Skip to content
  • There are no suggestions because the search field is empty.

Accountable Terminology

A self-help glossary for Accountable-specific and HIPAA-related terms.

  • Accountable: A healthcare compliance software platform designed to help organizations manage HIPAA compliance, offering an all-in-one solution for privacy, security, and risk management.
  • Acceptable Use Policy: A framework detailing appropriate usage of organizational IT resources. Critical for any HIPAA compliance program.
  • Access, Onboarding and Termination Policy: Guidelines covering how employee or contractor access to PHI is granted, modified, and revoked.
  • Access Control: A security measure designed to restrict information or resource access only to authorized users.
  • Access Rights: Policies that define the rules and procedures for granting or revoking PHI access.
  • Accounting of Disclosures: Documentation of PHI disclosures outside of treatment, payment, or healthcare operations. Must include disclosures from the previous six years (or shorter if requested).
  • Add a Third Party / Manage All: Dashboard section where third-party profiles are generated before executing a BAA or sending vendor risk questionnaires.
  • Administrative Safeguards: HIPAA Security Rule category focused on policies/procedures for selecting, implementing, and maintaining security measures.
  • Administrative Simplification Provisions: Sections of HIPAA (261-264) requiring HHS to adopt standards for electronic healthcare transactions, identifiers, and privacy/security protections.
  • Admin (Privacy Officer): Full-access role within Accountable; Employee role has limited access.
  • Annual Requirements: HIPAA compliance tasks that must be completed annually, such as staff training and risk assessments.
  • Append Company Logo to Policies: A feature in Settings > Company to automatically apply your company logo to all generated policies.
  • Assessments: Gap analysis and audit tools in Accountable; cover ~50% of the required HIPAA Security Risk Assessment (SRA).
  • Audit Protection Guarantee: Accountable’s promise of expert and platform support if a HIPAA audit occurs.
  • Automated Data Breach Detection & Risk Scoring: Accountable’s real-time detection of third-party breaches, risk assessment, and employee notifications.
  • BA (Business Associate): A person or entity (not workforce) that performs functions or services for a covered entity involving PHI. Includes subcontractors handling PHI.
  • BAA (Business Associate Agreement): A written contract between covered entities and business associates (and their subcontractors) ensuring safeguarding of PHI.
  • BAA Management System: Accountable’s centralized feature for creating, tracking, and managing BAAs with vendors.
  • Breached Password Detection: An Accountable feature that flags organizational credentials found in public breach data dumps.
  • Breach: An impermissible use or disclosure under HIPAA’s Privacy Rule that compromises PHI unless a low probability of compromise is shown.
  • Breach Notification Rule (45 CFR §§164.400-414): Requires covered entities/business associates to notify individuals, HHS, and sometimes media after a PHI breach.
  • Business Associate Agreement Template: Automated, pre-generated BAA template accessible via a third party’s profile in Accountable.
  • CCPA (California Consumer Privacy Act): A California law enhancing privacy rights and consumer protection.
  • Civil Money Penalties (CMPs): Financial penalties imposed by OCR for HIPAA noncompliance.
  • Compliance Progress Tracker: Accountable’s tool to monitor an organization’s HIPAA compliance progress.
  • Confidentiality (Security Rule): Assurance that data is not disclosed to unauthorized persons/processes.
  • Covered Entity (CE): Health plans, healthcare clearinghouses, and providers who electronically transmit health information under HIPAA.
  • Custom Company Training (BYO): Accountable feature for uploading/managing custom training modules.
  • Data Breach Monitoring: Accountable’s monitoring of incidents and threats affecting employees and sensitive data.
  • Data Inventory Management: Centralized tracking of all ePHI/PHI storage locations within an organization.
  • Data Protection Impact Assessment (DPIA): A process to minimize data protection risks, often used under GDPR.
  • Data Use Agreement (DUA): Agreement for sharing limited data sets (e.g., research, public health); distinct from a BAA.
  • De-identified Health Information: Health information that cannot reasonably identify an individual. Created via statistician determination or identifier removal.
  • DSAR (Data Subject Access Request): Request by an individual for access to their personal data (e.g., under GDPR, CCPA).
  • e-Signature (HIPAA-Compliant): Digital signature service meeting HIPAA standards for contracts like BAAs and policy acknowledgments.
  • ePHI (Electronic Protected Health Information): PHI that is created, stored, transmitted, or received electronically.
