What can you tell me about the new HITRUST C-TAS information-sharing consortium? Does it in any way add to the HIPAA/HITECH compliance mandate?
Ask the Expert!
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)
The Health Information Trust Alliance (HITRUST) is a private consortium of healthcare organizations that offers a set of services related to the security and privacy of protected health information. It is not a government agency and has no power to require compliance with any programs or documents that it provides. Rather, it is a group of organizations subject to a number of requirements (HIPAA, ARRA, PCI DSS, COBIT, and so on) banding together to reduce the burden of compliance mandates.
The specific initiative you ask about, the HITRUST Cyber Threat Analysis Service (C-TAS), is an information-sharing collaboration that seeks to identify emerging and current threats to member organizations and disseminate information about those threats as quickly as possible. It also promises to coordinate the responses to specific threats among participating organizations and create best practice documents for the healthcare industry. While C-TAS might be a good source of information for HIPAA or HITECH-covered entities, it is by no means a compliance mandate.
Dig deeper on Data Privacy and Protection
Related Q&A from Mike Chapple, Enterprise Compliance
Social media compliance is not typically considered a big issue for companies, but expert Mike Chapple explains why it should be.continue reading
Metadata tagging is not just for security. Expert Mike Chapple explains how tagging tools can be used to achieve PCI DSS compliance.continue reading
Before using the HIPAA-compliant cloud services from Google, there are some things companies need to know, according to expert Mike Chapple.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.