Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

What is a HIPAA-covered entity?

A HIPAA-covered entity is an individual, organization, or agency to which the HIPAA Rules apply; covered entities include health care providers, health plans, and health care clearinghouses. 


Health care providers include those providers who electronically submit HIPAA transactions like claims. Providers include but are not limited to: 

  • Doctors
  • Clinics
  • Psychologists
  • Dentists
  • Chiropractors
  • Nursing homes
  • Pharmacies 


For HIPAA purposes, health plans include:

  • Health insurance companies
  • HMOs or health maintenance organizations
  • Employer-sponsored health plans
  • Government programs that pay for health care, like Medicare, Medicaid, and military and veterans’ health programs


Health care clearinghouses are public or private entities that process or facilitate the processing of nonstandard health information into standard data elements on behalf of other organizations.


HIPAA Rules apply to covered entities as well as business associates. If a covered entity engages a business associate to help carry out health care activities and functions, the covered entity must have a written business associate contract or other arrangement with the business associate that establishes what the business associate has been engaged to do, and requires the business associate to comply with HIPAA.

Additional resources you might like:

Compliance
Event
Fostering a culture of security in an AI world

Join our expert-led session to explore strategies for embedding a security-first culture in an AI-driven world. We'll address unique challenges and share actionable insights to help safeguard your organization.

Compliance
Event
Strategies for scaling your GRC program with automation and AI

As your business grows, there are increasing demands around GRC programs. Join us live, as we discuss what to consider when scaling your GRC program.

Security
Event
How Trust Centers Help Save Time and Accelerate Sales

Join us on October 3rd to discover how trust centers enhance customer confidence, streamline security processes, and drive sales growth, based on IDC’s latest research.

Additional resources you might like:

Compliance
Event
Fostering a culture of security in an AI world

Join our expert-led session to explore strategies for embedding a security-first culture in an AI-driven world. We'll address unique challenges and share actionable insights to help safeguard your organization.

Compliance
Event
Strategies for scaling your GRC program with automation and AI

As your business grows, there are increasing demands around GRC programs. Join us live, as we discuss what to consider when scaling your GRC program.

Security
Event
How Trust Centers Help Save Time and Accelerate Sales

Join us on October 3rd to discover how trust centers enhance customer confidence, streamline security processes, and drive sales growth, based on IDC’s latest research.

Compliance
Event
Streamline governance, risk, and compliance workflows and save hours

Join us to learn how Vanta can streamline governance, risk, and compliance workflows, automate control monitoring, and help your team save valuable time.

Compliance
Event
How to streamline ISO 27001 and SOC 2 compliance with automation

Join Vanta’s 45-minute live product demo to learn how Vanta can help you achieve security standards like ISO 27001 or SOC 2 move towards a state of continuous compliance.

Product updates
Blog
Vanta’s latest product capabilities accelerate compliance for startups

For startups, Vanta has what you need to get compliant fast and stay compliant with ease in one integrated platform.

Product updates
Event
The Future of GRC

Join our virtual event broadcast to hear product updates and renowned security experts on the future of GRC.

Compliance
Event
Save time on security reviews with Questionnaire Automation & Trust Center

Join us to learn how Questionnaire Automation & Trust Center help security teams with questionnaires.

HIPAA
Event
Choosing the right HITRUST certification level and streamlining implementation

As an authorized reseller, Vanta’s pre-built HITRUST solution natively includes the necessary controls, documents, and policies - eliminating the manual “do-it-yourself” approach that other platforms require. Curious to see this in action? Join Vanta and HITRUST for a live session!