Skip to main contentChat with us

Glossary · Privacy & Data Protection

HIPAA

Health Insurance Portability and Accountability Act

A United States federal law that sets national standards for protecting individuals' health information held by healthcare providers, health plans, and their vendors. Its Privacy Rule and Security Rule together govern how protected health information is used, disclosed, and safeguarded.

This definition is part of TCSA’s plain-English compliance glossary, written and reviewed by the auditors who prepare organizations for these frameworks — 500+ audits delivered across India, USA, UK, Australia & UAE.

Go deeper: the full HIPAA guide

The complete plain-English explainer behind this definition.

Related Privacy & Data Protection terms

BAA

A contract required under HIPAA between a covered entity and any vendor (a "business associate") that handles protected health information on its behalf. It binds the vendor to safeguard PHI and to report breaches, extending HIPAA obligations down the supply chain.

Consent Manager

Under India's DPDP Act, a registered intermediary that lets a Data Principal give, manage, review, and withdraw consent through a single, interoperable platform. It acts on the individual's behalf and is accountable to the Data Protection Board.

Data Fiduciary

Under India's DPDP Act, the person or organisation that determines the purpose and means of processing personal data — the rough equivalent of a "controller" under GDPR. The Data Fiduciary carries the primary accountability for lawful processing and for honouring Data Principal rights.

Data Principal

Under India's DPDP Act, the individual to whom the personal data relates — the equivalent of a "data subject" under GDPR. Data Principals have rights to access, correction, erasure, and grievance redressal.

DPDP Act

India's comprehensive data-protection law governing the processing of digital personal data, built around consent, purpose limitation, and accountability. It introduces the roles of Data Fiduciary and Data Principal and is enforced by the Data Protection Board of India.

DPIA

A structured assessment of how a planned processing activity could affect individuals' privacy, used to identify and mitigate risks before processing begins. It is mandatory under GDPR for high-risk processing and is expected of Significant Data Fiduciaries under the DPDP Act.

Browse all 54 glossary terms

Written By Expert Auditors

Surendra Pal Singh
Surendra Pal Singh
Chief Information Security Officer & Data Protection Officer
CISODPOCISAMCSEITILISO 27001 Lead AuditorISO 27701 Lead AuditorISO 42001 Lead Auditor
Saundhi Chauhan
Saundhi Chauhan
Lead Auditor
ISO 27001 Lead AuditorISO 27701 Lead Auditor
Last reviewed: July 2026Content verified by certified lead auditors

Get in touch

Book a free consultation or send us your requirements. We respond within 24 hours.

Quick Call

Pick a time slot

Send Requirements

Get a custom quote in 24 hours

We're Online

⚠️ Business inquiries only. Personal email addresses will be rejected.

24hr Response
Free Consultation
No Obligations