EHNAC and HITRUST announce a new partnership
by Kapua Iao
The Electronic Healthcare Network Accreditation Commission (EHNAC) has announced a new partnership with HITRUST. The partnership enhances security and privacy requirements under a new framework, the Trusted Network Accreditation Program (TNAP).
By being certified by self-governing standards organizations, like EHNAC and HITRUST, healthcare covered entities can prove their HIPAA compliance. And can keep their patients and their organizations safe from data breaches.
Self-governing standards organizations encourage healthcare providers to utilize strong cybersecurity measures like HIPAA compliant email.
What is EHNAC and HITRUST?
Founded in 1993, EHNAC is a nonprofit organization that develops standards and certifies organizations that securely exchange electronic healthcare information.
RELATED: What is ePHI?
EHNAC designs its accreditation programs to improve data privacy and security, operational efficiency, and transaction quality of healthcare organizations. Organizations with EHNAC accreditation demonstrate that they meet other regulations’ requirements, such as:
- HITECH (Health Information Technology for Economic and Clinical Health Act)
- ARRA (American Recovery and Reinvestment Act)
- ACA (Affordable Healthcare Act)
- State requirements of Maryland, New Jersey, and Texas
Established in 2007, HITRUST is a privately held standards development organization that maintains a healthcare compliance framework called the HITRUST CSF.
All of Paubox’s products are HITRUST CSF certified.
The framework is a set of privacy and security controls widely used in the U.S. healthcare industry. Certification helps healthcare organizations manage cyber risks and improve their cybersecurity while demonstrating HIPAA compliance.
Since 2016, EHNAC and HITRUST have worked together to eliminate redundancies. In 2017, EHNAC also became an authorized HITRUST CSF assessor.
The TNAP framework
EHNAC and HITRUST’s latest partnership is the TNAP framework, based on the HITRUST CSF. TNAP promotes interoperability by assuring robust cybersecurity and enabling the use of new technologies in healthcare organizations.
SEE ALSO: The healthcare digital transformation
The framework’s purpose is three-fold:
- Provide third-party review with accreditation for Trusted Exchange participants
- Address existing compliance requirements
- Align with TEFCA (the Trusted Exchange Framework and Common Agreement)
The Office of the National Coordinator for Health Information Technology (ONC) published TEFCA in January 2022. The 21st Century Cures Act, passed in 2016, called for the development of a healthcare exchange network. And an integral part of the act is TEFCA.
ONC designed TEFCA to help providers easily access and exchange electronic health records (EHR) and as a result, improve patient care.
RELATED: Patient activation
TNAP supports TEFCA by ensuring strong security for all accredited organizations. Additional updates will be released as needed.
How does an EHNAC–HITRUST partnership support healthcare?
With the increased reliance on EHR and ePHI, healthcare organizations are even more vulnerable to breaches and HIPAA violations. Self-governing standards organizations are essential in removing vulnerabilities, securing compliance, and keeping healthcare secure.
This is because they form strong collaborations with and between healthcare, technology, and information security organizations.
A partnership between EHNAC and HITRUST can only strengthen compliance regulations and healthcare organizations. According to Lee Barrett, executive director and CEO of EHNAC,
EHNAC and HITRUST are committed to ensuring that all organizations are able to adhere to the latest best practices and standards in privacy and security while meeting federal and state compliance mandates.
By working together in threat sharing and standards creation, such organizations support healthcare providers with their cybersecurity and patient care. On the TNAP website, Barrett adds, “Now is the time for our industry to work together . . . all the while assuring the highest levels of stakeholder trust.”
HITRUST certification and Paubox
Paubox understands the importance of self-governing regulatory organizations. We are very proud that our Paubox solutions are HITRUST CSF certified, including Paubox Email Suite Plus.
Paubox Email Suite Plus provides needed email security and strong HIPAA compliant email by encrypting all outbound email. And email can be sent directly and securely from an existing email platform such as Microsoft 365 and Google Workspace.
When Paubox first achieved HITRUST certification in 2019, Hoala Greevy, Founder CEO of Paubox, stated, “Our customers are trusting us to meet complex compliance requirements.” And we prove this trust daily by using state-of-the-art technical controls along with strong compliance regulations.
Robust inbound email security is practically a necessity for companies these days. Keeping your security updated helps ensure the protection of your network.