Industry Insight

EHNAC and HITRUST Partner to Strengthen Privacy and Security Requirements

The Electronic Healthcare Network Accreditation Commission (EHNAC) and HITRUST recently announced a partnership to strengthen the framework of the Trusted Network Accreditation Program (TNAP). TNAP seeks to promote interoperability by assuring the security and privacy of trusted networks and the use of enabling technologies in the health care ecosystem. The program provides third-party review with accreditation for Trusted Exchange qualified health information networks (QHINs) and participants, addresses existing security and privacy compliance mandates, and aligns with new Trusted Exchange Framework and Common Agreement (TEFCA) regulatory requirements.

Developed through an industry collaboration in alignment with the development of the TEFCA, TNAP provides third-party accreditation for health care exchange entities such as QHINs, participants, health information exchanges, accountable care organizations, data registries, participant members, and other stakeholders. The program is administered by EHNAC and assesses an organization's ability to demonstrate alignment with TEFCA requirements, including reviewing technical performance, business processes, and resource management, as well as leveraging the HITRUST Common Security Framework (CSF) for privacy and security requirements.

"EHNAC and HITRUST are committed to ensuring that all organizations are able to adhere to the latest best practices and standards in privacy and security while meeting federal and state compliance mandates," says Lee Barrett, executive director and CEO of EHNAC. “That’s why it’s critical for programs like TNAP to have the support of leading standards development organizations. The value add to the program is immeasurable when ensuring stakeholder trust in today’s complex and cyber risk-based health care ecosystem.”

HITRUST and EHNAC are working together to ensure the privacy and security requirements for TNAP (based on the HITRUST CSF) align with the current guidance for TEFCA and will provide additional updates as future versions are released.

The HITRUST CSF addresses security, privacy, and regulatory challenges facing organizations in many industries, including health care. By integrating and harmonizing over 40 nationally and internationally accepted security- and privacy-related regulations, standards, and frameworks, the HITRUST CSF helps organizations address information risk management and compliance challenges through a comprehensive and flexible risk- and compliance-based framework of prescriptive and scalable controls.

Organizations that obtain the HITRUST Risk-based, two-year (r2) Certification and EHNAC Accreditation can demonstrate that they are achieving the highest standards in their data protection and privacy programs.

"Incorporating HITRUST r2 Certification as a requirement of TNAP enables organizations that may rely on a TNAP accreditation to know that the accreditation's standards for privacy and security are appropriate given the risk posed and compliance requirements. This is of utmost importance as we seek to enable further interoperability in general and the TEFCA system in particular," says Steve Baram, executive vice president of customer engagement at HITRUST.

Organizations applying for TNAP accreditation can select one of two programs: TNAP-QHIN accreditation or TNAP-Participant/Participant Member accreditation. TNAP-QHIN accreditation is tailored towards health care information networks that desire to align with TEFCA. TNAP-Participant/Participant Member accreditation is for those organizations that plan to participate in a QHIN or with an entity that will be participating in a QHIN through another source. Many of these will be individual health care entities or social service providers and can use the TNAP Accreditation with a HITRUST r2 Validated Assessment with Certification requirement as part of a robust third-party risk management system.

Barrett adds, "As an assessor for HITRUST, EHNAC is the only organization able to provide EHNAC accreditation and conduct HITRUST assessment services. Organizations that obtain HITRUST Certification may also leverage assessment reporting to obtain accreditation for any of EHNAC's 20 stakeholder-specific accreditation programs, including TNAP."

Health care industry stakeholders are encouraged to visit the TNAP website to download and review the TNAP criteria. Applicant candidates commencing the accreditation process will be required to adhere to TNAP v.1.0.

— Source: Electronic Healthcare Network Accreditation Commission

JTS Announces April Smith as New HIM Client Services Manager

JTS Health Partners (JTS) announces the promotion of April Smith, CCS, to HIM client services manager where she will provide operational leadership to support client services within the acute and physician sectors.

With 30 years of health care experience, Smith has six years with JTS as an inpatient and outpatient coder and auditor, including enhancing revenue and compliance using nCREAS analytics to improve client outcomes. She is a member of AHIMA, an AHIMA-approved ICD-10-CM/PCS trainer, and an AHIMA-Credentialed Certified Coding Specialist.

“April has been a vital part of the JTS health information management team for six years. April will utilize her expertise in coding, auditing, and compliance to improve our clients’ operational and financial outcomes through accurate and timely processes,” says Thomas Stewart, president and cofounder of JTS.

Previously, Smith was the lead coder at a national HIM professional services firm where she maintained and reported quality and productivity and directed coding staff to enhance both accuracy and production goals.

Smith has extensive experience with DRG/grouper and encoder, having worked with Cerner, Meditech, Thrive hospital information systems, 3M, Quadramed (Clintegrity), Trucode, Thrive Encoder, McKesson, and Eclipsys EMR in large health teaching networks, Level 1 trauma facilities, cancer and children’s hospitals, local community hospitals, and behavioral health and critical access hospitals.

— Source: JTS Health Partners