Criteria updates include new AI program, cyber resilience recommendations

WASHINGTON, DC / ACCESS Newswire / September 18, 2025 / DirectTrust®, a non-profit healthcare industry alliance focused on furthering trust in healthcare data exchange through standards, accreditation, and other services, today announced it has posted new versions of program criteria for its 28 accreditation programs for public review and comment. The open process for adopting criteria commenced on September 18 and closes on November 17, 2025.

A key update for 2026 is the launch of the new Artificial Intelligence (AI) Program, which is currently in its Beta phase (Artificial Intelligence v1.0-Beta). Based on the NIST AI Risk Management Framework (RMF) v1.0, the new program establishes criteria to assess organizations developing or deploying AI in healthcare, with a focus on transparency, risk management, and responsible innovation.

The organization's Privacy and Security criteria have also been updated across all programs that include these standards. Updates encompass new regulatory changes, including reproductive health and Substance Use Disorder (SUD) protections, as well as optional enhancements designed to support cyber resilience. These build on existing requirements covering HIPAA, Personal Health & Wellness Data (PHWD), General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA), ensuring accreditation programs remain aligned with the most current regulations and best practices.

"New criteria are typically developed in response to regulatory requirements or standards. This year, we also introduced enhanced cybersecurity practices informed by public reports and discussions with CISOs during our 2025 Annual Conference," said Lesley Berkeyheiser, Senior Director of Accreditation Strategy and Development. "Established in recognition of the increasing frequency of cyberattacks across the industry, the new optional practices allow organizations to demonstrate continued readiness and resilience, reinforcing the importance of proactive cybersecurity measures."

DirectTrust's accreditation and certification programs are governed by the organization's Electronic Healthcare Network Accreditation Commission (EHNAC). The criteria review process is an essential part of DirectTrust's methodology and commitment to transparency, allowing stakeholders involved with healthcare data exchange to voice their recommendations and help shape standards-based accreditation within the healthcare industry.

Criteria versions for the following 28 enhanced programs are available for review:

1. Accountable Care Organization v5.1*

2. Artificial Intelligence v1.0-Beta

3. Certificate Authority v2.2

4. CARIN Code of Conduct for Consumer-Facing Applications v1.1

5. Data Registry v5.1*

6. Digital Therapeutics v1.1

7. E-Prescribing Network v10.1*

8. Electronic Prescriptions for Controlled Substances Certification Program for Pharmacy Vendors v4.6

9. Electronic Prescriptions for Controlled Substances Certification Program for Prescribing Vendors v4.6

10. Financial Services Network v6.1*

11. Financial Services Lockbox v6.1*

12. Health App v2.1*

13. Health Information Exchange v5.1*

14. Health Information Services Provider (HISP) v2.2

15. Healthcare Network v14.1*

16. Healthcare Network for Medical Billers v5.1*

17. Healthcare Network for Third Party Administrators v5.1*

18. Identity Provider v1.1

19. Management Service Organization v5.1*

20. Outsourced Services v5.1*

21. Practice Management System v5.1*

22. Privacy and Security v3.1*

23. Registration Authority for Federal PKI v1.3

24. Registration Authority v1.3

25. UDAP Client App v1.2

26. UDAP Client App - Basic v1.2

27. UDAP Identity Provider Criteria v1.2

28. UDAP Server v1.2

Visit DirectTrust.org for additional details, or visit the organization's accreditation criteria page to review the latest criteria and submit feedback during this comment period.

^* Denote programs that contain DirectTrust's standard Privacy and Security criteria.

About DirectTrust®
DirectTrust® is a non-profit, vendor-neutral alliance dedicated to establishing trust in a connected world. The organization serves as a forum for a consensus-driven community focused on health communication and cybersecurity, an ANSI standards development organization, an accreditation and certification body governed by EHNAC, and a developer of technical trust frameworks and supportive services for secure information exchange like Direct Secure Messaging and identity-verified credentials.

The goal of DirectTrust is to develop, promote, and, as necessary, help enforce the rules and best practices necessary to maintain privacy, security, and trust for stakeholders across and beyond healthcare. In addition, DirectTrust is committed to fostering widespread public confidence in the interoperable exchange of health information while promoting quality service, innovation, cooperation, and open competition in healthcare. To learn more, visit: DirectTrust.org.

###

Press contact:
Dave Anderson
Anderson Interactive
dave@andersoni.com
770-401-1044

SOURCE: DirectTrust