Skip to Content

Glossary

Jump to specific letter: A | B | C | D | E | F | H | I | K | L | M | N | O | P | Q | R | S | T | U
A
Acceptable Use Policy: Set of rules and guidelines that specify appropriate use of computer systems or networks. Back to top
Access: The process or ability of obtaining data from or placing data into a computer system or storage device. It refers to such actions by any individual or entity that has the appropriate authorization for such actions. Back to top
Access Control: To prevent the unauthorized use of health information resources. Back to top
Accountability: To ensure the actions of a person or agency can be traced to that individual or agency. Back to top
Administrative Safeguards: Administrative actions, policies and procedures that manage the selection, development, implementation and maintenance of security measures to protect electronic health information and that manage the conduct of the covered entity's workforce in relation to the protection of that information. Back to top
Agency for Healthcare Research and Quality (AHRQ): AHRQ is a part of the United States Department of Health and Human Services and its mission is to improve the quality, safety, efficiency and effectiveness of healthcare for Americans. Back to top
AHRQ - Agency for Healthcare Research and Quality: AHRQ is a part of the United States Department of Health and Human Services and its mission is to improve the quality, safety, efficiency and effectiveness of healthcare for Americans. Back to top
American National Standards Institute (ANSI): A broad based agency charged with overseeing voluntary standards development for everything from computers to household products. ANSI accredits standards development organizations (SDO) based on their consensus process, then reviews and officially approves the SDO recommendations. Back to top
American Recovery and Reinvestment Act of 2009 (ARRA): A $787.2 billion stimulus measure, signed by President Obama on February 17, 2009, that provides aid to states and cities, funding for transportation and infrastructure projects, expansion of the Medicaid program to cover more unemployed workers, health IT funding, and personal and business tax breaks, among other provisions designed to "stimulate" the economy. Back to top
American Society for Testing and Materials (ASTM): American Society for Testing and Materials develops standards on characteristics and performance of materials, products, systems, and services. There are numerous standards-writing technical committees. E31 is the Committee on Computerized Systems and E31.28 is the subcommittee on Healthcare Informatics responsible for the Continuity of Care (CCR) standard. Back to top
Anonymized: Personal information which has been processed to make it impossible to know whose information it is. Back to top
ANSI - American National Standards Institute: A broad based agency charged with overseeing voluntary standards development for everything from computers to household products. ANSI accredits standards development organizations (SDO) based on their consensus process, then reviews and officially approves the SDO recommendations. Back to top
Antivirus software: A software program that checks a computer or network to find all major types of harmful software that can damage a computer system. Back to top
Application Service Provider (ASP): Application service provider is remote software that you access through a web browser. Instead of installing megabytes of software on your local C drive, you simply rent the use of some ASP software that exists elsewhere on the Internet. You never really own ASP software, you borrow it for a fee. Back to top
Architecture: The orderly arrangement of parts; structure. Back to top
ARRA - American Recovery and Reinvestment Act of 2009: A $787.2 billion stimulus measure, signed by President Obama on February 17, 2009, that provides aid to states and cities, funding for transportation and infrastructure projects, expansion of the Medicaid program to cover more unemployed workers, health IT funding, and personal and business tax breaks, among other provisions designed to "stimulate" the economy. Back to top
ASP - Application Service Provider: Application service provider is remote software that you access through a web browser. Instead of installing megabytes of software on your local C drive, you simply rent the use of some ASP software that exists elsewhere on the Internet. You never really own ASP software, you borrow it for a fee. Back to top
ASTM - American Society for Testing and Materials: American Society for Testing and Materials develops standards on characteristics and performance of materials, products, systems, and services. There are numerous standards-writing technical committees. E31 is the Committee on Computerized Systems and E31.28 is the subcommittee on Healthcare Informatics responsible for the Continuity of Care (CCR) standard. Back to top
Asymmetric Key System: A system designed to use different keys for encryption and decryption. Within such a system, it is computationally infeasible to determine the decryption key (which is kept private) from the encryption key (which is made publicly available). Back to top
Audit Trail: A chronological record of system activity, which enables the reconstruction of information regarding the creation, distribution, modification, and deletion of data. This record also shows the specific individuals who have accessed a computer and what they have done while they were in that computer. Back to top
Authentication: Any process by which a system verifies the identity of a user before allowing access to an information system. Back to top
Authorization: The role or set of permissions for information system activity assigned to an individual. Back to top
Availability: Data or information is accessible and useable upon demand by an authorized person. Back to top
B
BAA = Business Associate Agreement Back to top
Backup: A copy of files made to regain lost information if necessary. Back to top
C
CA - Certification Authority: The entity providing third party trust within Public Key Infrastructure (PKI). Back to top
CCD - Continuity of Care Document: A summary of a patient's health information for each visit to a health care provider to be delivered through the health information exchange. Back to top
