The Electronic Healthcare Network Accreditation Commission (EHNAC) is working with the CARIN Alliance on a code of conduct accreditation program in an effort to support additional levels of trust related to consumer access to health data.
An HL7 FHIR accelerator program, the CARIN Alliance is a multi-sector collaborative convened by Leavitt Partners and more than 80 stakeholders, to advance the adoption of consumer-directed exchange across the U.S. It is working to advance the ability for consumers and their authorized caregivers to easily get, use, and share their digital health information.
The nonprofit EHNAC accredits organizations that electronically exchange healthcare data, including accountable care organizations, data registries, electronic health networks, e-prescribing solution providers, and health information exchanges, The commission is an authorized HITRUST CSF Assessor, making it the only organization with the ability to provide both EHNAC accreditation and HITRUST CSF certification.
The CARIN Code of Conduct Accreditation Program is set to bring both the CARIN Code of Conduct and EHNAC’s criteria review process to health plans, health systems, EHR vendors, implementers of FHIR-based application programming interfaces (APIs), and third-party app developers.
“We envision a future where any consumer can choose an application of their choice to retrieve both their complete health record and their complete claims information from any provider or plan in the country using HL7 FHIR APIs, and the CARIN Code of Conduct has been instrumental in helping to advance these efforts,” said Ryan Howells, program manager for the CARIN Alliance and principal at Leavitt Partners, in a statement. “While the certification program is not required by policy makers or CARIN, we are pleased to partner with EHNAC to create an exceptional third-party accreditation program built on the foundation of the CARIN Code of Conduct, which has become the industry’s de facto standard for applications not covered by HIPAA and the only code named in federal regulation as an ‘industry best practice.’”
Last July, the Centers for Medicare & Medicaid Services (CMS) began enforcing key components of the Interoperability and Patient Access final – one of several key federal initiatives aimed at accelerating the ability for individuals to access their personal health information via an application of choice leveraging FHIR APIs. CMS provided an option for payers to implement an attestation framework asking developers to describe the data practices and privacy provisions of the applications that are connecting to the FHIR APIs. This new voluntary certification program builds on the CARIN Code of Conduct’s already established self-attestation approach but is not required by CMS or CARIN.
“Since the CARIN Alliance launched MyHealthApplication.com, which provides the ability for applications to self-attest to the CARIN Code of Conduct, it’s been important to continue to collaborate on implementing and fostering adoption of an industry-wide consumer-facing application attestation and certification framework,” said Lee Barrett, executive director and CEO of EHNAC, in a statement. “This includes focusing on providing the highest level of stakeholder trust for all healthcare stakeholders – patients, providers, health plans, third-party app developers, and many others. We believe this partnership with the CARIN Alliance to develop a voluntary certification program is the next step in that process.”
In addition to this launch of the CARIN Code of Conduct accreditation program, EHNAC has updated its Trusted Dynamic Registration & Authentication Accreditation Program (TDRAAP) and the Trusted Network Accreditation Program (TNAP) to align with the CARIN Code of Conduct criteria for applicable organizations.
Stakeholders who attain CARIN Code of Conduct Accreditation will be listed on the CARIN My Health Application site and the EHNAC Accredited Companies page. EHNAC and the CARIN Alliance have already identified multiple consumer-facing applications who have attested to the CARIN Code of Conduct on the MyHealthApplication.com website to be included in the first cohort so they can provide feedback on this new program.
