Glossary of Compliance
Compliance Glossary
Our list of curated compliance glossary offers everything you to know about compliance in one place.
A
Availability
BAA
Business Associates
Covered Entities
Data Use Agreement
De-Identified Information
Designated Record Set
DHS
Direct Treatment Relationships
Disaster Recovery Plan
Electronic Media
Emergency Mode Operations Plan
EMO Plan
ePHI
External Entity
Facility Security Plan
Health Care Clearinghouse
Health Care Component
Health Care Provider
HHS
HIC
HIPAA Liaison
Hybrid Entity
Limited Data Set
OCR
PHI
Physical Safeguards
Privacy Official
Public Health Activities
Risk Assessment
Risk Management
Security Official
SRA Tool
Subcontractors
Unsecured Protected Health Information

Sprinto: Your growth superpower
Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

BAA
A Business Associate Agreement (BAA) is a signed agreement between covered entities and business associates. HIPAA privacy rule mandates that covered entities who share PHI with third party service providers specify the responsibilities of each party to secure PHI. A BAA must describe the permitted rules to use or disclose PHI and require the business…
External Entity
An external entity could imply any individual, organization or government body other than the applicant group that is dealing with or utilizing PHI.
HIC
The Department of Public Health’s (DPH) Human Investigations Committee (HIC) is responsible for monitoring, reviewing, and approving research by utilizing identifiable health information obtained by the Department with the purpose of protecting the rights and the well-being of the research subjects.
Risk Assessment
A risk assessment validates if your organization is compliant with HIPAA’s technical, administrative, and physical safeguards. A risk assessment also helps identify areas where your organization’s Protected Health Information (PHI) is vulnerable to breach.
Privacy Official
The HIPAA (Health Insurance Portability and Accountability Act) Privacy Officer is responsible for developing, managing, and implementing processes to ensure the organizations are in compliance with applicable federal as well as state HIPAA regulations and guidelines, particularly for the organizations having access to and using protected health information (PHI).
Physical Safeguards
Physical safeguards as the physical measures, procedures, and policies to protect a covered entity’s electronic information systems and related equipment and buildings from natural and unnatural hazards and unauthorized intrusion.