C

Two or more business partners who have a contractual agreement to transmit data and keep that data's confidentiality and integrity.

A value that is computed by a function that is dependent on the contents of a data object and is stored or transmitted together with the object, for the purpose of detecting changes in the data.

A cryptographic algorithm for encryption and decryption.

A system entity that requests and uses a service provided by another system entity, called a 'server'. In some cases, the server may itself be a client of some other server.

A specific legislated way of tagging EPI so that it is transferable between health providers and systems. This comes from the portability part of HIPPA and doesn't have anything directly to do with security, but because it is another area of interaction between health and IT professionals, the term sometimes comes up in meetings.

An organization that studies computer and network INFOSEC in order to provide incident response services to victims of attacks, publish alerts concerning vulnerabilities and threats, and offer other information to help improve computer and network security, www.cert.org

A collection of host computers together with the sub-network or inter-network through which they can exchange data.

Actions that are taken to protect EPHI. There are three types of controls: administrative, physical, and technical. Each control exists in order to meet a standard of security or privacy. Some controls are required, while others are addressable. Controls are also referred to as safeguards.

Data exchanged between an HTTP server and a browser (a client of the server) to store state information on the client side and retrieve it later for server use. An HTTP server, when sending data to a client, may send along a cookie, which the client retains after the HTTP connection closes . A server can use this mechanism to maintain persistent client-side state information for HTTP-based applications, retrieving the state information in later connections.

The part of a hybrid entity to which HIPAA regulations apply

Any organization to which HIPAA regulations apply. Covered entities include health care providers who transmit data in electronic form, health plans, health care clearing houses , hybrid entities, affiliate entities, and some business partners and associates .

Determining the importance of an item relative to the whole.

Exists if an entity has the power, directly or indirectly, significantly to influence or direct the actions or policies of another entity. [45 C.F.R. § 164.103]

Exists if an entity or entities possess an ownership or equity interest of 5 percent or more in another entity. [45 C.F.R. § 164.103]

The property that data or information is not made available or disclosed to unauthorized persons or processes. [45 C.F.R. § 164.304]

A threat action that undesirably alters system operation by adversely modifying system functions or data.

Those functions of a covered entity the performance of which makes the entity a health plan, health care provider, or health care clearinghouse. [45 C.F.R. § 164.103]

The mathematical science that deals with analysis of a cryptographic system in order to gain knowledge needed to break or circumvent the protection that the system is designed to provide. In other words, convert the cipher text to plaintext without knowing the key.

An algorithm that employs the science of cryptography, including encryption algorithms, cryptographic hash algorithms, digital signature algorithms, and key agreement algorithms.