GLOSSARY

HIPAA

Terms

Annex A Controls

Attestation of Compliance (AOC)

California Consumer Privacy Act (CCPA)

Compliance risk management

Cardholder Data (CHD)

Cardholder Data Environment (CDE)

Compliance software

General Data Protection Regulation (GDPR)

HIPAA Business Associates

HIPAA Compliance

HIPAA Covered Entities

HIPAA employee training

HIPAA Risk Assessment

HIPAA Rules: Breach Notification Rule

HIPAA Rules: Enforcement Rule

HIPAA Rules: Omnibus Rule

HIPAA Rules: Privacy Rule

HIPAA Rules: Security Rule

HIPAA Safeguards

HIPAA Sanctions

Health Information Technology for Economic and Clinical Health Act (HITECH)

ISMS Governing Body

ISO 27001 security standard

ISO 27001 Internal Audit

ISO 27001 Key Performance Indicators (KPIs)

ISO 27001 Management Review

ISO 27001 Nonconformities

ISO 27001 Risk Assessment

ISO 27001 Risk Treatment Plan

ISO 27001 Stage 1 Audit

ISO 27001 Stage 2 Audit

IT security policy

Information Security Management System (ISMS)

NIST Cybersecurity Framework (CSF)

Protected health information

Payment Card Industry Data Security Standard (PCI DSS)

Qualified Security Assessor (QSA)

Report on Compliance (ROC)

Security questionnaire

SOC 2 Type I report

SOC 2 Type II report

SOC 2 compliance

SOC Trust Services Criteria

Self-Assessment Questionnaire (SAQ)

Service Provider

Statement of Applicability

Vendor assessment

Vendor management policy

What is HIPAA?

‍

HIPAA is the acronym for the Health Insurance Portability and Accountability Act passed by Congress in 1996. HIPAA helps by:

‍

Providing the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs;
Reducing health care fraud and abuse;
Mandating industry-wide standards for health care information on electronic billing and other processes;
Requiring the protection and confidential handling of protected health information

‍

HIPAA compliance is relevant to Covered Entities and Business Associates. Covered Entities include the following:

‍

Healthcare providers - Hospitals, doctors, clinics, psychologists, dentists, chiropractors, nursing homes, and pharmacies
Health plans - health insurance companies, HMOs, company health plans, Medicare, and Medicaid
Healthcare clearinghouses - an entity that takes in information from a healthcare entity, puts the data into a standard format, and then returns the information to another healthcare entity.

‍

Business Associates are vendors or subcontractors who have access to private health information (PHI). If your company stores or processes PHI, you should be HIPAA compliant.