DirectTrust Launches Health App Accreditation Program


DirectTrust™, a non-profit healthcare industry alliance, standards development, and accreditation body focused on advancing trust in health and social care announced the launch of the Health App Accreditation Program. The Health App Accreditation Program is the result of refactoring the criteria of the Trusted Dynamic Registration & Authentication Accreditation Programs (TDRAAP) into several different programs to better align with the needs of health app developer stakeholders seeking accreditation.

“We’re excited to launch an accreditation specifically created for Health App stakeholder criteria. TDRAAP was developed several years ago to address many similar criteria, and since then the standard that supports these capabilities, UDAP™, has continued to gain industry-wide recognition,” said Scott Stuewe, President and CEO of DirectTrust. “Taking the current environment into consideration, we believe a general Health App accreditation is needed, as well as restructuring the elements related to UDAP into their own unique accreditation programs. Creating and realigning these programs enhances our commitment to advancing trust in health data exchange for all stakeholders.”

The previous program criteria part of TDRAAP-Comprehensive are restructured into the following base programs and UDAP component programs:

· Health App Accreditation (paired optionally with UDAP Client App and/or UDAP Server)
· Privacy and Security (paired optionally with UDAP Server)
· CARIN Code of Conduct for Consumer-Facing Applications
· UDAP Identity Provider (paired with a base program under development)

While the elements of the TDRAAP-Basic program will remain unchanged, it will now be called UDAP Client App-Basic.

Lee Barrett, Commission Executive Director, DirectTrust provided additional insight: “As the industry continues to evolve, it became clear that TDRAAP needed better alignment with its purpose. The new Health App Accreditation Program achieves exactly this. The new program structure supports both FHIR®-based business-to-business exchange and patient and consumer use of health apps – regardless of form factor or whether they operate within the HIPAA context or not.”

DirectTrust’s accreditation and certification programs are governed by the organization’s Electronic Healthcare Network Accreditation Commission (EHNAC) and set the foundational requirements for measuring an organization’s ability to meet/align with federal and state healthcare reform mandates such as HIPAA/HITECH, 21st Century Cures Act, TEFCA and more. In addition, these programs ensure that healthcare organizations meet or exceed digital identity guidelines like NIST SP 800-63 across the areas of trust, privacy, security, cybersecurity, breach handling, confidentiality, best practices, procedures and assets.