Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary Β» HIPAA Β» HIPAA Privacy Practices

HIPAA Privacy Practices

Covered entities must provide a Notice of Privacy Practices (Privacy Notice) to every individual whose PHI is processed by them. Healthcare providers send this notice to new enrollees during initiation and at least once every three years to the existing ones. Self-insured health plans create their own Privacy Notices, while fully insured plans rely on their insurance issuers for this.

How to provide the notice?

  • Any person who requests the Privacy Notice should receive it
  • The notice must be prominently displayed on the entity’s website if it provides customer service or benefit information there
  • Health plans must give the notice to current members by April 14, 2003 (or April 14, 2004, for smaller plans) and to new enrollees during enrollment
  • If the notice changes significantly, it should be reissued within 60 days
  • Covered Direct Treatment Providers must give the notice to patients at the first service encounter, and efforts should be made to get a written acknowledgment
  • For online or electronic service delivery, an electronic notice should be sent upon the patient’s request
  • In emergencies, the notice should be provided as soon as possible, and acknowledgment is not required
  • The latest notice reflecting any changes should be available for patients to take and be prominently displayed at the provider’s facility
  • If a patient agrees, the notice can be sent via email

Additional reading

Your GRC Function Might Be Obsoleteβ€” Or Maybe Not.

As a leader, you might not realize that your function accumulates debtβ€”not financial debt, but technical and procedural debt, which builds up quietly over time as systems age and processes go unchecked.  As your GRC function matures, minor inefficiencies can snowball into much larger issues. What was once cutting-edge is now outdated, creating friction that…

More Money =/= More Security. A Conversation on Budget with Christophe FuolonΒ 

During a recent conversation with Christophe Foulon, a vCISO at Qusitive who has over 17 years of experience, I naively asked him Can we equate bigger cybersecurity budgets with better protectionβ€”or are we missing the bigger picture? Christophe didn’t hesitate. β€œA big budget doesn’t guarantee good securityβ€”if it did, we’d never hear of billion-dollar companies…

A Detailed Evaluation of PCI DSS Certification Cost

There is no fixed price on the costs involved with becoming PCI DSS (Payment Card Industry Data Security Standards) compliant. Instead, the costs largely depend on the size of your business, the volume of transactions your company conducts annually, and the transmission and storage methods you use. PCI DSS is designed to ensure the security…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales