Programs and Criteria
Our Programs
We’re proud to offer a wide variety of accreditation and certification programs! Learn more about each program through the links below.
Looking for our program Criteria? Find the Criteria for each accreditation and certification program at the bottom of this page.
Today’s Accountable Care Organizations (ACOs) have taken the lead in driving the value-based care model and placing the importance of improving patient outcomes above all else.
This program enables health plans, health systems, EHR vendors, implementers of HL7® FHIR®-based APIs, and third-party app developers to demonstrate their support of secure consumer access to health data.
This program recognizes that an organization operates at a very high level of privacy, security, and trust in identity, and signals to users/subscribers that it is a trustworthy agent and service provider for issuing certificates for Direct Secure Messaging. Accreditation also means that its anchor certificates may be included in the DirectTrust Network, and for use by relying parties in Direct exchange.
This program assesses health information and oversight for meeting privacy and security, HIPAA, HITECH, 21st Century Cures Act, Omnibus Rule and ACA requirements, as well as technical performance, business processes and resource management.
The Digital Therapeutic program is an add on to the Health App accreditation. Specifically, the program is for those who desire to demonstrate compliance with efficacy, data privacy and security requirements for digital therapeutics applications and platforms (DTx).
The Emergency Preparedness program is designed to enhance the resilience and readiness of healthcare providers, ensuring they meet the stringent requirements of the CMS Emergency Preparedness Rule. Developed through a strategic partnership with CAIPHI, the program consists of emergency preparedness policies, procedures, and guidance for hospitals, critical access hospitals, rural emergency hospitals, long term care, and hospice.
These programs assess electronic prescribing transactions for compliance with industry standards and government regulations and provide an organization’s existing and prospective customers with confidence that appropriate risk-based security and privacy controls are in place and key performance metrics are being met on an ongoing basis.
These programs ensure that your organization follows HIPAA security and privacy rules, supports ASC X12N 835 for electronic remittance advice transactions, and meets a range of criteria applicable specifically to financial electronic health networks. In addition, achieving accreditation assures your customers that their business partner follows industry-established standards for processing payment and other transactions involving protected health information.
The Health App Accreditation Program is designed for smartphone and web health apps and platforms to demonstrate compliance with HIPAA Privacy and Security, cybersecurity, and secure cloud use criteria. It also includes criteria for systems outside HIPAA, like FTC’s Health Breach Notification Rule. The program can be augmented with the CARIN Code of Conduct, Digital Therapeutics, and UDAP™️ accreditations.
This program assesses technical performance, business processes, and resource management.
This program recognizes that an organization operates at a very high level of privacy, security, and trust in identity, and signals to users/subscribers that it is a trustworthy agent and service provider for Direct Secure Messaging.
These accreditation programs indicate that you exceed industry-established standards and comply with HIPAA regulations in areas such as privacy and confidentiality measures, level-of-service and escalation procedures, transaction response times, and systems availability.
This program assesses organizations that offer centralized administrative and hosted technology services. This includes organizations that provide electronic health record systems for healthcare providers, ensuring that protected health information (PHI) is stored, accessed and/or transmitted in a private and secure manner. Other areas of focus for this program include privacy and confidentiality, technical performance, business processes, resources, and security.
These programs assess your organization in areas such as privacy and confidentiality measures, level-of-service and escalation procedures, transaction response times, and systems availability. It also assesses the security infrastructure and data integrity measures including disaster recovery, business continuity, contingency plans, and intrusion detection and response.
The program provides a comprehensive review of Practice Management System vendors in the areas of privacy, security, mandated standards, and operating rules, as well as key operational functions.
This program accredits organizations against our core criteria including privacy and security, customer service, business practices, personnel requirements, third-party cloud service providers, and more.
This program recognizes that an organization operates at a very high level of privacy, security, and trust in identity, and signals to users/subscribers that it is a trustworthy agent and service provider for Direct Secure Messaging. Accreditation also means that its anchor certificates may be included in the DirectTrust Network, and for use by relying parties in Direct exchange.
This program provides third-party review with accreditation for Trusted Exchange participants, rights management, as well as compliance with TEFCA regulatory requirements.
This program is designed to help healthcare organizations demonstrate their ability to use trusted digital certificates for endpoint identity, registration, authentication, and attribute discovery for electronic healthcare transactions in real-time.All of the DirectTrust criteria can be downloaded from this page by selecting the program you are interested in. If this is an updated version, it will have the accompanying Release Notes, which indicate changes in the criteria from the previous version.
DirectTrust Assessors use a rating method to determine overall compliance with criteria. Applicants in candidacy status must meet the requirements of all MANDATORY criteria and must achieve an overall score of at least 85%, including responses to all non-mandatory criteria, to achieve full accreditation (subject to Commission approval). The Assessor will assign a score of 0 – 5 (in whole numbers) for each criterion in scope, based upon an applicant’s ability to demonstrate compliance. A score of 0 through 3 results in “Not Met” and a score of 4 or 5 results in “Met” in the final report. All Mandatory criteria must achieve a score of 4 or 5 or the entire accreditation fails.