DirectTrust Announces 2024 Accreditation Criteria Versions
WASHINGTON, DC – January 3, 2024 – DirectTrust™, a non-profit healthcare industry alliance, standards development, and accreditation body focused on advancing trust in healthcare, today announced the release of new versions of program criteria for 19 of its accreditation programs, starting January 1, 2024. DirectTrust’s accreditation and certification programs are governed by the organization’s Electronic Healthcare Network Accreditation Commission (EHNAC).
In addition to various clarifications and grammatical enhancements, new criteria updates include the elimination of duplicate criteria for programs with the HITRUST security option and ensure consistent alignment of specific criteria within the Accountable Care Organization, Data Registry, Health Information Exchange, and the Outsourced Services Accreditation Programs with their corresponding DirectTrust versions. Last year’s completed merger of EHNAC into DirectTrust led to the discontinuation of the EHNAC Privacy and Security Accreditation program, leaving the Privacy and Security Accreditation Program in place.
Other key updates for 2024 include the criteria within the DirectTrust Electronic Prescription of Controlled Substances Certification Program for Pharmacy Vendors and the DirectTrust Electronic Prescription of Controlled Substances Certification Program for Prescribing Vendors which have been enhanced to improve support of FDA Code of Federal Regulations Title 21 § 1311.
Following the standard, 60-day public comment period, DirectTrust’s Criteria Council and Commission have incorporated public feedback to finalize and adopt the enhanced and final criteria versions for the following 19 accreditation programs:
- Accountable Care Organization Accreditation Program (ACOAP) – v4.3*
- Data Registry Accreditation Program (DRAP) – v4.3*
- Privacy & Security – v4.3*
- E-Prescribing Accreditation Program (ePAP-EHN) – v9.3*
- Electronic Prescription of Controlled Substances Certification Program for Pharmacy Vendors (EPCSCP-Pharmacy) – v4.4
- Electronic Prescription of Controlled Substances Certification Program for Prescribing Vendors (EPCSCP-Prescribing) – v4.4
- Financial Services Accreditation Program for Electronic Health Networks (FSAP-EHN) – v5.3
- Financial Services Accreditation Program for Lockbox Services (FSAP-Lockbox) – v5.3*
- Health Information Exchange Accreditation Program (HIEAP) – v4.3*
- Healthcare Network Accreditation Program for Electronic Health Networks – Includes Payer (HNAP-EHN) – v13.3*
- Healthcare Network Accreditation Program for Medical Billers (HNAP-Medical Biller) – v4.3)*
- Healthcare Network Accreditation Program for Third Party Administrators (HNAP-TPA) – v4.3*
- Management Service Organization Accreditation Program (MSOAP) – v4.3*
- Outsourced Services Accreditation Program (OSAP) 1 – v4.3*1
- Practice Management System Accreditation Program (PMSAP) – v4.3*
- Trusted Dynamic Registration & Authentication Accreditation Program Basic (TDRAAP-Basic) – v1.5
- Trusted Dynamic Registration & Authentication Accreditation Program Comprehensive – (TDRAAP-Comprehensive) – v1.5*
- Trusted Network Accreditation Program for Qualified Health Information Network (QHIN) Applicants (TNAP-QHIN) – v2.2
- 19. Trusted Network Accreditation Program for Qualified Health Information Network (QHIN) Participants (TNAP-Participant) – v2.1
* Indicates that applicants may select from two distinct sets of security criteria:
- DirectTrust Security criteria with Privacy based on HIPAA/HITECH, GDPR, CCPA, and Health and Wellness; and Security based on NIST 800-171 and NIST CSF (Cybersecurity Framework)
- HITRUST CSF Security Criteria, now updated to Version 9.6.2 of the HITRUST CSF
1Outsourced Services includes 10 different accreditation program options tailored for Accountable Care Organization Technology Service Providers; Call Centers; Data Centers; DRP Facilities; Health Information Exchange Technology Service Providers; Media Storage; Network Administrators; Printing; Product Development; and Scanning.
Healthcare industry stakeholders are encouraged to regularly visit www.directtrust.org to download and review the latest criteria versions in full detail. Applicant candidates commencing the accreditation or re-accreditation process in 2024 will be required to adhere to these updated criteria versions.
About DirectTrust
DirectTrust™ is a non-profit, vendor-neutral alliance dedicated to instilling trust in the exchange of health data. The organization serves as a forum for a consensus-driven community focused on health communication, an American National Standards Institute (ANSI) standards development organization, an accreditation and certification body through EHNAC (the Electronic Healthcare Network Accreditation Commission), and a developer of trust frameworks and supportive services for secure information exchange like Direct Secure Messaging and trusted, compliant document submission.
The goal of DirectTrust is to develop, promote, and, as necessary, help enforce the rules and best practices necessary to maintain privacy, security, and trust for stakeholders across and beyond healthcare. In addition, DirectTrust is committed to fostering widespread public confidence in the interoperable exchange of health information while promoting quality service, innovation, cooperation, and open competition in healthcare. To learn more, visit: DirectTrust.org.
