DirectTrust, a non-profit healthcare alliance, has released updated accreditation criteria for 19 health IT programs, open for public review until November 28, 2023. This initiative, which began on September 22, seeks input from health information exchange stakeholders to shape industry standards. Notable updates include eliminating duplicate criteria, enhancing grammar, and aligning criteria within various programs. The merger of EHNAC into DirectTrust has led to the discontinuation of the EHNAC Privacy and Security Accreditation program. Key changes for 2024 target the Electronic Prescription of Controlled Substances Certification Program and ensure compliance with FDA regulations.
DirectTrust has released new accreditation criteria for review in the health IT sector. These criteria pertain to 19 updated health IT accreditation programs and are open for public review and feedback until November 28, 2023.
DirectTrust, a non-profit alliance within the healthcare industry dedicated to facilitating secure, identity-verified electronic exchanges of protected health information, has made available new versions of program criteria for 19 of its health IT accreditation programs. These criteria are open to public scrutiny and input.
The process for reviewing and adopting these criteria commenced on September 22 and will conclude on November 28, 2023.
DirectTrust’s Electronic Healthcare Network Accreditation Commission (EHNAC) oversees and administers the organization’s accreditation and certification programs.
This criteria review process is intended to provide stakeholders in health information exchange (HIE) with an opportunity to express their recommendations and help shape standards-based health IT accreditation.
Updates to the criteria include the removal of duplicate criteria for programs that offer the HITRUST security option, as well as various clarifications and improvements in grammar.
Furthermore, these enhancements aim to ensure consistent alignment of criteria within the Accountable Care Organization, Data Registry, Health Information Exchange, and the Outsourced Services Accreditation Programs with their corresponding DirectTrust versions.
As a result of the merger of EHNAC into DirectTrust earlier this year, the EHNAC Privacy and Security Accreditation program has been discontinued, leaving the DirectTrust Privacy and Security Accreditation Program in its place.
Notable updates for 2024 include changes to the criteria within the DirectTrust Electronic Prescription of Controlled Substances Certification Program for Pharmacy Vendors and the DirectTrust Electronic Prescription of Controlled Substances Certification Program for Prescribing Vendors. These updates have been made to enhance support for the FDA Code of Federal Regulations Title 21 § 1311.
The following 19 enhanced programs have their criteria versions available for review:
1. Accountable Care Organization Accreditation Program (ACOAP) – v4.3*
2. Data Registry Accreditation Program (DRAP) – v4.3*
3. DirectTrust Privacy & Security – v4.3*
4. E-Prescribing Accreditation Program (ePAP-EHN) – v9.3*
5. Electronic Prescription of Controlled Substances Certification Program for Pharmacy Vendors (EPCSCP-Pharmacy) – v4.4
6. Electronic Prescription of Controlled Substances Certification Program for Prescribing Vendors (EPCSCP-Prescribing) – v4.4
7. Financial Services Accreditation Program for Electronic Health Networks (FSAP-EHN) – v5.3
8. Financial Services Accreditation Program for Lockbox Services (FSAP-Lockbox) – v5.3*
9. Health Information Exchange Accreditation Program (HIEAP) – v4.3*
10. Healthcare Network Accreditation Program for Electronic Health Networks – Includes Payer (HNAP-EHN) – v13.3*
11. Healthcare Network Accreditation Program for Medical Billers (HNAP-Medical Biller) – v4.3)*
12. Healthcare Network Accreditation Program for Third Party Administrators (HNAP-TPA) – v4.3*
13. Management Service Organization Accreditation Program (MSOAP) – v4.3*
14. Outsourced Services Accreditation Program (OSAP) 1 – v4.3*1
15. Practice Management System Accreditation Program (PMSAP) – v4.3*
16. Trusted Dynamic Registration & Authentication Accreditation Program Basic (TDRAAP-Basic) – v1.5
17. Trusted Dynamic Registration & Authentication Accreditation Program Comprehensive – (TDRAAP-Comprehensive) – v1.5*
18. Trusted Network Accreditation Program for Qualified Health Information Network (QHIN) Applicants (TNAP-QHIN) – v2.2
19. Trusted Network Accreditation Program for Qualified Health Information Network (QHIN) Participants (TNAP-Participant) – v2.1
* Indicates that applicants may choose from two distinct sets of security criteria:
1. DirectTrust Security criteria with Privacy based on HIPAA/HITECH, GDPR, CCPA, and Health and Wellness; and Security based on NIST 800-171 and NIST CSF (Cybersecurity Framework).
2. HITRUST CSF Security Criteria, now updated to Version 9.6.2 of the HITRUST CSF.
