As the healthcare industry continues to figure out new ways to manage its ever-increasing information security needs, leaders in the field are coming together to find innovative solutions that reduce risk while saving time and money.
With those goals in mind, The Electronic Healthcare Network Accreditation Commission (EHNAC) and the Health Information Trust Alliance (HITRUST) recently announced their collaborative efforts to strengthen their information security program frameworks while reducing costs and inefficiencies in the compliance reporting process.
Together, the organizations mapped their respective programs and found a great deal of overlap between EHNAC’s HIPAA-related privacy and security criteria with that of the HITRUST CSF (with only minor differences in controls used to determine compliance) — a revelation that motivated these collaborative efforts.
Each organization will take steps to streamline their accreditation and certification programs for industry stakeholders:
- EHNAC will replace its HIPAA-related privacy and security criteria with the HITRUST CSF provisions and controls, while still maintaining the stakeholder-specific benefits of its accreditation process;
- HITRUST will empower EHNAC to serve as an assessor for HITRUST — becoming the only organization able to provide both EHNAC accreditation and HITRUST CSF certification.
Organizations that are currently accredited by EHNAC will not be impacted by this change. Beginning with EHNAC’s 2017 criteria, organizations that have already obtained a CSF certification will be able to leverage that assessment in obtaining accreditation for one of EHNAC’s 18 stakeholder-specific accreditation programs. In addition, it reduces the need to address inconsistent requirements and redundancies in control requirements and reporting involved in multiple assessments.
In addition, both EHNAC and HITRUST are calling on other standards development organizations and auditors to join them in streamlining their assessment processes — with the goal of reducing or eliminating redundant assessments and their associated costs.
“The healthcare industry is plagued by well-meaning — yet inefficient — processes, standards and protocols,” said Daniel Nutkis, CEO of HITRUST. “It is through this partnership with EHNAC, and potentially other like-minded standards organizations, that we’re growing our vision of helping the industry eliminate the complexity relating to information protection and compliance.”
Lee Barrett, executive director of EHNAC, agreed: “It is an incredible win for the industry that our organizations partner to ensure the security and compliance of the healthcare industry — but to also do so in a way that offers more leadership and efficiency, and less complexity, redundancy and costs.”
Leaders throughout the industry are already praising this partnership. Paul L. Hiring, chief administrative, legal & privacy officer at Surescripts, called this new approach “refreshing” and “a major win for the industry as forward-looking organizations seek to improve their compliance reporting procedures.”
And Karin Lindgren, senior vice president and chief compliance officer at Availity, noted that “this collaboration not only benefits us directly, but the entire industry — by establishing the precedent for greater alignment of leading accreditation and certification organizations to eliminate redundancies, which will reduce costs.”
For more information about EHNAC, visit www.ehnac.org.