Glossary

  • Business Associate

    A Business Associate is an individual or entity that performs functions, activities, or services for a covered entity involving the use or disclosure of protected health informatio…

  • Cardholder Data Environment (CDE)

    The Cardholder Data Environment (CDE) is the totality of network components, systems, and processes that store, process, or transmit payment card data or sensitive authentication d…

  • Consent

    Consent is a voluntary, informed, and unambiguous affirmation of agreement by an individual to the collection, processing, or use of their personal or health information. It must b…

  • Covered Entity

    A Covered Entity is an organization that must comply with specific regulatory requirements due to the nature of its operations and the sensitive data it handles. In the healthcare …

  • Data Breach

    A data breach is the unauthorized access, disclosure, or loss of personal data held by an organization. It occurs when sensitive information is compromised through theft, hacking, …

  • Data Controller

    A Data Controller is an entity that determines the purposes and means of processing personal data. The Data Controller decides why personal data is collected and how it will be pro…

  • Data Processor

    A Data Processor is an entity that processes personal data on behalf of and under the instructions of a Data Controller. The processor handles personal data according to contractua…

  • Data Protection Officer (DPO)

    A Data Protection Officer (DPO) is a designated individual responsible for monitoring an organization's compliance with data protection laws and regulations. The DPO serves as an i…

  • Data Subject Rights

    Data Subject Rights are legal entitlements granted to individuals concerning their personal information held by organizations. These rights enable individuals to exercise control o…

  • Directory Information

    Directory Information refers to student educational records that an institution may disclose without prior written consent from the student or parent, as they are considered non-se…

  • Education Records

    Education records are any records directly related to a student that are maintained by an educational institution or a party acting on its behalf. These records include documents s…

  • Internal Controls Over Financial Reporting (ICFR)

    Internal Controls Over Financial Reporting (ICFR) are the processes, policies, and procedures implemented by an organization to ensure the accuracy, completeness, and reliability o…

  • Legitimate Interests

    Legitimate interests refer to the lawful reasons an organization may process personal data based on its own or a third party's interests, provided these interests are not overridde…

  • Material Weakness

    A material weakness is a deficiency, or combination of deficiencies, in internal control over financial reporting such that there is a reasonable possibility that a material missta…

  • Minimum Necessary Standard

    The Minimum Necessary Standard is a foundational HIPAA principle requiring that covered entities and business associates limit the use, disclosure, and requests of protected health…

  • Personal Data / Personal Information

    Personal data or personal information refers to any information relating to an identified or identifiable natural person. This includes data that directly identifies an individual …

  • Primary Account Number (PAN)

    A Primary Account Number (PAN) is the main identifier for a payment card account, typically consisting of 13-19 digits that uniquely identify the issuing bank and the cardholder's …

  • Protected Health Information (PHI)

    Protected Health Information (PHI) is any information in a medical record or health plan that can be used to identify an individual patient or consumer. PHI includes demographic da…

  • Pseudonymization

    Pseudonymization is a data processing technique that replaces identifying information with artificial identifiers or pseudonyms, making it impossible to attribute personal data to …

  • Tokenization

    Tokenization is a data security technique that replaces sensitive payment card data with a non-sensitive substitute value called a token, which has no intrinsic or exploitable mean…