CCHIT - Certification Commission for Healthcare Information Technology: A recognized certification body (RCB) for electronic health records and their networks. It is an independent, voluntary, private-sector initiative, established by the American Health Information Management Association (AHIMA), the Healthcare Information and Management Systems Society (HIMSS), and The National Alliance for Health Information Technology. Back to top
CCR - Continuity of Care Record: A standard specification being developed jointly by ASTM International, the Massachusetts Medical Society (MMS), the Health Information Management and Systems Society (HIMSS), the American Academy of Family Physicians (AAFP), and the American Academy of Pediatrics. It is intended to foster and improve continuity of patient care, to reduce medical errors, and to assure at least a minimum standard of health information transportability when a patient is referred or transferred to, or is otherwise seen by, another provider. Back to top
CDA - Clinical Document Architecture: A HL7 standard for the representation and machine processing of clinical documents in a way which makes the documents both human readable and machine processable, and guarantees preservation of the content by using the eXtensible Markup Language (XML) standard. It is a useful approach to management of documents which make up a large part of the clinical information processing arena. Back to top
Centers for Medicare and Medicaid Services (CMS): CMS is the Federal agency within the United States Department of Health and Human Services that administers the Medicare program and works in partnership with state governments to administer Medicaid, the State Children's Health Insurance Program (SCHIP), and health insurance portability standards. Back to top
Certification: A complete examination of an information system to be sure that the system can perform at the level required to support the intended results and meet the national standards for health information technology. Back to top
Certification Authority (CA): The entity providing third party trust within Public Key Infrastructure (PKI). Back to top
Certification Commission for Healthcare IT (CCHIT): A recognized certification body (RCB) for electronic health records and their networks. It is an independent, voluntary, private-sector initiative, established by the American Health Information Management Association (AHIMA), the Healthcare Information and Management Systems Society (HIMSS), and The National Alliance for Health Information Technology. Back to top
Certification/Conformance Testing: The monitored performance (test) of a product for the existence of specific features, functions, or characteristics required by a standard in order to determine the extent to which that product satisfies the standard requirements. Back to top
Certified EHR Technology: An electronic record of health-related information system (whether complete or modular) that (1) meets the requirements included in the definition of a Qualified EHR; and (2) has been tested and certified in accordance with the certification program established by the National Coordinator as having met all applicable certification criteria adopted by the Secretary. This technology must be used by an Eligible Professional (EP) or Eligible Hospital (EH) in order to qualify for financial incentives (and avoid reimbursement penalties). Back to top
Clinical Data Repository: The data warehouse that contains clinical data (HL7 messages) centrally. Back to top
Clinical Document Architecture (CDA): A HL7 standard for the representation and machine processing of clinical documents in a way which makes the documents both human readable and machine processable, and guarantees preservation of the content by using the eXtensible Markup Language (XML) standard. It is a useful approach to management of documents which make up a large part of the clinical information processing arena. Back to top
Clinical Messaging: The communication among providers involved in the care process that can range from real time communication (for example, fulfillment of an injection while the patient is in the exam room), to asynchronous communication (for example, consult reports between physicians). Back to top
Clinical User Authentication: The process used by the HIE to determine the identity of the person accessing the system with adequate certainty to maintain security and confidentiality of personal health information and to administer with certainty of identity a regulated process such as e-prescribing and chart signing. Back to top
CMS - Centers for Medicare and Medicaid Services: CMS is the Federal agency within the United States Department of Health and Human Services that administers the Medicare program and works in partnership with state governments to administer Medicaid, the State Children's Health Insurance Program (SCHIP), and health insurance portability standards. Back to top
Computerized Provider Order Entry (CPOE): A computer application that allows a physician's orders for diagnostic and treatment services (such as medications, laboratory, and other tests) to be entered electronically instead of being recorded on order sheets or prescription pads. The computer compares the order against standards for dosing, checks for allergies or interactions with other medications, and warns the physician about potential problems. Back to top
Confidentiality: Obligation of a person or agency that receives information about an individual, as part of providing a service to that individual, to protect that information from unauthorized persons or unauthorized uses. Confidentiality also includes respecting the privacy interest of the individuals who are associated with that information. Back to top
Consent: Consent is the permission granted by an authorized person that allows the provider, agency, or organization to release information about a person. The authorized person may be the subject of the information or they may be a designated representative such as a parent or guardian. Law, policy and procedures, and business agreements guide the use of consent. Back to top
