EHNAC and DirectTrust to Conduct a Pilot


Call for Beta Organization Participants Now Open

The Electronic Healthcare Network Accreditation Commission (EHNAC), a non-profit standards development organization and accrediting body for organizations that electronically exchange healthcare data, and DirectTrust, a non-profit trade alliance that advances secure, health information exchange via the Direct Protocol, announced they are developing an accreditation program for personal health record (PHR) and patient portal vendors.

This pilot accreditation program will assess these organizations and their ability to meet or exceed HIPAA privacy and security rules based upon the areas of security, privacy, and confidentiality, technical and personnel resources, best practices and compliance with HIPAA and the HITECH Omnibus Rule that updated HIPAA. In 2012, EHNAC and DirectTrust partnered to develop the existing Direct Trusted Agent Accreditation Programs (DTAAPs) for health information service providers (HISP), registration authorities (RA) and certificate authorities (CA) supporting Direct Exchange. The new pilot program for personal health record vendors will be similar to those programs in that it will recognize excellence in health data processing and transactions, and confirm compliance with industry-established standards for privacy and security that are equivalent or exceed HIPAA.

“Personal health record and patient portal vendors are the fastest growing new membership group within DirectTrust – and they deserve a rigorous accreditation program that recognizes the same level of data security and privacy as other organizations accredited by EHNAC-DirectTrust,” said DirectTrust President and CEO David C. Kibbe, MD. “The program that DirectTrust and EHNAC is piloting will provide assurance equivalent to and possibly beyond what HIPAA requires. For example, we’re looking into incorporating an encryption component for stored data, as well as two-factor authentication to further protect the customers of both PHR vendors and EHR vendors looking to develop their own portals.”

EHNAC Executive Director, Lee Barrett added, “We’re in an environment of increased angst over security and privacy issues – and with good reason. Today’s healthcare providers not only have access to a patient’s protected health information including financial data, but also insights into diagnoses, treatment plans, medications, etc. As patients take greater control over their own healthcare decisions and transition their health information to personal health records, they need to have confidence in all healthcare stakeholders that their data will remain secure and confidential. EHNAC and DirectTrust are working collaboratively to close that gap.”

PHR vendors looking to participate as a pilot organization and contribute to the development of the program are encouraged to contact for more information.

The Electronic Healthcare Network Accreditation Commission (EHNAC) is a voluntary, self-governing standards development organization (SDO) established to develop standard criteria and accredit organizations that electronically exchange healthcare data. These entities include accountable care organizations, electronic health networks, EPCS vendors, eprescribing solution providers, financial services firms, health information exchanges, health information service providers, management service organizations, medical billers, outsourced service providers, payers, practice management system vendors and third-party administrators.

EHNAC was founded in 1993 and is a tax-exempt 501(c)(6) nonprofit organization. Guided by peer evaluation, the EHNAC accreditation process promotes quality service, innovation, cooperation and open competition in healthcare. To learn more, visit, contact, or follow us on Twitter, LinkedIn and YouTube.

About DirectTrust, Inc. is a non-profit, competitively neutral, self-regulatory entity created by and for participants in the Direct community, including HISPs, CAs and RAs, doctors, patients, and vendors, and supports both provider-to-provider as well as patient-to-provider Direct exchange. The goal of is to develop, promote and, as necessary, help enforce the rules and best practices necessary to maintain security and trust within the Direct community, consistent with the HITECH Act and the governance rules for the NwHIN established by ONC. is committed to fostering widespread public confidence in the Direct exchange of health information. To learn more, visit