Press release content from Accesswire. The AP news staff was not involved in its creation.

EHNAC Announces Finalized 2023 Accreditation Criteria Versions for All Accreditation Programs

PRESS RELEASE: Paid content from Accesswire
Press release content from Accesswire. The AP news staff was not involved in its creation.
January 3, 2023 GMT

Key updates include those for 19 existing and 3 new programs; address capacity planning, utilization monitoring, and improved mapping to the NIST Cybersecurity Framework

FARMINGTON, CT / ACCESSWIRE / January 3, 2023 / The Electronic Healthcare Network Accreditation Commission (EHNAC), a non-profit standards development organization and accrediting body for organizations that electronically exchange healthcare data, today announced the release of new versions of program criteria for its 19 accreditation programs and 3 beta accreditation programs for use, starting January 1, 2023.

The new updates by the EHNAC Criteria Committee include addressing capacity planning and utilization monitoring criteria, as well as improvements to some of the criteria within ePAP-EHN. This year’s developments also include improved mapping to the NIST Cybersecurity Framework and various other clarifications and grammatical enhancements.

“We are excited about the finalization of this year’s criteria as these critical updates not only improve our existing programs, but also expand our accreditation offerings as we bring to the industry three new beta programs focused on Explanation of Provider Payments, CARIN Code of Conduct, and Privacy by Design,” said Lee Barrett, Executive Director and CEO of EHNAC. “We are continuously grateful for those who provided invaluable feedback as we continue to strengthen and advance our accreditation criteria so that industry stakeholders are at the forefront of legislative and regulatory revisions to ensure compliance while reducing risk of breach or cyberattack and assuring stakeholder trust.”

Following the standard, 60-day public comment period, EHNAC’s Criteria Committee and Commission have incorporated public feedback to finalize and adopt the enhanced and final criteria versions for the following nineteen accreditation programs:

Criteria versions for the following three beta programs are also now released for use:

The EHNAC criteria for each of its accreditation programs sets the foundational requirements for measuring an organization’s ability to meet/align with federal and state healthcare reform mandates such as HIPAA/HITECH, 21st Century Cures Act, TEFCA and other mandates and best practices like NIST, for health care organizations focusing on the areas of privacy, security, cybersecurity, breach handling, confidentiality, best practices, procedures, and assets.

Healthcare industry stakeholders are encouraged to regularly visit to download and review the latest EHNAC criteria versions in full detail. Applicant candidates commencing the accreditation or re-accreditation process in 2023 will be required to adhere to these updated criteria versions.

* Indicates that applicants may select from two distinct sets of security criteria:

  • EHNAC Security criteria with Privacy based on HIPAA/HITECH, GDPR, CCPA, and Health and Wellness; and Security based on NIST 800-171 and NIST CSF (Cybersecurity Framework)
  • HITRUST CSF Security Criteria, now updated to Version 9.6.2 of the HITRUST CSF

1 OSAP includes 10 different accreditation programs tailored for Accountable Care Organization Technology Service Providers; Call Centers; Data Centers; DRP Facilities; Health Information Exchange Technology Service Providers; Media Storage; Network Administrators; Printing; Product Development; and Scanning.


The Electronic Healthcare Network Accreditation Commission (EHNAC) is a voluntary, self-governing standards development organization (SDO) established to develop standard criteria and accredit organizations that electronically exchange healthcare data. These entities include accountable care organizations, data registries, electronic health networks, EPCS vendors, e-prescribing solution providers, financial services firms, health information exchanges, health information service providers, management service organizations, medical billers, outsourced service providers, payers, practice management system vendors, third-party administrators, and trusted networks. The Commission is an authorized HITRUST CSF Assessor, making it the only organization with the ability to provide both EHNAC accreditation and HITRUST CSF certification.

EHNAC was founded in 1993 and is a tax-exempt 501(c)(6) nonprofit organization. Guided by peer evaluation, the EHNAC accreditation process promotes quality service, innovation, cooperation, and open competition in healthcare. To learn more, visit, contact, or follow us on Twitter, LinkedIn and YouTube.

Press contact information:

Tom Testa, Anderson Interactive


Debra Hopkinson, EHNAC


SOURCE: Electronic Healthcare Network Accreditation Commission (EHNAC)

View source version on