Hipaa Security Common Definitions

Document with common definitions related to Hipaa Security

Affiliated Covered Entity (ACE):
Affiliated Covered Entity. UW Hospital and Clinics, UW Medical Foundation and a portion of the UW-Madison Health Care Component, which includes the clinical departments, have agreed to form an ACE. Sharing of protected health information (PHI) within the HCC or within the ACE for research purposes is a use for which no accounting is required.

Duplicate copy of entire data storage such as disk to another medium or device.
Access ControlMechanism used to restrict access to data.

An account (also referred to as a log-in) allows a specific computer user to connect to specific computing resources and may allow access to specific data.

Account Requestor:
Administrative staff or supervisor who requests that an account be provided to a staff member who needs it to access data.

Audit Log:
Record of changes that affect access to data (see Audit Controls Policy)

Mechanism such as password or ID tag used to confirm identity of user.

Process used to copy data to another medium or location for purposes of duplication. May be incremental storing only changes since last full archive or backup.

Dataset custodian:
The individual or entity accountable for the research uses of a dataset

Dataset administrator:
Department IT person or group responsible for maintaining a PHI dataset including access controls

Departmental IT:
Each clinical department or unit receives computer services from a specified Information Technology group either in their own department or by contract from another department. This term is used to refer to that IT group.

Process used to convert data into an unreadable form. Only authorized user may convert data back to readable form.

Health Insurance Portability and Accountability Act

Health Care Component:
Component of the Covered Entity (UW_Madison) that handles EPHI and consequently must comply with HIPAA

PHI Database:
A collection of data containing EPHI from several individuals such as those used in a clinical study

Remote access:
Mechanism used to access resources on the SMPH network from outside that network.

Security Rule:
The portion of HIPAA specifically applying to Protected Health Information in electronic form.

A computer is a server if it meets either of the following criteria:

  • Contains registered multi-user database of EPHI
  • Is accessible from outside the SMPH network.

Any person who has been authorized to access SMPH computer systems.

VPN (Virtual Private Network):
Method for accessing a remote network via an encrypted tunnel through the Internet.

A computer, used to access or process data, which is not accessible from outside the Affiliated Covered Entity (ACE) and does not contain a repository of EPHI.