HIPAA Compliance Plan
« Previous PageHIPAA Regulations Table of ContentsNext Page »

Download a FREE copy of the HIPAA Survival Guide 4th Edition.

§164.304 Definitions.

As used in this subpart, the following terms have the following meanings:


means the ability or the means necessary to read, write, modify, or communicate data/information or otherwise use any system resource. (This definition applies to ‘‘access’’ as used in this subpart, not as used in subparts D or E of this part.)

Administrative Safeguards

are administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect electronic protected health information and to manage the conduct of the covered entity's or business associate's workforce in relation to the protection of that information.


means the corroboration that a person is the one claimed.


means the property that data or information is accessible and useable upon demand by an authorized person.


means the property that data or information is not made available or disclosed to unauthorized persons or processes.


means the use of an algorithmic process to transform data into a form in which there is a low probability of assigning meaning without use of a confidential process or key.


means the physical premises and the interior and exterior of a building(s).

Information system

means an interconnected set of information resources under the same direct management control that shares common functionality. A system normally includes hardware, software, information, data, applications, communications, and people.


means the property that data or information have not been altered or destroyed in an unauthorized manner.

Malicious software

means software, for example, a virus, designed to damage or disrupt a system.


means confidential authentication information composed of a string of characters.

Physical safeguards

are physical measures, policies, and procedures to protect a covered entity's or business associate's electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion.

Security or Security measures

encompass all of the administrative, physical, and technical safeguards in an information system.

Security incident

means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.

Technical safeguards

means the technology and the policy and procedures for its use that protect electronic protected health information and control access to it.


means a person or entity with authorized access.


means an electronic computing device, for example, a lap or desk computer, or any other device that performs similar functions, and electronic media stored in its immediate environment.

Sign-up for our HIPAA Audit Preparation Webinar (starts October 2015).

« Previous PageHIPAA Regulations Table of ContentsNext Page »