Glossary of Compliance
Compliance Glossary
Our list of curated compliance glossary offers everything you to know about compliance in one place.
A
Availability
BAA
Business Associates
Covered Entities
Data Use Agreement
De-Identified Information
Designated Record Set
DHS
Direct Treatment Relationships
Disaster Recovery Plan
Electronic Media
Emergency Mode Operations Plan
EMO Plan
ePHI
External Entity
Facility Security Plan
Health Care Clearinghouse
Health Care Component
Health Care Provider
HHS
HIC
HIPAA Liaison
Hybrid Entity
Limited Data Set
OCR
PHI
Physical Safeguards
Privacy Official
Public Health Activities
Risk Assessment
Risk Management
Security Official
SRA Tool
Subcontractors
Unsecured Protected Health Information

Sprinto: Your growth superpower
Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Facility Security Plan
All HIPAA-Covered Components have to implement a facility security plan to safeguard the facility and the equipment within from unauthorized physical access, theft, and tampering for all locations that store and/or access ePHI.
OCR
The Office for Civil Rights (OCR) promotes medical excellence throughout the nation by ensuring equal access to certain health and human services while protecting the privacy and security of health information.
HHS
The United States Department HHS, or Health and Human Services, is a cabinet-level executive branch of the U.S. federal government created to safeguard the health of all American citizens and provide essential human services.
SRA Tool
The OCR in partnership with the Office of the National Coordinator for Health Information Technology, developed a downloadable Security Risk Assessment (SRA) Tool that guides users through the security risk assessment process by utilizing a simple, wizard-based approach as asked for by the CMS or the Centers for Medicare and Medicaid Service Electronic Health Record…
Disaster Recovery Plan
A HIPAA disaster recovery plan (HIPAA DRP) is a formal proposition that specifies the processes, actions, and methodologies that must be embraced to secure and restore electronic health records (EHR) in case of a natural or manmade disaster, calamity or similar event.
Hybrid Entity
A legal entity that carries out both covered as well as non-covered functions may designate itself as a hybrid Entity under HIPAA and may choose not to apply the Privacy Rule to its non-healthcare components, whereas all covered healthcare components must be in compliance with HIPAA, and the covered entity retains security compliances, oversight, and…