The Electronic Healthcare Network Accreditation Commission (EHNAC), a non-profit, federally recognized standards development organization and accrediting body for organizations that electronically exchange healthcare data, announced today that it has finalized the criteria for Cloud-Enabled Accreditation Program along with the accreditation achievements of three cloud-computing vendors – FIGmd, Inc.; HealthcarePays Network, LLC; and MedicaSoft.
In response to the inherent privacy and security vulnerabilities of exchanging healthcare data across the cloud, EHNAC’s Cloud-Enabled Accreditation Program establishes a framework of trust between stakeholders, and recognizes superior capabilities through the extensive review in the areas of privacy, security, mandated standards and key operational functions. CEAP assesses health information and oversight for meeting privacy and security, HIPAA, HITECH, Omnibus Rule and ACA requirements, as well as technical performance, business processes and resource management. The comprehensive CEAP program requires 74 unique criterions to be met by applying organizations, in addition to coordination with the organization’s CSP.
“Ensuring the privacy and security of data across public cloud service platforms is a complex challenge – especially in the evolving healthcare marketplace where we’re dealing with highly sensitive, protected health information,” said Lee Barrett, executive director of EHNAC. “The development of this program was driven heavily by our three beta organizations who were eager to establish the means for an independent third-party review. Because each have already gone through the accreditation process before for other programs, they had clear expectations of the process, and an understanding that accreditation could help them demonstrate a higher standard of quality and security.”
As beta participants throughout the consultative and consensus-driven process of program development, FIGmd, Inc.; HealthcarePays Network, LLC; and MedicaSoft were the first to undergo evaluation on their compliance with the criteria and receive full accreditation status for the two-year timeframe.
EHNAC’s Cloud-Enabled Accreditation Program includes the criteria, standards and framework for creating a core set of requirements for compliance. In addition, CEAP:
- Ensures stakeholder trust for managing healthcare data exchange across cloud-enabled networks;
- Reviews the key functions of platform structure under FedRAMP guidelines including the areas of integrity, portability, interoperability, clinical integration, compliance monitoring, reporting and industry accreditation; and
- Serves as a baseline for the CSP FedRAMP-standard platform for stakeholders to assure compliance with federal guidelines and industry adopted frameworks and best practices.
Visit www.ehnac.org for more details on CEAP and the many other EHNAC accreditation programs.