What can you tell me about the new HITRUST C-TAS information-sharing consortium? Does it in any way add to the HIPAA/HITECH compliance mandate?
Ask the Expert!
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)
The Health Information Trust Alliance (HITRUST) is a private consortium of healthcare organizations that offers a set of services related to the security and privacy of protected health information. It is not a government agency and has no power to require compliance with any programs or documents that it provides. Rather, it is a group of organizations subject to a number of requirements (HIPAA, ARRA, PCI DSS, COBIT, and so on) banding together to reduce the burden of compliance mandates.
The specific initiative you ask about, the HITRUST Cyber Threat Analysis Service (C-TAS), is an information-sharing collaboration that seeks to identify emerging and current threats to member organizations and disseminate information about those threats as quickly as possible. It also promises to coordinate the responses to specific threats among participating organizations and create best practice documents for the healthcare industry. While C-TAS might be a good source of information for HIPAA or HITECH-covered entities, it is by no means a compliance mandate.
This was first published in December 2012