Written by HITRUST Copywriter Harley Rubin.
As the healthcare industry continues to figure out new ways to manage its ever-increasing information security needs, leaders in the field are coming together to find innovative solutions that reduce risk while saving time and money.
With those goals in mind, The Electronic Healthcare Network Accreditation Commission (EHNAC) and the Health Information Trust Alliance (HITRUST) recently announced their collaborative efforts to strengthen their information security program frameworks while reducing costs and inefficiencies in the compliance reporting process.
Together, the organizations mapped their respective programs and found a great deal of overlap between EHNAC’s HIPAA-related privacy and security criteria with that of the HITRUST CSF (with only minor differences in controls used to determine compliance) — a revelation that motivated these collaborative efforts.
Each organization will take steps to streamline their accreditation and certification programs for industry stakeholders:
- EHNAC will replace its HIPAA-related privacy and security criteria with the HITRUST CSF provisions and controls, while still maintaining the stakeholder-specific benefits of its accreditation process;
- HITRUST will empower EHNAC to serve as an assessor for HITRUST — becoming the only organization able to provide both EHNAC accreditation and HITRUST CSF certification.
Organizations that are currently accredited by EHNAC will not be impacted by this change. Beginning with EHNAC’s 2017 criteria, organizations that have already obtained a CSF certification will be able to leverage that assessment in obtaining accreditation for one of EHNAC’s 18 stakeholder-specific accreditation programs. In addition, it reduces the need to address inconsistent requirements and redundancies in control requirements and reporting involved in multiple assessments.
In addition, both EHNAC and HITRUST are calling on other standards development organizations and auditors to join them in streamlining their assessment processes — with the goal of reducing or eliminating redundant assessments and their associated costs.
“The healthcare industry is plagued by well-meaning — yet inefficient — processes, standards and protocols,” said Daniel Nutkis, CEO of HITRUST. “It is through this partnership with EHNAC, and potentially other like-minded standards organizations, that we’re growing our vision of helping the industry eliminate the complexity relating to information protection and compliance.”
Lee Barrett, executive director of EHNAC, agreed: “It is an incredible win for the industry that our organizations partner to ensure the security and compliance of the healthcare industry — but to also do so in a way that offers more leadership and efficiency, and less complexity, redundancy and costs.”
Leaders throughout the industry are already praising this partnership. Paul L. Hiring, chief administrative, legal & privacy officer at Surescripts, called this new approach “refreshing” and “a major win for the industry as forward-looking organizations seek to improve their compliance reporting procedures.”
And Karin Lindgren, senior vice president and chief compliance officer at Availity, noted that “this collaboration not only benefits us directly, but the entire industry — by establishing the precedent for greater alignment of leading accreditation and certification organizations to eliminate redundancies, which will reduce costs.”
For more information about EHNAC, visit www.ehnac.org.
You may be interested
“Using Work of Others” Initiative from HITRUST Streamlines IT Security Control Assessments to Promote a Culture of Risk Management CollaborationLacy Deatrich - Sep 11, 2019
By Jeremy Huval, Vice President, Compliance & Internal Audit Completing HITRUST CSF Assessments will now require less time and fewer…
HITRUST® Submits Application to be an Accountability Agent for APEC CertificationLacy Deatrich - Aug 14, 2019
By Anne Kimbol, Chief Privacy Officer, HITRUST HITRUST has submitted its application to be recognized as an Accountability Agent under…
HITRUST Shared Responsibility Program Helps Organizations and Cloud Service Providers Collaborate to Protect Data in the CloudLacy Deatrich - Jul 08, 2019
By Becky Swain, Director, Standards Development Your cloud provider is certified to comply with all the major regulations for protecting…