EHNAC and HITRUST Team Up to Streamline Accreditation & Certification Processes

February 20, 2017
1336 Views

Written by HITRUST Copywriter Harley Rubin.

As the healthcare industry continues to figure out new ways to manage its ever-increasing information security needs, leaders in the field are coming together to find innovative solutions that reduce risk while saving time and money.

With those goals in mind, The Electronic Healthcare Network Accreditation Commission (EHNAC) and the Health Information Trust Alliance (HITRUST) recently announced their collaborative efforts to strengthen their information security program frameworks while reducing costs and inefficiencies in the compliance reporting process.

Together, the organizations mapped their respective programs and found a great deal of overlap between EHNAC’s HIPAA-related privacy and security criteria with that of the HITRUST CSF (with only minor differences in controls used to determine compliance) — a revelation that motivated these collaborative efforts.

Each organization will take steps to streamline their accreditation and certification programs for industry stakeholders:

  • EHNAC will replace its HIPAA-related privacy and security criteria with the HITRUST CSF provisions and controls, while still maintaining the stakeholder-specific benefits of its accreditation process;
  • HITRUST will empower EHNAC to serve as an assessor for HITRUST — becoming the only organization able to provide both EHNAC accreditation and HITRUST CSF certification.

Organizations that are currently accredited by EHNAC will not be impacted by this change. Beginning with EHNAC’s 2017 criteria, organizations that have already obtained a CSF certification will be able to leverage that assessment in obtaining accreditation for one of EHNAC’s 18 stakeholder-specific accreditation programs. In addition, it reduces the need to address inconsistent requirements and redundancies in control requirements and reporting involved in multiple assessments.

In addition, both EHNAC and HITRUST are calling on other standards development organizations and auditors to join them in streamlining their assessment processes — with the goal of reducing or eliminating redundant assessments and their associated costs.

“The healthcare industry is plagued by well-meaning — yet inefficient — processes, standards and protocols,” said Daniel Nutkis, CEO of HITRUST. “It is through this partnership with EHNAC, and potentially other like-minded standards organizations, that we’re growing our vision of helping the industry eliminate the complexity relating to information protection and compliance.”

Lee Barrett, executive director of EHNAC, agreed: “It is an incredible win for the industry that our organizations partner to ensure the security and compliance of the healthcare industry — but to also do so in a way that offers more leadership and efficiency, and less complexity, redundancy and costs.”

Leaders throughout the industry are already praising this partnership. Paul L. Hiring, chief administrative, legal & privacy officer at Surescripts, called this new approach “refreshing” and “a major win for the industry as forward-looking organizations seek to improve their compliance reporting procedures.”

And Karin Lindgren, senior vice president and chief compliance officer at Availity, noted that “this collaboration not only benefits us directly, but the entire industry — by establishing the precedent for greater alignment of leading accreditation and certification organizations to eliminate redundancies, which will reduce costs.”

For more information about EHNAC, visit www.ehnac.org.

To learn more about the HITRUST CSF, visit the Understanding and Leveraging the CSF page.

Share this with your friends...Share on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

You may be interested

HITRUST® Grows Its Privacy Controls and Activities
Privacy
shares475 views
Privacy
shares475 views

HITRUST® Grows Its Privacy Controls and Activities

Lacy Deatrich - Jun 05, 2019

By Natalie Leutwyler, Lead Privacy Analyst, and Anne Kimbol, Chief Privacy Officer Recently a number of important privacy initiatives and…

HITRUST’s Contribution to Healthcare’s New ‘Network of Networks’
Security
shares1110 views
Security
shares1110 views

HITRUST’s Contribution to Healthcare’s New ‘Network of Networks’

Lacy Deatrich - May 17, 2019

HITRUST’s Role in the New Trusted Exchange Framework and Connected Agreement (TEFCA) By Anne Kimbol, Chief Privacy Officer, HITRUST The…

HITRUST’s Shared Responsibility Working Group Ensuring Efficient Operation of Security Controls for Customer of Cloud Services and Cloud Providers
Compliance & Risk Management
shares558 views
Compliance & Risk Management
shares558 views

HITRUST’s Shared Responsibility Working Group Ensuring Efficient Operation of Security Controls for Customer of Cloud Services and Cloud Providers

Lacy Deatrich - May 09, 2019

By Matthew Datel, Director of Education and Strategic Initiatives and Becky Swain, Director, Standards Development, HITRUST Since September 2018, the…