For numerous years, the Electronic Healthcare Network Accreditation Commission (EHNAC) has accredited vendors, contributors and other stakeholders for meeting a series of best business practices, which involves privacy and security practices. Recently, HITRUST has started certifying industry stakeholders that meet a detailed set of best practices for the security and availability of healthcare information. But several stakeholders get certified under both programs and have been inquiring EHNAC and HITRUST to streamline the privacy and security certification procedures to neglect redundant assessments, extra complexities and added cost.
Now, that will happen as EHNAC will end up its privacy and security processes and will accept or adopt the HITRUST security certification procedures. The agencies mapped criteria between the 2 programs and found important overlap, claims Lee Barrett, executive director of EHNAC.
For example, if a stakeholder goes through both accreditations, it will begin with the HITRUST Common Security Framework certification, called as CSF, and would not have to do the privacy-security components of EHNAC, which would port over the HITRUST certification when the stakeholder goes through EHNAC accreditation. CSF will be the key standard for privacy and security controls, for both programs.
That means that CSF will be incorporated into entire eighteen EHNAC’s accreditation programs, according to Barrett. Moreover, EHNAC will be an assessor for HITRUST and use the CSF for its privacy and security components as security certification procedures.
In all other ways, both agencies will continue with their proprietary accreditation programs.
“This eliminates the concentric circles,” states Daniel Nutkis, CEO at HITRUST. “Agencies felt they were wasting out precious time and resources—the responsibility was on us to streamline the procedure.”
No comments:
Post a Comment