The Electronic Healthcare Network Accreditation Commission (EHNAC), a non-profit, federally recognized standards development organization and accrediting body for organizations that electronically exchange healthcare data, announced it is developing an accreditation program for data registries to ensure that these entities meet the privacy and security obligations expected of all large-scale handlers of protected health information (PHI). EHNAC's Data Registry Accreditation Program (DRAP) will establish a trust framework between stakeholders to ensure a common level of system functionality across the industry.

In response to the privacy and security challenges of healthcare data submission of this kind, the comprehensive third-party review provides an additional level of confidence for organizations that are under industry competitive pressures to demonstrate the rigor and structure of the registry database as envisioned and supported by the Centers for Medicare and Medicaid Services (CMS). The program is designed for data registries that provide these services to their stakeholders which can include health information exchanges (HIEs), regional extension centers (RECs) as well as other healthcare providers, healthcare payers, CMS and other government and state entities.

"CMS's mandated use of Qualified Data Registries to report Clinical Quality Measures (CQMs) associated with Meaningful Use, PQRS, GPRO, DSRIP, HEDIS, CHIPRA, etc. spotlights the need to ensure that these entities meet the industry needs in the areas of privacy, security and key operational functions, just as we would traditional vendors," said Lee Barrett, executive director of EHNAC.

Aside from the registries mentioned above, several new registries are being established as part of the proposed Meaningful Use Stage 3 rules.

These are generally gathered by CMS into general headings such as: Immunization Registry, Syndromic Surveillance Registry, Case Reporting Registry, Other Public Health Registries, Clinical Data Registry and Lab Registry. There is also the capacity for specialist providers to create their own registry dedicated to gathering, sharing and reporting on specific conditions, syndromes and diseases.

These registries will handle the most sensitive patient data and be used to help meet the goal of the U.S. Department of Health & Human Services of tying 30 percent of traditional, or fee-for-service, Medicare payments to quality or value through alternative payment models, such as Accountable Care Organizations (ACOs) or bundled  payment arrangements by the end of 2016, and tying 50 percent of payments to these models by the end of 2018. In response to this new provider payment structure, EHNAC anticipates that the need for  registries by institutional and professional providers, specialists and their trade associations, healthcare payers, federal and state governments will explode in the next few years.

Barrett continued: "Unfortunately, there has been no means to determine if these registries have the necessary protections in place to handle the many privacy and security challenges that they will face. This is the reason why EHNAC is developing this program - to offer the same level of privacy and security assurances through accreditation that have driven other healthcare sectors for more than 20 years."

This new program, developed by industry peers, includes the criteria, standards and framework for creating a core set of requirements for compliance. In addition, DRAP:

  -- Ensures stakeholder trust for managing the registry credentials used between exchange users;

  -- Reviews the key functions of structure, portability, interoperability, clinical integration, compliance monitoring, reporting and industry certification/accreditation; and

  -- Serves as a baseline standard for stakeholders to assure compliance with CMS requirements and guidelines.