Updates for 2026 include a new Artificial Intelligence (AI) accreditation program and enhanced privacy, security, and cyber resilience criteria

WASHINGTON, DC / ACCESS Newswire / January 5, 2026 / DirectTrust^®, a non-profit healthcare industry alliance focused on furthering trust in healthcare technology and data exchange through standards, accreditation, and other services, announced the release of new versions of program criteria for its 28 accreditation programs starting January 1, 2026.

A key update for 2026 is the introduction of the new Artificial Intelligence (AI) Program, currently in Beta, with multiple organizations participating in early implementation and feedback. Based on the NIST AI Risk Management Framework (RMF) v1.0, the program establishes criteria to assess organizations developing or deploying AI in healthcare, with a focus on transparency, risk management, and responsible innovation. Organizations that are exploring or just beginning use of AI can gain great insight from going through this program at a foundational level. As they mature and implement ongoing measurement and monitoring, opting for the more comprehensive criteria will be appropriate.

DirectTrust's privacy criteria have been updated across all relevant programs to incorporate changes to regulations regarding reproductive health data and Substance Use Disorders information, while continuing to cover HIPAA, Personal Health & Wellness Data (PHWD), the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).

On the security side, updated criteria reflect the latest regulatory changes and industry best practices. These changes build on DirectTrust's longstanding alignment with foundational security requirements and ensure programs remain current with evolving expectations for privacy and data protection across healthcare.

The updated criteria also introduce optional enhancements designed to support cyber resilience, enabling organizations to demonstrate strengthened readiness and proactive security practices.

Following the standard public review and comment period, DirectTrust's Criteria Council and the Electronic Healthcare Network Accreditation Commission (EHNAC) have incorporated community feedback to finalize and adopt the enhanced 2026 criteria versions for the following 28 accreditation programs:

1. Accountable Care Organization v5.1*

2. Artificial Intelligence v1.0-Beta

3. Certificate Authority v2.2

4. CARIN Code of Conduct for Consumer-Facing Applications v1.1

5. Data Registry v5.1*

6. Digital Therapeutics v1.1

7. E-Prescribing Network v10.1*

8. Electronic Prescriptions for Controlled Substances Certification Program for Pharmacy Vendors v4.6

9. Electronic Prescriptions for Controlled Substances Certification Program for Prescribing Vendors v4.6

10. Financial Services Network v6.1*

11. Financial Services Lockbox v6.1*

12. Health App v2.1*

13. Health Information Exchange v5.1*

14. Health Information Services Provider (HISP) v2.2

15. Healthcare Network v14.1*

16. Healthcare Network for Medical Billers v5.1*

17. Healthcare Network for Third Party Administrators v5.1*

18. Identity Provider v1.1

19. Management Service Organization v5.1*

20. Outsourced Services v5.1*

21. Practice Management System v5.1*

22. Privacy and Security v3.1*

23. Registration Authority for Federal PKI v1.3

24. Registration Authority v1.3

25. UDAP Client App v1.2

26. UDAP Client App - Basic v1.2

27. UDAP Identity Provider Criteria v1.2

28. UDAP Server v1.2

^* Denotes programs that contain DirectTrust's standard Privacy and Security criteria.

DirectTrust's accreditation and certification programs are governed by the organization's Electronic Healthcare Network Accreditation Commission (EHNAC). Visit the DirectTrust Commission's criteria page for additional details.

About DirectTrust^®
DirectTrust® is a non-profit, vendor-neutral alliance dedicated to establishing trust in a connected world. The organization serves as a forum for a consensus-driven community focused on health communication and cybersecurity, an ANSI standards development organization, an accreditation and certification body governed by EHNAC, and a developer of technical trust frameworks and supportive services for secure information exchange like Direct Secure Messaging and identity-verified credentials.

The goal of DirectTrust is to develop, promote, and, as necessary, help enforce the rules and best practices necessary to maintain privacy, security, and trust for stakeholders across and beyond healthcare. In addition, DirectTrust is committed to fostering widespread public confidence in the interoperable exchange of health information while promoting quality service, innovation, cooperation, and open competition in healthcare. To learn more, visit: DirectTrust.org.

Media contact:
Dave Anderson
andersoni.com
dave@andersoni.com

SOURCE: DirectTrust