CMS recognizes EHNAC program as evidence of appropriate security for data at the point-of- care program

May 8, 2020

The Electronic Healthcare Network Accreditation Commission (EHNAC) announced its HNAP program has been recognized as evidence that an organization has met the security requirements for the Data at the Point of Care pilot.

In order to use the program's Data APIs, CMS has mandated that providers must provide evidence that their electronic health record (EHR) software meets one or more specific security requirements, which includes achieving EHNAC HNAP accreditation.

"Earlier this year, CMS issued a transformative rule that will provide Medicare beneficiaries with unprecedented safe, secure access to their health data so they can make informed healthcare decisions and better manage their care. Data at the Point of Care is an important program aimed at meeting that goal by driving EHR interoperability across all CMS initiatives," said Lee Barrett, CEO and Executive Director, EHNAC. "We are pleased that EHNAC's HNAP program has been recognized as a means to ensure secure patient and provider access to Medicare claims data, while adhering to stringent industry-established standards along with HIPAA regulations."

Part of the MyHealthEData initiative, Data at the Point of Care builds on the agency's Blue Button 2.0 work and enables providers to deliver high quality care directly to Medicare beneficiaries by making a patient's Medicare claims data available to the provider for treatment needs. The information can be accessed in existing workflows without logging into another application or portal. Claims data can be used to confirm information, fill in gaps in care, and improve patient safety. The claims data is provided using the industry-standard HL7 Fast Healthcare Interoperability Resources (FHIR) resources, specifically the Bulk FHIR specification.

"Significant progress has been made with adoption of FHIR as the industry works collaboratively towards achieving the important goal of interoperability. For the Data at the Point of Care program, CMS has recognized that FHIR is an industry standard that best supports an EHR's ability to securely share data between patients and providers," added Barrett who also serves as a member of the Executive Steering Committee for ONC's Payer + Provider FAST FHIR Task Force.

The EHNAC criteria for each of its accreditation programs establishes the foundational requirements for measuring an organization's ability to meet federal and state healthcare reform mandates such as HIPAA, 21st Century Cures, Omnibus, ARRA/HITECH, ACA and other mandates for covered entities and business associates focusing on the areas of privacy, security, confidentiality, best practices, procedures and assets.

EHNAC has the story.