The Electronic Healthcare Network Accreditation Commission (EHNAC), a non-profit standards-development organization and accrediting body for organizations that electronically exchange healthcare data, and DirectTrust, a non-profit trade alliance that advances secure health information exchange via the Direct Protocol, are developing an accreditation program for personal health record (PHR) and patient portal vendors.
This pilot accreditation program will assess these organizations on their ability to meet or exceed HIPAA privacy and security rules based upon the areas of security, privacy, and confidentiality, technical and personnel resources, best practices and compliance with HIPAA and the HITECH Omnibus Rule that updated HIPAA.
“Personal health record and patient portal vendors are the fastest growing new membership group within DirectTrust – and they deserve a rigorous accreditation program that recognizes the same level of data security and privacy as other organizations accredited by EHNAC-DirectTrust,” said DirectTrust President and CEO David C. Kibbe, MD. “The program that DirectTrust and EHNAC is piloting will provide assurance equivalent to and possibly beyond what HIPAA requires. For example, we’re looking into incorporating an encryption component for stored data, as well as two-factor authentication to further protect the customers of both PHR vendors and EHR vendors looking to develop their own portals.”
EHNAC Executive Director, Lee Barrett added, “We’re in an environment of increased angst over security and privacy issues – and with good reason. Today’s healthcare providers not only have access to a patient’s protected health information including financial data, but also insights into diagnoses, treatment plans, medications, etc. As patients take greater control over their own healthcare decisions and transition their health information to personal health records, they need to have confidence in all healthcare stakeholders that their data will remain secure and confidential. EHNAC and DirectTrust are working collaboratively to close that gap.”
PHR vendors looking to participate as a pilot organization and contribute to the development of the program are encouraged to contact [email protected] for more information.
