Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters
Blogs
Glossary
Guides
Videos

Follow us

GLOSSARY
HIPAA
HIPAA breach

What is a HIPAA breach?

A HIPAA breach is defined as the acquisition, access, use, or disclosure of protected health information (PHI) in a manner not permitted by HIPAA regulations, which compromises the security or privacy of the PHI. Impermissible use or disclosure of protected health information is presumed to be a breach unless it can be shown that the probability of protected health information having been compromised is low, based on a multifactor risk assessment. The risk assessment should review the nature and extent of the PHI involved; to whom the disclosure of PHI was made; whether the PHI was in fact acquired or viewed; and the extent to which the risk to the PHI was mitigated, among other elements.


In the event of a breach of unsecured PHI, the HIPAA Breach Notification Rule requires that covered entities communicate notification of the breach to any affected individuals, the U.S. Department of Health & Human Services, and in some cases, the media.


HIPAA compliance is required of organizations and employees who work in or with the healthcare industry, or who have access to protected health information. A covered entity or business associate that fails to adhere to one or more of the HIPAA Rules is in violation of HIPAA; organizations that violate the provisions of the HIPAA Rules may be penalized. Penalties for HIPAA breaches are strict and can significantly impact an organization’s finances and reputation.

Additional resources you might like:

Video
ISO 27001

ISO 27001:2022 What's changed and what it means for your business

In late 2022, ISO 27001 rolled out changes to the Annex A controls, minor updates to the clause language, modernized controls, as well as 12 new controls. Whether you have ISO 27001 and want to learn more about these updates, or are pursuing ISO for the first time, this on-demand webinar is for you. Join Matt Cooper, Senior Manager of Privacy, Risk, and Compliance at Vanta, and Steve Conley, IT Audit Director at Insight Assurance, to dive in.

Blog
Security

When is the right time for vulnerability scanning?

As new cybersecurity threats emerge, when is the right time for vulnerability scanning? We give an overview of how to time vulnerability scans for improved security.

Blog
Company news

Vanta crosses 500 raving reviews on G2

Vanta has crossed 500 reviews on G2. We've highlighted just a few comments from our customers and how they tie into Vanta’s core values.

The compliance news you need. Delivered securely to your inbox.

Subject to Vanta's Privacy Policy, you agree to allow Vanta to contact you via the email provided for marketing and other purposes

Everything you need to get compliance audit ready, fast.

GET STARTED TODAYGET STARTED TODAY

Vanta is the easy way to get and stay compliant. Thousands of fast-growing companies depend on Vanta to automate their security monitoring and get ready for security audits in weeks, not months. Simply connect your tools to Vanta, fix the gaps on your dashboard, and then work with a Vanta-trained auditor to complete your audit.

Products
SOC 2ISO 27001GDPRHIPAAPCI DSSCCPAAdditional FrameworksIntegrations
Customers
Customer Case Studies
Resources
BlogsGuidesGlossaryVideosAll Resources
Company
AboutCareersPressSecuritySystem StatusTrust Report
Manage CookiesTermsPrivacy