What can you tell me about the new HITRUST C-TAS information-sharing consortium? Does it in any way add to the HIPAA/HITECH compliance mandate?
Ask the Expert!
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)
The Health Information Trust Alliance (HITRUST) is a private consortium of healthcare organizations that offers a set of services related to the security and privacy of protected health information. It is not a government agency and has no power to require compliance with any programs or documents that it provides. Rather, it is a group of organizations subject to a number of requirements (HIPAA, ARRA, PCI DSS, COBIT, and so on) banding together to reduce the burden of compliance mandates.
The specific initiative you ask about, the HITRUST Cyber Threat Analysis Service (C-TAS), is an information-sharing collaboration that seeks to identify emerging and current threats to member organizations and disseminate information about those threats as quickly as possible. It also promises to coordinate the responses to specific threats among participating organizations and create best practice documents for the healthcare industry. While C-TAS might be a good source of information for HIPAA or HITECH-covered entities, it is by no means a compliance mandate.
Related Q&A from Mike Chapple, Enterprise Compliance
The HHS security risk assessment tool is designed to help healthcare providers meet the HIPAA security requirement. Expert Mike Chapple explains how ...continue reading
PCI DSS requirement 6.6 demands application security compliance through one of two options: an application firewall or a code review. Expert Mike ...continue reading
Are HIPAA-compliant hosting services a better option for compliance than a secure storage API? Expert Mike Chapple analyzes.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.