  • Employee Dashboard: Accountable feature for employees to track compliance, training, and incident reports.
  • Employee LMS (Learning Management System): Manages training delivery inside Accountable’s Employee Portal (HIPAA, security awareness, harassment prevention).
  • Encryption (for PHI): Transforms data into unreadable form without a key. HIPAA recognizes NIST and FIPS validated encryption methods.
  • Enforcement Rule (45 CFR Part 160): Provides standards for compliance, investigations, penalties, and hearings under HIPAA.
  • ESIGN Act: U.S. law validating electronic records and signatures in commerce.
  • Full Service Plan: Accountable’s top-tier plan with white-glove onboarding, dedicated support, migration, and Privacy Officer as a Service.
  • GAP Analysis: Comparison of current practices to standards (e.g., HIPAA). Accountable uses AI for automated gap analysis.
  • GDPR (General Data Protection Regulation): EU/EEA law for personal data protection and privacy.
  • HIPAA (Health Insurance Portability and Accountability Act): U.S. federal law establishing national patient data protection standards.
  • HIPAA Breach Notification Rule: Requires CE/BA to notify affected parties after breaches of unsecured PHI.
  • HIPAA Privacy Rule: National standards for safeguarding medical records and PHI.
  • HIPAA Seal of Compliance: Accountable’s third-party verification badge for demonstrating HIPAA compliance.
  • HIPAA Security Rule: Sets standards for protecting ePHI with administrative, physical, and technical safeguards.
  • HIPAA Training: Accountable’s employee education program on HIPAA privacy and security.
  • HITECH Act: Strengthened HIPAA, extended BA liability, and mandated audits
  • Incident Management Software: Accountable’s HIPAA-compliant system for incident reporting, tracking, and resolution.
  • Individually Identifiable Health Information (IIHI): Any data relating to health or care that can identify the individual.
  • Integrity (Security Rule): Assurance that information has not been altered/destroyed without authorization.
  • Minimum Necessary Rule: Requires limiting PHI use/disclosure to the minimum needed.
  • Multiple Location Management: Accountable feature for managing compliance across franchises/multi-site businesses.
  • NIST (National Institute of Standards and Technology): Federal agency setting computer security standards used in HIPAA compliance.
  • Notice of Privacy Practices (NPP): Document CEs must provide describing PHI uses/disclosures and patient rights.
  • NPI Number (National Provider Identifier): Unique U.S. healthcare provider identifier mandated by HIPAA.
  • OCR (Office for Civil Rights): HHS office enforcing HIPAA rules.
  • Office for Civil Rights (OCR): Agency enforcing HIPAA Privacy, Security, and Breach Notification Rules.
  • Patient Safety Work Product (PSWP): Data collected/analyzed for patient safety events, protected by PSQIA.
  • PHI (Protected Health Information): Individually identifiable health info in any form held by a CE or BA.
  • Phishing Attacks: Social engineering attacks attempting to steal data via deceptive messages.
  • Policy Management Software: Accountable’s system for creating/sharing policies and tracking acknowledgments.
  • Privacy Center: Accountable’s portal for individuals to manage data rights under laws like GDPR/CCPA.
  • Privacy Officer as a Service: Dedicated professional privacy officer available in Accountable’s Full Service plan.
  • Privacy Rule (45 CFR Part 160/164): Sets HIPAA standards for PHI privacy protection.
  • Privacy Compliance Software: Accountable’s tool for automating compliance with privacy laws (HIPAA, GDPR, CCPA).
  • Protected Health Information (PHI): All individually identifiable health information held or transmitted by a CE or BA.
  • Public Health Authority: Government authority with public health responsibilities under HIPAA.
  • Resolution Agreement: OCR settlement agreement resolving HIPAA noncompliance issues, often with monetary payment.
  • Risk Analysis: Required Security Rule assessment of risks/vulnerabilities to ePHI.
  • Security Awareness Training: Accountable’s program training employees on threats, phishing, password safety.
  • Security Risk Assessment (SRA): HIPAA-required process, offered by Accountable, to assess risks/vulnerabilities around PHI.
  • Security Rule (45 CFR Part 160/164): National standards for securing ePHI.
  • Sexual Harassment Prevention Training: Accountable’s employee training for fostering safe workplaces.
  • Third-Party Security Monitoring Software: Accountable’s tool to manage vendor compliance/security risks.
  • Unsecured Protected Health Information: PHI not rendered unusable/unreadable (e.g., not encrypted/destroyed).
  • Vendor Compliance Management Software: Helps organizations manage vendor risk to ensure HIPAA/privacy compliance.
  • Vendor Management System (VMS): Accountable’s centralized vendor compliance and risk management solution.