The Trusted Network Accreditation Program (TNAP) is an industry collaboration that aligns with the 21st Century Cures Act and Trusted Exchange Framework and Common Agreement (TEFCA) to address ONC regulatory requirements and provide third-party accreditation for all relevant healthcare stakeholders. Within the regulations, TEFCA specifically calls for healthcare stakeholders to work with Standards Development Organizations (SDOs) – like EHNAC and HITRUST – to enable interoperability with easy onboarding through a trusted environment that demonstrates compliance with privacy and security requirements.
TEFCA will affect a diverse group of industry stakeholders including Qualified Health Information Networks (QHINs), Health Information Exchanges (HIEs), Accountable Care Organizations (ACOs), data registries, labs, providers, payers, vendors and suppliers – and TNAP has been designed to address their needs.
TNAP reviews organizations in the areas of privacy, security, mandated standards and operating rules, and key operational functions. The accreditation program assesses an organization’s ability to comply with privacy and security, HIPAA, HITECH including Omnibus Rule, ARRA and ACA legislative reform provisions as applicable, as well as technical performance, business processes and resource management. The comprehensive third-party review provides an additional level of confidence for QHINs and other organizations that are under competitive pressures to continually ensure compliance with regulatory requirements, business metrics and best practices.
The Trusted Network Accreditation Program ensures a consistent focus on privacy, security and other core industry requirements including a focus on organizational structure, delineation of third parties and their contractual and agency statuses, PHI data flow, business practices and management of human and physical resources. TNAP criteria is publicly reviewed and enhanced at a minimum of once per year, and more often when necessary due to regulatory requirements or other significant factors. In addition to EHNAC program requirements, each TNAP candidate must also obtain HITRUST CSF® Certification.
Developed through a coalition of industry collaborators, TNAP is:
- Built on the HITRUST CSF privacy and security framework
- Designed to affirm compliance with General Data Protection Regulation (GDPR) requirements
- Vendor and technology agnostic to support blockchain and other enabling technologies
- Administered by federally recognized accreditation leader EHNAC
TNAP-QHIN – provide Health Information Network services as defined by TEFCA, and wish to be acknowledged by the Recognized Coordinating Entity (RCE) as a Qualified Health Information Network. According to the Office of the National Coordinator as defined within the April 2019 released materials “A QHIN’s ability to operate successfully and efficiently is crucial to ensuring all Individuals and providers have appropriate and real-time access to EHI. Therefore, it is critical that QHINs fully understand the breadth and scope of their responsibilities before applying for QHIN Designation. Ensuring their capabilities and compliance to the Common Agreement through testing, rigorous on-boarding, and monitoring will be critical to ensure continuity of services among Participants and Participant Members. Organizations that apply to be a QHIN should do so with an understanding of the infrastructure and personnel necessary to support interoperability at a nationwide scale.”
TNAP-QHIN candidates must hold HITRUST CSF Validated Assessment with Certification.
NOTE: ONC/RCE approval is still necessary and entirely separate from the accreditation process.
TNAP-Participant/Participant Member – desire to be recognized as a Participant or as a Participant Member in the ONC trust Exchange Framework. According to the Office of the National Coordinator as defined within the April 2019 released materials, “Participants may include persons or entities that have entered into a contract to participate in a QHIN. Some examples of Participants could include, but are not limited to, a HIN, a health system, a health IT developer, a payer, or a federal agency.” Likewise ONC suggests the following: “Participant Members may include persons or entities that use the services of a Participant to send and receive EHI. For example, if a QHIN is composed of health information exchanges, the health information exchange would be the Participant, and those who use the health information exchange services, (such as health systems, ambulatory providers, health IT developers, payers, and others) are the Participant Members. Alternatively, a health IT developer could be a direct Participant of a QHIN, in which case, the Participant Members may be the provider practice that uses the health IT developer’s software or services.”
TNAP-Participant candidates must hold HITRUST CSF Validated Assessment with Certification.
NOTE: QHIN approval is still necessary and entirely separate from the accreditation process.
EHNAC follows a structured, transparent and industry-inclusive process that provides for continual improvement. Criteria for the Trusted Network Accreditation Program will be available on the EHNAC Criteria Page. To begin the application process for Trusted Network Accreditation Program, please email firstname.lastname@example.org or complete the application form.
Looking for more insights about TNAP? Check out the videos below or read the eBook “Breaking through the Data Dams” developed by EP3 Foundation and EHNAC.