Glossary¶
| Term | Definition |
|---|---|
| Controls | Something that secures or assists in making something safer; protection; defence |
| Authority document | A repository of compliance controls found in various laws, regulations, standards and audit logs that a company needs to act in accordance with to be considered compliant |
| Data Subject | “identified or identifiable natural person[s]” human beings from whom or about whom, you collect personal data, in connection with your business and its operations |
| Controller | “the natural or legal person, public authority, agency or another body which, alone or jointly with others, determines the purposes and means of the processing of personal data.” |
| Processor | Entities that process personal data on behalf of Controllers, and as directed by Controllers. Whenever a Controller outsources the actual data processing function to another entity, that other entity is considered a Processor |
| Privacy | The state of being free from unwanted or undue intrusion or disturbance in one's private life or affairs; freedom to be let alone |
| Framework | A framework can be anything; a grouping of controls, Standards, policies and procedures Law, federal, state or provisional law |
| Standard | Proper certifications that have strict controls that need to be followed (specific) |
| Compliance | The action or fact of complying with a wish or command |
| Policy | Written commitment statements that must be followed |
| Security | The state of being free from danger or threats; safety |
| Third-Party Assessors | Auditors, privacy consultants, and security testers |
| Vendor Assessing Organization (VAO) | Organizations who purchase and facilitate offerings of digital health companies, or are ones themselves that offer others |
| Vendor Security Assessment (VSA) | (VSA) A questionnaire document that you get your vendors to fill out that aims to assess their security and privacy compliance posture |
| Consensus Assessments Initiative Questionnaire | (CAIQ) The Cloud Security Alliance (CSA) Consensus Assessments Initiative Questionnaire (CAIQ) is a standardized VSA questionnaire that many vendor risk management teams can reduce costs and increase efficiencies without exposing their organization to unnecessary cybersecurity risk |
| HCP | Healthcare Professional |
| CE | Covered Entity |
| BAA | Business Associate Agreement |