Software (e.g., a virus) designed to damage or disrupt a system.

A person or entity with authorized access.

Management policy and procedures used to guide an enterprise response to a perceived loss of mission capability.

The individual with responsibility for and authority to accomplish program or system objectives for development, production, and sustainment to meet the user’s operational needs.

Encompass all of the administrative, physical, and technical safeguards in an information system.

The transactions covered by this instruction are the transmission of information between two parties to carry out financial or administrative activities related to health care, including: 

• Health care claims or equivalent encounter information.
• Health care payment and remittance advice.
• Coordinatio...

The process of changing plaintext into ciphertext for the purpose of security or privacy.

Includes memory devices in computers (e.g., hard disks, memory chips) and any removable or transportable digital memory medium, such as magnetic tape or disks, optical disks, digital memory cards, or transmission media used to exchange information already in electronic storage media. Transmission media include, for example, the internet, the extranet, lea...

A user that is authorized (and, therefore, trusted) to perform security-relevant functions that ordinary users are not authorized to perform.

A weakness in information system security design, procedures, implementation, or internal controls that could be exploited to gain unauthorized access to information or an information system.

Any information, whether oral or recorded in any form or medium that: Is created or received by a health care provider, health plan, public health authority, employer, life insurer, or school or university. Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or pas...

Physical measures, policies, and procedures to protect an organization’s electronic ISs and related buildings and equipment from natural and environmental hazards and unauthorized intrusion.

The process of granting or denying specific requests: for obtaining and using information and related information processing services; and to enter specific physical facilities (e.g., federal buildings, military establishments, and border crossing entrances).

Individuals receiving a salary or wages from an organization in exchange for the performance of work for the organization

The process of managing risks to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the nation resulting from the operation or use of an IS, and includes: The conduct of a risk assessment; The implementation of a risk mitigation strategy; Employment of techniques and ...