Web Version  |  Update preferences  |  Unsubscribe
Twitter icon
Tweet
 Forward icon
Forward

HITRUST and EHNAC Announce Migration of HIPAA Security/Privacy Modules within EHNAC Accreditations to HITRUST’s CSF Framework

HITRUST and the Electronic Healthcare Network Accreditation Commission (EHNAC) have announced that the two organizations have committed to streamline their accreditation and certification programs for industry stakeholders.

After mapping respective programs, EHNAC found a high percentage of overlap between HIPAA-related privacy and security criteria with that of the HITRUST CSF, with only minor differences in controls used to determine compliance. Through the collaboration, EHNAC will replace its HIPAA-related privacy and security criteria with the HITRUST CSF provisions and controls, while still maintaining the stakeholder-specific benefits of its accreditation process.

Both organizations are calling on other standards development organizations and auditors to join them in streamlining their assessment processes to help reduce, if not eliminate, redundant assessments and their associated costs and complexities.

The healthcare industry is plagued by well-meaning—yet inefficient—processes, standards and protocols. Through partnership with EHNAC, and potentially other like-minded standards organizations, HITRUST can grow its vision of helping the industry eliminate the complexity relating to information protection and compliance.

Within the terms of the agreement, EHNAC will serve as an assessor for HITRUST, becoming the only organization able to provide both EHNAC accreditation and HITRUST CSF certification. Beginning with EHNAC’s 2017 criteria, this approach will allow organizations that have already obtained a CSF certification to leverage that assessment in obtaining accreditation for one of EHNAC’s 18 stakeholder-specific accreditation programs. This will also reduce the need to address inconsistent requirements and redundancies in control requirements and reporting involved in multiple assessments. The status of organizations that are currently accredited by EHNAC will not be impacted by this change.

It is believed that this partnership between HITRUST and EHNAC will help ensure the security and compliance of the healthcare industry—and do so in a way that offers more leadership and efficiency, along with less complexity, redundancy and cost.

You can view the press release here.