Has got to go into the IT industry's dictionary somewhere. Also, it can go into the IT thesaurus for use by the NSA and other security services when they need a euphemism for "backdoor".
And my experience with HIPAA audits is that it does look at A) software patches/versions and physician access B) which employee/employee types should have access to personal health information and C) training those who have access to PHI to not spread it around, but it doesn't really look at network settings, endpoint access, guest/contractor access to the network, firewall layering/settings or broader corporate end-user security training.
For all we know, some pretty blonde cozied up to a Premera sysadmin at a local bar, boozed him up a little and purred his admin login out of him.
(Kind of bi-polar post defies easy icon choice, so I'll punt and go with the easy-on-the-eyes Ms. Hilton)