EHNAC Releases New 2018 Accreditation Criteria Versions for Public Review through Dec. 8

Most significant criteria changes to the organization’s accreditation programs in years brings forth strengthened alliance with HITRUST CSF certification program


FARMINGTON, Conn., Oct. 03, 2017 (GLOBE NEWSWIRE) -- The Electronic Healthcare Network Accreditation Commission (EHNAC), a non-profit standards development organization and accrediting body for organizations that electronically exchange healthcare data, announced today that it has posted new versions of program criteria of its 18 accreditation programs for public review. The open process for adopting criteria will commence on Oct. 3, 2017 and end on Dec. 8, 2017.

The significant updates to the 2018 criteria are in a large part due to EHNAC’s recently announced partnership with HITRUST. The two organizations have collaborated to streamline the security and compliance assurances of the healthcare industry, while reducing the complexity, redundancy and costs of pursuing both HITRUST CSF certification and any of EHNAC’s 18 program-specific accreditations. All EHNAC accreditation program criteria, except CEAP, have adopted privacy and security requirements from HITRUST CSF V9.0. EHNAC will now accept a HITRUST certified assessment in lieu of completing the privacy and security sections of these programs, provided the HITRUST assessment was appropriately scoped. The organization will continue to focus on further enhancements to its stakeholder-specific criteria, while providing input to HITRUST on the privacy and security criteria.

“In addition to the large overhaul of our criteria’s privacy and security sections with HITRUST’s CSF requirements, a wide range of other enhancements have been made to each program based on feedback from accredited organizations and approved recommendations from the EHNAC Criteria Committee,” said Ron Moser, EHNAC Senior Site Reviewer/Auditor. “These include clarifications, updates to ancillary documentation included with EHNAC packages, elimination of some criteria, clarification on the requirement for claims attachments backups, and additional customer support criteria, among others. And throughout this 60-day public review period, we hope to receive even more feedback from the industry and stakeholders as they determine the effectiveness of these changes.”

The 18 enhanced criteria programs and the new version numbers associated include:

  1. ACOAP – Accountable Care Organization Accreditation Program (V3.0)
  2. CEAP – Cloud Enabled Accreditation Program1 (V1.2)
  3. DRAP – Data Registry Accreditation Program (V3.0)
  4. DTAAP-CA – Direct Trusted Agent Accreditation Program for Certificate Authorities (V3.0)
  5. DTAAP-HISP P&S2 – Direct Trusted Agent Accreditation Program for Health Information Service Providers (V1.0)
  6. DTAAP-RA – Direct Trusted Agent Accreditation Program for Registration Authorities (V3.0)
  7. ePAP-EHN – e-Prescribing Accreditation Program (V8.0)
  8. EPCSCP-Pharmacy – Electronic Prescription of Controlled Substances Certification Program – Pharmacy Vendor (V3.0)
  9. EPCSCP-Prescribing – Electronic Prescription of Controlled Substances Certification Program – Prescribing Vendor (V3.0)
  10. FSAP-EHN – Financial Services Accreditation Program for Electronic Health Networks (V4.0)
  11. FSAP-Lockbox – Financial Services Accreditation Program for Lockbox Services (V4.0)
  12. HIEAP – Health Information Exchange Accreditation Program (V3.0)
  13. HNAP-EHN – Healthcare Network Accreditation Program for Electronic Health Networks [Includes Payer] (V12.0)
  14. HNAP-Medical Biller – Healthcare Network Accreditation Program for Medical Billers (V3.0)
  15. HNAP-TPA – Healthcare Network Accreditation Program for Third Party Administrators (V3.0)
  16. MSOAP – Management Service Organization Accreditation Program (V3.0)
  17. OSAP – Outsourced Services Accreditation Program3 (V3.0)
  18. PMSAP – Practice Management System Accreditation Program (V3.0)

Visit for more details or to review the latest EHNAC criteria and submit feedback during this comment period through the Criteria Comment Form.

1The Cloud Enabled Accreditation Program is provided only as an add-on program for organizations that have applied for another program. The Cloud Service Provider (CSP) must be FedRAMP-certified, and an additional site visit day is required for reviewing the details of this program.

2The DTAAP-HISP P&S program replaces the DTAAP-HISP program from previous years. This new program covers only the non-HISP criteria, as DirectTrust will be administering the HISP-specific criteria through a separate program.

3OSAP includes 10 different accreditation programs tailored for Accountable Care Organization Technology Service Providers; Call Centers; Data Centers; DRP Facilities; Health Information Exchange Technology Service Providers; Media Storage; Network Administrators; Printing; Product Development; and Scanning.


The Electronic Healthcare Network Accreditation Commission (EHNAC) is a voluntary, self-governing standards development organization (SDO) established to develop standard criteria and accredit organizations that electronically exchange healthcare data. These entities include accountable care organizations, data registries, electronic health networks, EPCS vendors, e-prescribing solution providers, financial services firms, health information exchanges, health information service providers, management service organizations, medical billers, outsourced service providers, payers, practice management system vendors and third-party administrators. The Commission is an authorized HITRUST CSF Assessor, making it the only organization with the ability to provide both EHNAC accreditation and HITRUST CSF certification.

EHNAC was founded in 1993 and is a tax-exempt 501(c)(6) nonprofit organization. Guided by peer evaluation, the EHNAC accreditation process promotes quality service, innovation, cooperation and open competition in healthcare. To learn more, visit, contact, or follow us on Twitter, LinkedIn and YouTube.

Press contact information:

Dave Anderson, Anderson Interactive, 252-715-4767

Debra Hopkinson, EHNAC, 860-408-1620