Skip to main content

Code of Conduct Unveiled for Healthcare Data Exchange

Analysis  |  By Scott Mace  
   October 14, 2022

EHNAC and CARIN have collaborated on a guide for healthcare providers, insurers, developers, and app developers.

Two influential developers of healthcare data standards have created a common code of conduct to help consumers control the exchange of their health data.

The CARIN Code of Conduct Accreditation Program (CCCAP) brings CARIN's code of conduct together with the criteria review process of EHNAC to accelerate health data exchange activities of health plans, health systems, EHR vendors, implementers of HL7 FHIR-based application programming interfaces (APIs), and third-party app developers.

The collaboration is intended to support additional levels of trust related to consumer access to health data.

The CARIN Alliance works with more than 80 stakeholders to enable consumers to obtain, use, and share their digital health information as they desire. The Electronic Healthcare Network Accreditation Committee (EHNAC) is a standards development organization that develops criteria for standards and accredits organizations that exchange healthcare data via electronic means.

“We envision a future where any consumer can choose an application of their choice to retrieve both their complete health record and their complete claims information from any provider or plan in the country using HL7 FHIR APIs, and the CARIN Code of Conduct has been instrumental in helping to advance these efforts,” Ryan Howells, program manager for the CARIN Alliance and principal at Leavitt Partners, CARIN's convener, said in a press release.

This past July, the Centers for Medicare & Medicaid Services (CMS) commenced enforcement of key components of the Interoperability and Patient Access final rule – a key federal initiative intended to accelerate the ability for individuals to access their personal health information via an application of choice leveraging HL7 FHIR APIs. As part of the rule, CMS gave payers the option to implement an attestation framework asking developers to describe the data practices and privacy provisions of the applications that are connecting to the HL7 FHIR APIs.

This new voluntary certification program builds on the CARIN code of conduct self-attestation approach, but is not required by CMS or CARIN, the organizations said.

“Since the CARIN Alliance launched, which provides the ability for applications to self-attest to the CARIN code of conduct, it’s been important to continue to collaborate on implementing and fostering adoption of an industry-wide consumer-facing application attestation and certification framework," said Lee Barrett, executive director and CEO of EHNAC. "This includes focusing on providing the highest level of stakeholder trust for all healthcare stakeholders – patients, providers, health plans, third-party app developers, and many others."

Stakeholders who attain CARIN code of conduct accreditation will be listed on the CARIN My Health Application site and the EHNAC Accredited Companies page. Already, multiple consumer-facing applications who have attested to the CARIN Code of Conduct are listed on the website

Scott Mace is a contributing writer for HealthLeaders.

Get the latest on healthcare leadership in your inbox.