EHNAC Announces Finalized 2019 Accreditation Criteria Versions for All Accreditation Programs

January 9, 2019

The Electronic Healthcare Network Accreditation Commission (EHNAC), a non-profit standards development organization and accrediting body for organizations that electronically exchange healthcare data, announced today the release of new criteria versions for all 18 of its accreditation programs for use starting January 1, 2019. 

Significant updates to the 2019 criteria include the upgrade of all 18 stakeholder-specific accreditation programs to HITRUST CSF® Version 9.1. This update, incorporated by EHNAC in September of this year, includes the addition of EU General Data Protection Regulation (GDPR) and New York State Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500). In addition to enhancing EHNAC's accreditation programs with criteria that will support GDPR and NYCRR requirements, all 18 accreditation programs will include new criteria regarding the use of international vendors and locations as well as added third-party Cloud Service Provider (CSP) criteria. 
Healthcare industry stakeholders are encouraged to regularly visit the EHNAC website to download and review the latest EHNAC criteria versions in full detail. Applicant candidates commencing the accreditation or re-accreditation process in 2019 will be required to adhere to these updated criteria versions.
Following the standard, 60-day public comment period, EHNAC's criteria committee and commission has incorporated public feedback to finalize and adopt the enhanced and final criteria versions for the following accreditation programs:
  1. ACOAP - Accountable Care Organization Accreditation Program (V3.2)
  2. CEAP - Cloud Enabled Accreditation Program1 (V1.3)
  3. DRAP - Data Registry Accreditation Program (V3.2)
  4. DTAAP-CA - Direct Trusted Agent Accreditation Program for Certificate Authorities (V3.2)
  5. DTAAP-RA - Direct Trusted Agent Accreditation Program for Registration Authorities (V3.2)
  6. ePAP-EHN - e-Prescribing Accreditation Program (V8.2)
  7. EPCSCP-Pharmacy - Electronic Prescription of Controlled Substances Certification Program - Pharmacy Vendor (V3.2)
  8. EPCSCP-Prescribing - Electronic Prescription of Controlled Substances Certification Program - Prescribing Vendor (V3.2)
  9. FSAP-EHN - Financial Services Accreditation Program for Electronic Health Networks (V4.2)
  10. FSAP-Lockbox - Financial Services Accreditation Program for Lockbox Services (V4.2)
  11. HIEAP - Health Information Exchange Accreditation Program (V3.2)
  12. HISP P&S - Health Information Service Providers, Privacy and Security  (V1.1) 
  13. HNAP-EHN - Healthcare Network Accreditation Program for Electronic Health Networks [Includes Payer] (V12.2)
  14. HNAP-Medical Biller - Healthcare Network Accreditation Program for Medical Billers (V3.2)
  15. HNAP-TPA - Healthcare Network Accreditation Program for Third Party Administrators (V3.2)
  16. MSOAP - Management Service Organization Accreditation Program (V3.2)
  17. OSAP - Outsourced Services Accreditation Program2 (V3.2)
  18. PMSAP - Practice Management System Accreditation Program (V3.2)
The EHNAC criteria for each of its accreditation programs sets the foundational requirements for measuring an organization's ability to meet federal and state healthcare reform mandates such as HIPAA, Omnibus, ARRA/HITECH, ACA and other mandates for covered entities and business associates focusing on the areas of privacy, security, confidentiality, best practices, procedures and assets. Visit for more details or to review the latest EHNAC criteria.
The Cloud Enabled Accreditation Program has been modified for 2019. Many criteria covered by the prerequisite to use only FedRAMP-certified CSPs has been eliminated.
OSAP includes 10 different accreditation programs tailored for Accountable Care Organization Technology Service Providers; Call Centers; Data Centers; DRP Facilities; Health Information Exchange Technology Service Providers; Media Storage; Network Administrators; Printing; Product Development; and Scanning. Support has been added for accrediting Cloud Service Providers to OSAP. 

See the latest posts on our homepage Share

Topic Area: Press Release

Recent Posts
Recent Posts

California Funds Security for Reproductive Health Facilities

Grants will fund physical and digital security enhancements at healthcare facilities and practitioner offices that might be the target of violence and vandalism.


Methodist Hospital Emergency Department Doubles in Size

The three-year project saw the renovation and expansion of the Methodist Hospital Emergency Department completed.


UCLA Health Alerts Patients of Compromised Data

An analytics tool may have captured and transmitted health data to the third-party service providers.


Healthcare Facilities Embrace Modular Construction

Healthcare facilities have leaned on modular construction for quick builds with less waste.


UPMC Western Behavioral Health Opens New Facility to Increase Community Access

The new facility will expand UPMC’s behavioral health services.



News & Updates • Webcast Alerts • Building Technologies

All fields are required.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

You Might Like