Streamlined Accreditation Processes for EHNAC and HITRUST

by | Oct 22, 2016

The Health Information Trust Alliance and the Electronic Healthcare Network Accreditation Commission (EHNAC) and t(HITRUST) have revealed a new collaboration. The aim is to lessen – and hopefully completely prevent – redundant assessments and their associated financial costs. Additionally it is hoped by streamlining the organizations’ accreditation and certification programs the benefits for industry stakeholders will be maintained, while much of the complexity of information security and compliance will be eliminated.

EHNAC is an accreditation program for bodies that exchange healthcare information electronically, such as health information exchanges, health information service providers, accountable care organizations, medical billing companies, and electronic health networks. The HITRUST common risk and compliance management framework (CSF) is the most widely used security framework in the healthcare industry and is the system used by more than 84% of hospitals and health plans.

EHNAC and HITRUST mapped their respective programs and found a major overlap between EHNAC HIPAA-related privacy and security structures and those of the HITRUST CSF. While there were large differences between the controls used to govern compliance, in the most part they were only small. A collaboration was the logical step to take to lessen the burden on industry stakeholders involved in multiple assessments.

This new collaboration will see EHNAC replace its HIPAA-related privacy and security controls with HITRUST CSF provisions and measures, although it will keep its stakeholder-specific advantages. EHNAC will become the sole standards development body which is able to provide both EHNAC accreditation and HITRUST CSF certification. Any organization that has already gained HITRUST CSF certification will be able to use its assessment to become accredited under one of EHNAC’s stakeholder-specific accreditation programs.

“The healthcare industry is plagued by well-meaning yet inefficient processes, standards and protocols,” stated HITRUST CEO Daniel Nutkis. “It is through this partnership with EHNAC, and potentially other like-minded standards organizations, that we are growing our vision of helping the industry eliminate the complexity relating to information protection and compliance.”

In a recent official release on the collaboration, Lee Barrett, executive director of EHNAC, said “It is an incredible win for the industry that our organizations partner together to, most importantly, ensure the security and compliance of the healthcare industry, but to also do so in a way that offers more leadership and efficiency, and less complexity, redundancy and costs.”

EHNAC and HITRUST have now urged other standards development organizations and auditors to do the same and and streamline their assessment processes and put in place improved alignment between their accreditation and certification programs.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy