Addressable Implementation Specification
Definition
A HIPAA Security Rule specification that organisations must assess for reasonableness and appropriateness. If reasonable and appropriate, it must be implemented; if not, the organisation must document the rationale and implement an equivalent alternative. Addressable is not synonymous with optional.
Related terms
- Business Associate
- A person or entity that performs services for a HIPAA covered entity that involve creating, receiving, maintaining, or transmitting protected health information...
- Cardholder Data Environment (CDE)
- The people, processes, and technology that store, process, or transmit cardholder data or sensitive authentication data. PCI-DSS requirements apply to the CDE...
- Covered Entity
- Under HIPAA, a healthcare provider that transmits health information electronically, a health plan, or a healthcare clearinghouse. Covered entities are directly subject...
- Protected Health Information (PHI)
- Individually identifiable health information held or transmitted by a covered entity or its business associate, in any form or medium. PHI includes...
- Qualified Security Assessor (QSA)
- An individual certified by the PCI Security Standards Council to perform on-site PCI-DSS assessments for merchants and service providers that cannot self-certify....
Explained in
- HIPAA and PCI-DSS Compliance RequirementsA HIPAA Security Rule specification that organisations must assess for reasonableness and appropriateness. If reasonable and appropriate, it must be implemente...