Streamlined Accreditation Processes for EHNAC and HITRUST

The Health Information Trust Alliance and the Electronic Healthcare Network Accreditation Commission (EHNAC) and t(HITRUST) have revealed a new collaboration. The aim is to lessen – and hopefully completely prevent – redundant assessments and their associated financial costs. Additionally it is hoped by streamlining the organizations’ accreditation and certification programs the benefits for industry stakeholders will be maintained, while much of the complexity of information security and compliance will be eliminated.

EHNAC is an accreditation program for bodies that exchange healthcare information electronically, such as health information exchanges, health information service providers, accountable care organizations, medical billing companies, and electronic health networks. The HITRUST common risk and compliance management framework (CSF) is the most widely used security framework in the healthcare industry and is the system used by more than 84% of hospitals and health plans.

EHNAC and HITRUST mapped their respective programs and found a major overlap between EHNAC HIPAA-related privacy and security structures and those of the HITRUST CSF. While there were large differences between the controls used to govern compliance, in the most part they were only small. A collaboration was the logical step to take to lessen the burden on industry stakeholders involved in multiple assessments.

This new collaboration will see EHNAC replace its HIPAA-related privacy and security controls with HITRUST CSF provisions and measures, although it will keep its stakeholder-specific advantages. EHNAC will become the sole standards development body which is able to provide both EHNAC accreditation and HITRUST CSF certification. Any organization that has already gained HITRUST CSF certification will be able to use its assessment to become accredited under one of EHNAC’s stakeholder-specific accreditation programs.

“The healthcare industry is plagued by well-meaning yet inefficient processes, standards and protocols,” stated HITRUST CEO Daniel Nutkis. “It is through this partnership with EHNAC, and potentially other like-minded standards organizations, that we are growing our vision of helping the industry eliminate the complexity relating to information protection and compliance.”

In a recent official release on the collaboration, Lee Barrett, executive director of EHNAC, said “It is an incredible win for the industry that our organizations partner together to, most importantly, ensure the security and compliance of the healthcare industry, but to also do so in a way that offers more leadership and efficiency, and less complexity, redundancy and costs.”

EHNAC and HITRUST have now urged other standards development organizations and auditors to do the same and and streamline their assessment processes and put in place improved alignment between their accreditation and certification programs.