Compliance & Frameworks
HIPAA
Also known as: Health Insurance Portability and Accountability Act
Definition
The U.S. Health Insurance Portability and Accountability Act, which sets national standards for protecting individually identifiable health information.
Examples
- A hospital encrypting PHI at rest and in transit to satisfy the Security Rule.
- A SaaS vendor signing a Business Associate Agreement with a healthcare provider.
Related terms
Compliance
The discipline of meeting legal, regulatory, contractual, and internal security requirements through documented controls, evidence collection, and ongoing assessment.
GDPR
The European Union's General Data Protection Regulation governing the processing of personal data of individuals in the EU and EEA.
ISO/IEC 27001
The international standard specifying requirements for an Information Security Management System (ISMS), against which organizations can be formally certified.
Encryption
The cryptographic transformation of plaintext into ciphertext using an algorithm and key so that only authorized parties can recover the original data.
Incident Response
The organised process of preparing for, detecting, analysing, containing, eradicating, and recovering from cyber security incidents, then capturing lessons learned.
Security Controls
Safeguards or countermeasures — technical, administrative, or physical — used to prevent, detect, or respond to threats against information assets.