Glossary · Privacy & Data Protection
HIPAA
Health Insurance Portability and Accountability Act
A United States federal law that sets national standards for protecting individuals' health information held by healthcare providers, health plans, and their vendors. Its Privacy Rule and Security Rule together govern how protected health information is used, disclosed, and safeguarded.
This definition is part of TCSA’s plain-English compliance glossary, written and reviewed by the auditors who prepare organizations for these frameworks — 500+ audits delivered across India, USA, UK, Australia & UAE.
Go deeper: the full HIPAA guide
The complete plain-English explainer behind this definition.
Related Privacy & Data Protection terms
BAA
A contract required under HIPAA between a covered entity and any vendor (a "business associate") that handles protected health information on its behalf. It binds the vendor to safeguard PHI and to report breaches, extending HIPAA obligations down the supply chain.
Consent Manager
Under India's DPDP Act, a registered intermediary that lets a Data Principal give, manage, review, and withdraw consent through a single, interoperable platform. It acts on the individual's behalf and is accountable to the Data Protection Board.
Data Fiduciary
Under India's DPDP Act, the person or organisation that determines the purpose and means of processing personal data — the rough equivalent of a "controller" under GDPR. The Data Fiduciary carries the primary accountability for lawful processing and for honouring Data Principal rights.
Data Principal
Under India's DPDP Act, the individual to whom the personal data relates — the equivalent of a "data subject" under GDPR. Data Principals have rights to access, correction, erasure, and grievance redressal.
DPDP Act
India's comprehensive data-protection law governing the processing of digital personal data, built around consent, purpose limitation, and accountability. It introduces the roles of Data Fiduciary and Data Principal and is enforced by the Data Protection Board of India.
DPIA
A structured assessment of how a planned processing activity could affect individuals' privacy, used to identify and mitigate risks before processing begins. It is mandatory under GDPR for high-risk processing and is expected of Significant Data Fiduciaries under the DPDP Act.
Written By Expert Auditors
Get in touch
Book a free consultation or send us your requirements. We respond within 24 hours.
Quick Call
Pick a time slot
Send Requirements
Get a custom quote in 24 hours