Glossary of Compliance
Compliance Glossary
Our list of curated compliance glossary offers everything you to know about compliance in one place.
A
Availability
BAA
Business Associates
Covered Entities
Data Use Agreement
De-Identified Information
Designated Record Set
DHS
Direct Treatment Relationships
Disaster Recovery Plan
Electronic Media
Emergency Mode Operations Plan
EMO Plan
ePHI
External Entity
Facility Security Plan
Health Care Clearinghouse
Health Care Component
Health Care Provider
HHS
HIC
HIPAA Liaison
Hybrid Entity
Limited Data Set
OCR
PHI
Physical Safeguards
Privacy Official
Public Health Activities
Risk Assessment
Risk Management
Security Official
SRA Tool
Subcontractors
Unsecured Protected Health Information

Sprinto: Your growth superpower
Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Security Official
The Security Officer for HIPAA deals with all forms of data to monitor risks, assess for threats and create policies and compliances to manage vulnerabilities. They are responsible for creating, implementing, and enforcing an organization’s security program as per the physical, administrative, and technical, based on the security rule.
Direct Treatment Relationships
A healthcare provider is said to have a Direct Treatment Relationship with the patient if they provides services, diagnoses, products, or results directly to the patient.
Designated Record Set
Designated record sets include billing records, medical records, payment and claim records, case management records, health plan enrollment records, as well as other records used, in part or in whole or by or for a covered entity, to reach conclusions about individuals.
Data Use Agreement
A Data Use Agreement (DUA) is an agreement that oversees the sharing of data between research collaborators that fall under covered entities in the HIPAA privacy rule. A DUA defines the ways in which the information is established as a limited data set, its use by the intended recipient, and how well it is protected.
Unsecured Protected Health Information
It refers to protected health information that has not been rendered unusable, indecipherable, or unreadable to unauthorized personnel through the use of a technology or procedure specified by the Secretary in guidance.
EMO Plan
An Emergency Mode Operation (EMO) plan is an organization’s contingency plan for continuous operations in the event of a fire, natural disaster, vandalism, or system failure. Budget and resources should be allocated for EMO and tested in a controlled environment.