EHNAC and CARIN Alliance launch new accreditation program

The Electronic Healthcare Network Accreditation Commission and The CARIN Alliance have partnered to bring both the CARIN Code of Conduct and EHNAC’s criteria review process to health plans, health systems, EHR vendors and others for reporting to the Centers for Medicare & Medicaid Services on their data practices and privacy protections.


EHNAC, the standards development organization and accrediting body for electronically exchanged healthcare data, and the multi-sector collaborative CARIN Alliance have created the CARIN Code of Conduct Accreditation Program to advance the interoperability of health information and comply with data standardization requirements.

Last July, the Centers for Medicare and Medicaid Services began enforcing key components of its Interoperability and Patient Access final rule, which is aimed at accelerating the ability for individuals to access their personal health information via an application of their choice leveraging HL7’s FHIR application programming interface. 

CMS has provided payers with the option to implement a framework to show that they are connecting to HL7 FHIR APIs.

“While the certification program is not required by policymakers or CARIN, we are pleased to partner with EHNAC to create an exceptional third-party accreditation program built on the foundation of the CARIN Code of Conduct which has become the industry’s de facto standard for applications not covered by HIPAA, and the only code named in federal regulation as an ‘industry best practice,” said Ryan Howells, program manager for the CARIN Alliance and principal at Leavitt Partners, in the announcement.

The new voluntary certification program builds on the CARIN Code of Conduct approach but is not required by CMS or CARIN, according to the announcement.

Since the CARIN Alliance launched allowing payers, providers and developers to self-attest to the CARIN Code of Conduct, it’s been working to develop and disseminate an industry-wide consumer-facing application attestation and certification framework. 

“This includes focusing on providing the highest level of stakeholder trust for all healthcare stakeholders – patients, providers, health plans, third-party app developers, and many others,” added Lee Barrett, executive director and CEO of EHNAC. 

Stakeholders who attain CARIN Code of Conduct Accreditation will be listed on the CARIN My Health Application site and the EHNAC Accredited Companies page. 

Consumer-facing applications that have attested to the CARIN Code of Conduct on the CARIN website are to be included in the first cohort for the accreditation program.

Also of note, EHNAC has updated its Trusted Dynamic Registration & Authentication Accreditation Program (TDRAAP) and the Trusted Network Accreditation Program (TNAP) to align with the CARIN Code of Conduct criteria for applicable organizations.


Last year, EHNAC worked with the Council for Affordable Quality Healthcare to help encourage application developers and healthcare organizations to show their ability to use trusted digital certificates for endpoint identity, registration and authentication.

They designed TDRAAP accreditation to affirm an app’s technical and security credentials and give health plans the confidence they need to connect and share member data.

“The ability to efficiently register and authenticate endpoints is a core component of healthcare interoperability,” Barrett said in a statement in 2021.

The Interoperability and Patient Access rule requires CMS-regulated health plans to allow consumers to access the transfer their health information through third-party applications.

The CARIN Alliance works across the public and private sectors on compliance with digital health information sharing. In early 2021, the alliance worked with a number of healthcare organizations to develop a standard digital record model for organizations administering COVID-19 vaccines.


“We envision a future where any consumer can choose an application of their choice to retrieve both their complete health record and their complete claims information from any provider or plan in the country using HL7 FHIR APIs,” said Howells.

Andrea Fox is senior editor of Healthcare IT News.
Email: [email protected]

Healthcare IT News is a HIMSS publication.

Source: Read Full Article