations that exchange healthcare information electronically, such as health information exchanges, health information service providers, accountable care organizations, medical billing companies, and electronic health networks. The HITRUST common risk and compliance management framework (CSF) is the most widely adopted security framework in the healthcare industry and is used by more than 84% of hospitals and health plans.

EHNAC and HITRUST mapped their respective programs and discovered a considerable overlap between EHNAC HIPAA-related privacy and security criteria and those of the HITRUST CSF. While there were clear differences between the controls used to determine compliance, in the most part they were only minor. A collaboration was the logical step to take to reduce the burden on industry stakeholders involved in multiple assessments.

The collaboration will see EHNAC replace its HIPAA-related privacy and security controls with HITRUST CSF provisions and controls, although it will retain its stakeholder-specific benefits. EHNAC will become the only standards development organization to be able to provide both EHNAC accreditation and HITRUST CSF certification. Any organization that has already achieved HITRUST CSF certification will be able to leverage its assessment to become accredited under one of EHNAC’s stakeholder-specific accreditation programs.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

“The healthcare industry is plagued by well-meaning yet inefficient processes, standards and protocols,” said HITRUST CEO Daniel Nutkis. “It is through this partnership with EHNAC, and potentially other like-minded standards organizations, that we are growing our vision of helping the industry eliminate the complexity relating to information protection and compliance.”

In a recent statement on the collaboration, Lee Barrett, executive director of EHNAC, said “It is an incredible win for the industry that our organizations partner together to, most importantly, ensure the security and compliance of the healthcare industry, but to also do so in a way that offers more leadership and efficiency, and less complexity, redundancy and costs.”

EHNAC and HITRUST have now called on other standards development organizations and auditors to follow suit and streamline their assessment processes and better align their accreditation and certification programs.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.