Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » HIPAA » Limited Data Set

Limited Data Set

A limited data set is detailed as health information that excludes certain listed direct identifiers but that may include city; ZIP Code; state; elements of date; telephone numbers, fax numbers and other characteristics, numbers, or codes not listed as direct identifiers.

The direct identifiers defined in the Privacy Rule’s limited data lays down provisions that apply both to information about the individual as well as to information about the individual’s employers, relatives, or household members. The following list of identifiers must be deleted from health information if the data is to be permitted as a limited data set:

– Medical record numbers

– Names

– Postal address information

– Electronic mail addresses

– Social security numbers

– Certificate/license numbers

– Health plan beneficiary numbers

– Account numbers

– Telephone numbers

– Fax numbers

– Vehicle serial numbers and identifiers, including license plate numbers.

– Biometric identifiers, including fingerprints and voiceprints.

– Device identifiers and serial numbers

– Web universal resource locators (URLs)

– Full-face photographic images and any comparable images

– Internet protocol (I.P.) address numbers

Additional reading

Blogs

Top 5 Scrut Alternatives to look after in 2026

TL; DR Scrut can be a solid starting point for audit readiness. Friction arises when you need advanced automation across multiple frameworks. Teams note poor UX, limited control mapping, and excessive auditor coordination. This guide compares top Scrut alternatives on control mapping, monitoring, audit workflows, risk and vendor automation, integrations, and platform reliability post-setup. Top…

Blogs ISO 27001

ISO 27001 vs ISO 27002: Key Differences and Use Cases Explained

More often than not, you have to convincingly demonstrate data security to inspire confidence and trust when you win a new client or enter new geographies. The ISO 27000 series, developed by the International Organization for Standardization (ISO) in partnership with the International Electrotechnical Commission (IEC), offers a globally-accepted information security benchmark in this regard. …

GRC

How to Become a GRC Auditor: The Complete Roadmap

Every security failure, breach, or fine can be attributed to a gap that no one caught at the right time. Cybersecurity auditors, sometimes called GRC auditors, exist to close these gaps. On a typical day, their work involves planning audits, assessing organizational safeguards, testing systems, and documenting findings. It’s detail-heavy but also demands strategic thinking….

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales