Chain+of+Trust+-+COT


 * Chain of Trust (COT) **


 * Description: ** The chain of trust (COT) is described as a process of secure information management between associates. One entity develops, receives, or maintains a set of protected health information (PHI) that allows the entity to create a contract that provides services or performs functions with regards to the PHI between the first entity and the second. This establishes the two entities as business associates (Christiansen, 2013). As a part of the [|modifications to HIPAA privacy under the HITECH act] , business associates are made directly liable for HIPAA privacy compliance. Chain of trust will also aid in the development of tools to further increase information security. Malware is becoming more and more dynamic. It can come from many different perspectives--from a highly developed phishing email to a simple social media scam. The COT process can help prevent cyber-crime by creating information management standards that reduce risk of data loss / loss of data integrity. After a COT is established, data can be flexibly transferred/managed within the secure process.

**Applications:** The COT is used to ensure patient data integrity and protect both a health organization's and an individual's health records. These measures help define who is responsible for information security. In the healthcare industry, COT can be used to safely transfer patient data to another health organization via digitally signed electronic records. This secure electronic data would be transferred through existing EHR systems that are conterminous with the meaningful use guidelines. The application of COT works in conjunction with the HIPAA security rule, which requires administrative, physical, and technical safeguards for optimum PHI management ( Wimalasiri, 2005 ). COT is in effect when a business associates security levels matches or exceeds that of the original business associate while managing PHI. The interaction between healthcare organizations must be regulated by a contractual agreement--a chain of trust agreement (COTA)--in order to enforce the data security and integrity standards established through the COT.

[|HITECH Revisions (2013): Department of Human & Health Services] [|Cybersecurity Groups Launch 'Chain of Trust' Initiative to Combat Malware] [|Business Associates under the HITECH Megarule: A Chain of Trust with Teeth]
 * Web Resources: **

COTA (Chain of Trust Agreement) PHI (Protected health information) HITECH (Health Information Technology for Economic and Clinical Health Act) <span style="font-family: 'Times New Roman',Times,serif; font-size: 110%;">HIPAA (Health Insurance Portability and Accountability Act of 1996) <span style="font-family: 'Times New Roman',Times,serif; font-size: 110%;">TPA (Trading Partner Agreement) <span style="font-family: 'Times New Roman',Times,serif; font-size: 110%;">NCSA (National Cyber Security Alliance)
 * <span style="font-family: 'Times New Roman',Times,serif; font-size: 110%;">Related Terminology: **

<span style="font-family: 'Times New Roman',Times,serif; font-size: 110%;">Christiansen, J. (2013). Business associates under the HITECH megarule: a chain of trust with teeth.
 * <span style="font-family: 'Times New Roman',Times,serif; font-size: 110%;">Citations/References: **

<span style="font-family: 'Times New Roman',Times,serif; font-size: 110%;">Ray, P., & Wimalasiri, J. (2006). The need for technical solutions for maintaining the privacy of EHR, Engineering in Medicine and Biology Society, 4686-4689, doi: 10.1109/IEMBS.2006.260862

<span style="font-family: 'Times New Roman',Times,serif; font-size: 110%;">Wimalasiri, J.S.; Ray, P.; Wilson, C.S. (2005). Security of electronic health records based on Web services, Enterprise networking and Computing in Healthcare Industry, 91-95, 23-25, doi: 10.1109/HEALTH.2005.1500401

<span style="font-family: 'Times New Roman',Times,serif; font-size: 110%;">Cybersecurity groups launch 'chain of trust' initiative to combat malware (2009). NewsRX LLC.

[|HIPAA Image]