EHNAC, part of DirectTrust

EHNAC (Electronic Healthcare Network Accreditation Commission), now part of DirectTrust, is a federally recognized standards development organization and 501(c)(6) non-profit accrediting body established in 1995. The organization provides third-party accreditation and certification programs for healthcare entities focused on data security, privacy compliance, and interoperability standards.

The organization offers multiple accreditation programs covering health information service providers (HISPs), health information exchanges (HIEs), clearinghouses, payers, certificate authorities, and health apps. EHNAC became a HITRUST Authorized External Assessor in 2017 and merged with DirectTrust in 2023, where it now serves as the accreditation and certification body. The organization has accredited over 100 healthcare organizations including major health systems, EHR vendors, and health IT companies.

EHNAC's accreditation process validates that organizations meet standards for HIPAA compliance, data security, and healthcare data exchange best practices. The organization's programs are developed through stakeholder collaboration across payers, providers, vendors, and regulators to establish industry-accepted criteria for third-party review.

Organizations should consider EHNAC when they need recognized third-party validation of their healthcare data security and compliance practices. The accreditation provides competitive differentiation and builds trust with healthcare partners who require documented adherence to HIPAA, interoperability, and security standards.

Expect a structured accreditation process including criteria review, application submission, assessment by experienced healthcare assessors, and ongoing compliance monitoring. The accreditation demonstrates to customers, partners, and regulators that an organization follows established best practices for healthcare data handling.

EHNAC exclusively serves the healthcare industry with specialized accreditation programs for data security, HIPAA compliance, and interoperability. The organization developed the first industry standards for healthcare data transmission and security in 1995 and has since created specialized accreditation criteria for Direct Secure Messaging (HISP), health information exchanges, electronic prescribing for controlled substances, accountable care organizations, and health apps.

All accreditation programs address healthcare-specific regulatory requirements including HIPAA Privacy and Security Rules, HITECH Act provisions, and industry interoperability standards. The organization's assessors average over 25 years of healthcare experience.

Healthcare technology companies, health information exchanges, clearinghouses, and payers that exchange protected health information and need credible third-party validation of their security and compliance programs. Organizations seeking to differentiate themselves through recognized accreditation or that face customer requirements for certified compliance status are ideal candidates.