R

Safeguards that meet the requirements in a manner that is not unwieldy or overly expensive for the entity, but are not specified by the act.

Balancing the costs of security controls against the expected losses if the controls aren't implemented, this is required as part of the security management process.

Determining an acceptable level of risk and taking steps to contain the risk within that level, a required part of the security management process.

A mandate contained in law that compels an entity to make a use or disclosure of protected health information and that is enforceable in a court of law. Required by law includes, but is not limited to, court orders and court -ordered warrants ; subpoenas or summons issued by a court, grand jury, a governmental or tribal inspector general, or an administrative body authorized to require the production of information; a civil or an authorized investigative demand; Medicare conditions of participation with respect to health care providers participating in the program; and statutes or regulations that require the production of information, including statutes or regulations that require such information if payment is sought under a government program providing public benefits. [45 C.F.R. § 164.103].

A collection of tools (programs) that a hacker uses to mask intrusion and obtain administrator-level access to a computer or computer network.