Skip to content Skip to navigation

EHNAC Updates Accreditation Programs for HIPAA Omnibus Rule

August 21, 2013
by Gabriel Perna
| Reprints

As the Sept. 23 Health Insurance Portability and Accountability Act (HIPAA) Omnibus Rule compliance date approaches, the Electronic Healthcare Network Accreditation Commission (EHNAC), a non-profit standards development organization and accrediting body, has announced the adoption of new program criteria that supports this legislation.

The final criteria released by EHNAC come after a 60-day public comment period where it incorporated feedback. In May, EHNAC posted criteria for its accreditation programs that addressed HIPAA, cloud computing, and health information exchange, and ePrescribing. All of those programs, from back in May, were updated and finalized.

“As healthcare stakeholders strive to keep pace with emergent reimbursement structures and ongoing regulatory changes, criteria standards must evolve to ensure EHNAC accreditation programs remain ahead of the curve. With enforcement efforts for the new HIPAA Omnibus Rule beginning September 23, 2013, accredited organizations that comply with the new criteria can now assure their customers that their patient’s protected health information (PHI) remains secure and aligns with regulatory requirements,” EHNAC Commissioner and Criteria Committee Chair Mark Gingrich said in a statement.

The range of programs that EHNAC updated and finalized include:

  1. ePAP – e-Prescribing Accreditation Program (V6.5)
  2. EPCSCP-Pharmacy – Electronic Prescription of Controlled Substances Certification Program – Pharmacy Vendor1 (V1.1)
  3. EPCSCP-Prescribing – Electronic Prescription of Controlled Substances Certification Program – Prescribing Vendor1 (V1.1)
  4. FSAP-EHN – Financial Services Accreditation Program for Electronic Health Networks (V2.5)
  5. FSAP-Lockbox – Financial Services Accreditation Program for Lockbox Services (V2.5)
  6. HIEAP – Health Information Exchange Accreditation Program (V1.3)
  7. HNAP-EHN – Healthcare Network Accreditation Program for Electronic Health Networks [Includes Payer] (V10.5)
  8. HNAP-Medical Biller – Healthcare Network Accreditation Program for Medical Billers (V1.4)
  9. HNAP-TPA – Healthcare Network Accreditation Program for Third Party Administrators (V1.4)
  10. MSOAP – Management Service Organization Accreditation Program (V1.3)
  11. OSAP – Outsourced Services Accreditation Program2 (V1.4)
  12. OSAP-HIE – Outsourced Services Accreditation Program for Health Information Exchange Services (V1.3)
  13. DTAAP-HISP (NEW) – Direct Trusted Agent Accreditation Program for Health Information Service Providers (V1.0 )
  14. DTAAP-CA (NEW) – Direct Trusted Agent Accreditation Program for Certificate Authorities (V1.0)
  15. DTAAP-RA (NEW) – Direct Trusted Agent Accreditation Program for Registration Authorities (V1.0)


CMS Hospital Compare Website Updated with VA Data

The Centers for Medicare & Medicaid Services (CMS) has announced the inclusion of Veterans Administration (VA) hospital performance data as part of the federal agency’s Hospital Compare website.

CMS Awards Funding to Special Innovation Projects

The Centers for Medicare & Medicaid Services (CMS) has awarded 20, two-year Special Innovation Projects (SIPs) aimed at local efforts to deliver better care at lower cost.

Center of Excellence in Genomic Science to be Established in Chicago

The National Human Genome Research Institute has awarded $10.6 million over five years for the establishment of a new research center in Chicago to advance genomic science.

EHNAC and HITRUST Combine HIPAA Security Criteria, CSF Framework

The Electronic Healthcare Network Accreditation Commission (EHNAC) and the Health Information Trust Alliance (HITRUST) announced plans to streamline their accreditation and certification programs.

Halamka on MACRA Final Rule: “CMS is Listening and I Thank Them”

Health IT notable expert John Halamka, M.D., CIO of Beth Israel Deaconess Medical Center in Boston, recently weighed in on the Medicare Access and CHIP Reauthorization Act (MACRA) final rule.

Texas Patient Care Clinic Hit with Ransomware Attack

Grand Prairie, Texas-based Rainbow Children's Clinic was the victim of a ransomware attack on its IT systems in August, affecting more than 33,000 patients, according to multiple news media reports this week.