The Electronic Healthcare Network Accreditation Commission (EHNAC), a non-profit standards development organization and accrediting body for organizations that electronically exchange healthcare data, announced today that it has posted new versions of its third-party Cloud Service Provider (CSP) requirements for 60-day public comment review strengthening all its accreditation programs. This move replaces EHNAC's Cloud Enabled Accreditation Program (CEAP) and allows those organizations who use a Third-Party CSP to more efficiently demonstrate the rigor and structure of cloud-enabled platforms and applications.
"Cloud-enabled technology offerings are becoming ubiquitous in healthcare and are helping to shape the future of our industry," said Lee Barrett, executive director of EHNAC. "This 60-day public comment review period will allow for commentary and suggestions regarding the proposed enhancement to our accreditation programs allowing all accreditation candidates to select additional cloud criteria from within their current program so they can meet demanding CSP requirements without applying for a second accreditation."
Cloud criteria within EHNAC's accreditation programs help establish a trust framework between stakeholders and recognizes superior capabilities through an extensive review in the areas of privacy, security, mandated standards and key operational functions. The new cloud criteria will be available through all accreditation programs as of April 2, 2019, while the Cloud Enabled Accreditation Program will be phased out. Current CEAP-accredited organizations will maintain their status throughout their two-year accreditation period.
Barrett added: "Ensuring the privacy and security of data across public cloud service platforms is a complex challenge and EHNAC is dedicated to helping organizations address privacy and security vulnerabilities of exchanging healthcare data across the cloud."
During the 60-day public review period, all interested stakeholders are encouraged to provide EHNAC with opinions, comments and suggestions that will prove helpful in determining the necessity, appropriateness and workability of the criteria versions proposed for this interim release scheduled for April 2, 2019.
The EHNAC criteria for each of its accreditation programs sets the foundational requirements for measuring an organization's ability to meet federal and state healthcare reform mandates such as HIPAA, Omnibus, ARRA/HITECH, ACA and other mandates for covered entities and business associates focusing on the areas of privacy, security, confidentiality, best practices, procedures and assets. Visit www.ehnac.org for more details or to review the latest EHNAC criteria.