ControlsSomething that secures or assists in making something safer; protection; defence
Authority documentA repository of compliance controls found in various laws, regulations, standards and audit logs that a company needs to act in accordance with to be considered compliant
Data Subject“identified or identifiable natural person[s]” human beings from whom or about whom, you collect personal data, in connection with your business and its operations
Controller“the natural or legal person, public authority, agency or another body which, alone or jointly with others, determines the purposes and means of the processing of personal data.”
ProcessorEntities that process personal data on behalf of Controllers, and as directed by Controllers. Whenever a Controller outsources the actual data processing function to another entity, that other entity is considered a Processor
PrivacyThe state of being free from unwanted or undue intrusion or disturbance in one's private life or affairs; freedom to be let alone
FrameworkA framework can be anything; a grouping of controls, Standards, policies and procedures
Law, federal, state or provisional law
StandardProper certifications that have strict controls that need to be followed (specific)
ComplianceThe action or fact of complying with a wish or command
PolicyWritten commitment statements that must be followed
SecurityThe state of being free from danger or threats; safety
Third-Party AssessorsAuditors, privacy consultants, and security testers
Vendor Assessing Organization (VAO)Organizations who purchase and facilitate offerings of digital health companies, or are ones themselves that offer others
Vendor Security Assessment (VSA)(VSA) A questionnaire document that you get your vendors to fill out that aims to assess their security and privacy compliance posture
Consensus Assessments Initiative Questionnaire(CAIQ) The Cloud Security Alliance (CSA) Consensus Assessments Initiative Questionnaire (CAIQ) is a standardized VSA questionnaire that many vendor risk management teams can reduce costs and increase efficiencies without exposing their organization to unnecessary cybersecurity risk
HCPHealthcare Professional
CECovered Entity
BAABusiness Associate Agreement