Glossary · Privacy & Data Protection
Privacy Rule (HIPAA)
The HIPAA standard that governs how protected health information may be used and disclosed, and that gives individuals rights over their own health data. It sets the "what and when" of PHI sharing, complementing the Security Rule's focus on safeguards.
This definition is part of TCSA’s plain-English compliance glossary, written and reviewed by the auditors who prepare organizations for these frameworks — 500+ audits delivered across India, USA, UK, Australia & UAE.
Go deeper: the full Privacy Rule (HIPAA) guide
The complete plain-English explainer behind this definition.
Related Privacy & Data Protection terms
BAA
A contract required under HIPAA between a covered entity and any vendor (a "business associate") that handles protected health information on its behalf. It binds the vendor to safeguard PHI and to report breaches, extending HIPAA obligations down the supply chain.
Consent Manager
Under India's DPDP Act, a registered intermediary that lets a Data Principal give, manage, review, and withdraw consent through a single, interoperable platform. It acts on the individual's behalf and is accountable to the Data Protection Board.
Data Fiduciary
Under India's DPDP Act, the person or organisation that determines the purpose and means of processing personal data — the rough equivalent of a "controller" under GDPR. The Data Fiduciary carries the primary accountability for lawful processing and for honouring Data Principal rights.
Data Principal
Under India's DPDP Act, the individual to whom the personal data relates — the equivalent of a "data subject" under GDPR. Data Principals have rights to access, correction, erasure, and grievance redressal.
DPDP Act
India's comprehensive data-protection law governing the processing of digital personal data, built around consent, purpose limitation, and accountability. It introduces the roles of Data Fiduciary and Data Principal and is enforced by the Data Protection Board of India.
DPIA
A structured assessment of how a planned processing activity could affect individuals' privacy, used to identify and mitigate risks before processing begins. It is mandatory under GDPR for high-risk processing and is expected of Significant Data Fiduciaries under the DPDP Act.
Written By Expert Auditors
Get in touch
Book a free consultation or send us your requirements. We respond within 24 hours.
Quick Call
Pick a time slot
Send Requirements
Get a custom quote in 24 hours