EHNAC Announces Finalized 2020 Accreditation Criteria Versions for All Accreditation Programs

January 23, 2020

Electronic Healthcare Network Accreditation Commission (EHNAC), a non-profit standards development organization and accrediting body for organizations that electronically exchange healthcare data, announced today the release of new criteria versions for all 18 of its accreditation programs for use starting January 1, 2020.

Significant updates to the 2020 criteria include the evolution of two Direct Trusted Agent programs (DTAAP-CA, DTAAP-RA) to accreditation offerings by DirectTrust. DirectTrust Privacy & Security (DT P&S) accredits against HIPAA Privacy and Security requirements for organizations pursuing DirectTrust accreditation as a HISP, a Certificate Authority and/or a Registration Authority. The EHNAC Privacy & Security (EHNAC P&S) program accredits organizations utilizing EHNAC's core criteria including privacy and security, customer service, business practices, personnel requirements, third-party cloud service providers, and more. This program is applicable for organizations with stakeholder-specific services that are not addressed by any of EHNAC's other accreditation programs.

"EHNAC continues to establish standard criteria and to accredit organizations that electronically exchange healthcare data for security, confidentiality, accountability and efficiency," said Lee Barrett, Executive Director and CEO of EHNAC. "These latest enhancements to EHNAC's accreditation programs demonstrate the commitment of our criteria committee and commission to address the latest legislative and regulatory revisions, best practices and other modifications to help organizations assure compliance, assess risks and remain competitive."

In addition, 2020 criteria updates include those for the Trusted Network Accreditation Programs (TNAP), designed to address alignment with TEFCA and 21st Century Cures Act: TNAP-Participant/Participant Member and TNAP-QHIN. Details on those programs can be found  here.

"We invite Qualified Health Information Networks (QHINs) and Participants under TEFCA to learn more about the TNAP accreditation program by visiting the TNAP website. If you already have attained HITRUST CSF certification for privacy and security, you can apply for TNAP today by visiting the  EHNAC website," added Barrett.

Following the standard, 60-day public comment period, EHNAC's Criteria Committee and Commission has incorporated public feedback to finalize and adopt the enhanced and final criteria versions for the following 18 accreditation programs:
• ACOAP - Accountable Care Organization Accreditation Program (V3.5)
• DRAP - Data Registry Accreditation Program (V3.5)
• DT P&S - DirectTrust Privacy & Security (V1.1)
• ePAP-EHN - e-Prescribing Accreditation Program (V8.5)
• EHNAC P&S - EHNAC Privacy & Security (V1.1)
• EPCSCP-Pharmacy - Electronic Prescription of Controlled Substances Certification Program - Pharmacy Vendor (V3.5)
• EPCSCP-Prescribing - Electronic Prescription of Controlled Substances Certification Program - Prescribing Vendor (V3.5)
• FSAP-EHN - Financial Services Accreditation Program for Electronic Health Networks (V4.5)
• FSAP-Lockbox - Financial Services Accreditation Program for Lockbox Services (V4.5)
• HIEAP - Health Information Exchange Accreditation Program (V3.5)
• HNAP-EHN - Healthcare Network Accreditation Program for Electronic Health Networks [Includes Payer] (V12.5)
• HNAP-Medical Biller - Healthcare Network Accreditation Program for Medical Billers (V3.5)
• HNAP-TPA - Healthcare Network Accreditation Program for Third Party Administrators (V3.5)
• MSOAP - Management Service Organization Accreditation Program (V3.5)
• OSAP - Outsourced Services Accreditation Program1 (V3.5)
• PMSAP - Practice Management System Accreditation Program (V3.5)
• TNAP-Participant/Participant Member - Trusted Network Accreditation Program - Participant/Participant Member (V1.1)
• TNAP-QHIN - Trusted Network Accreditation Program - QHIN (V1.1)
The EHNAC criteria for each of its accreditation programs establishes the foundational requirements for measuring an organization's ability to meet federal and state healthcare reform mandates such as HIPAA, 21st Century Cures, Omnibus, ARRA/HITECH, ACA and other mandates for covered entities and business associates focusing on the areas of privacy, security, confidentiality, best practices, procedures and assets.
Healthcare industry stakeholders are encouraged to regularly visit to download and review the latest EHNAC criteria versions in full detail. Applicant candidates commencing the accreditation or re-accreditation process in 2020 will be required to adhere to these updated criteria versions.
OSAP includes 10 different accreditation programs tailored for Accountable Care Organization Technology Service Providers; Call Centers; Data Centers; DRP Facilities; Health Information Exchange Technology Service Providers; Media Storage; Network Administrators; Printing; Product Development; and Scanning
See the latest posts on our homepage


Topic Area: Press Release

Recent Posts
Recent Posts

Newly approved machine can decontaminate 80,000 respirator masks a day

The decontamination system uses vapor phase hydrogen peroxide to decontaminate the masks


A photo tour of the first 1,000-bed temporary hospital at the Javits Center

The Army Corp of Engineers have identified four additional sites for temporary hospitals


Healthcare facilities in Nebraska are experimenting with new equipment disinfecting technique

Ultraviolet light is being used to decontaminate medical supplies at the University of Nebraska Medical Center in Omaha



Applying lessons learned from 9/11 biodefense response to the COVID-19 pandemic

The most important lesson to learn is to fight the current war and plan for the next, but don’t fight the last war



Southwestern Vermont Medical Center feeds the hungry with surplus food

Between July 2016 and the end of 2019, the program has produced 61,365 meals


Post Comment


News & Updates • Webcast Alerts • Building Technologies

All fields are required.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.