Continuity of Care Document (CCD): A summary of a patient's health information for each visit to a health care provider to be delivered through the health information exchange. Back to top
Continuity of Care Record (CCR): A standard specification being developed jointly by ASTM International, the Massachusetts Medical Society (MMS), the Health Information Management and Systems Society (HIMSS), the American Academy of Family Physicians (AAFP), and the American Academy of Pediatrics. It is intended to foster and improve continuity of patient care, to reduce medical errors, and to assure at least a minimum standard of health information transportability when a patient is referred or transferred to, or is otherwise seen by, another provider. Back to top
Covered Entity: A health plan, a health care clearinghouse or a health care provider who transmits any health information in electronic form in connection with a transaction. Back to top
CPOE - Computerized Provider Order Entry: A computer application that allows a physician's orders for diagnostic and treatment services (such as medications, laboratory, and other tests) to be entered electronically instead of being recorded on order sheets or prescription pads. The computer compares the order against standards for dosing, checks for allergies or interactions with other medications, and warns the physician about potential problems. Back to top
D
Data Integrity: The accuracy and completeness of data, to be maintained by appropriate security measures and controls. The preservation of the original quality and accuracy of data, in written or in electronic form. Back to top
Data Recovery Services: A mechanism and process to safely store duplicate databases and recreate the data should a disaster occur. Back to top
Data Use Agreement: An agreement between a health provider, agency, or organization and a designated receiver of information that allows for the use of limited health information for the purpose of research, public health, or health care operations. The agreement assures that the information will be used only for specific purposes. Back to top
De-identified Health Information: Name, address, and other personal information are removed when sharing health information so that it cannot be used to determine who a person is. Back to top
Decision-Support System (DSS): Computer tools or applications to assist physicians in clinical decisions by providing evidence-based knowledge in the context of patient specific data. Examples include drug interaction alerts at the time medication is prescribed and reminders for specific guideline-based interventions during the care of patients with chronic disease. Information should be presented in a patient-centric view of individual care and also in a population, or aggregate view to support population management and quality improvement. Back to top
Decryption: The process used to "unscramble" information so that a "scrambled" or jumbled message becomes understandable. Back to top
Demographics: Information about name, address, age, gender, and role used to link patient records from multiple sources in the absence of a unique patient identifier. Back to top
DICOM - Digital Imaging Communications in Medicine: A standard, which defines protocols for the exchange of medical images and associated information (such as patient identification details and technique information) between instruments, information systems, and health care providers. It establishes a common language that enables medical images produced on one system to be processed and displayed on another. Back to top
Digital Certificate: Like a driver's license, it proves electronically that the person is who he or she says they are. Back to top
Digital Signature: Uniquely identifies one person electronically and is used like a written signature. For example, a doctor or nurse may use a digital signature at the end of an e-mail to a patient just as he or she would sign a letter. Back to top
Direct: - An Office of the National Coordinator for Health IT (ONC) project that specifies a simple, secure scalable, standards-based transportation mechanism that enables participants to send (push) encrypted health information directly to known, trusted recipients over the Internet. Back to top
Disclosure: The release, transfer, provision of access to, or any other manner of divulging information outside the entity holding the information. Back to top
DSS - Decision-Support System: Computer tools or applications to assist physicians in clinical decisions by providing evidence-based knowledge in the context of patient specific data. Examples include drug interaction alerts at the time medication is prescribed and reminders for specific guideline-based interventions during the care of patients with chronic disease. Information should be presented in a patient-centric view of individual care and also in a population, or aggregate view to support population management and quality improvement. Back to top
DURSA: Data Use Reciprocal Support Agreement Back to top
E
ED = Emergency Department Back to top
EHR - Electronic Health Record: As defined in the ARRA, an Electronic Health Record (EHR) means an electronic record of health-related information on an individual that includes patient demographic and clinical health information, such as medical histories and problem lists; and has the capacity to provide clinical decision support; to support physician order entry; to capture and query information relevant to healthcare quality; and to exchange electronic health information with, and integrate such information from other sources. Back to top
EHR Reporting Period: For the first Payment Year only, CMS proposes to define EHR Reporting Period to mean any continuous 90-day period within a Payment Year in which an Eligible Provider or Eligible Hospital successfully demonstrates meaningful use of certified EHR technology. Eligible Providers or Eligible Hospitals may choose to start their EHR reporting period on any date beginning with the first day of the Payment Year that allows for the 90-day period to be completed by the last day of the Payment Year. For the second Payment Year and all subsequent Payment Years, the EHR reporting period would be the entire Payment Year. See Payment Year. Back to top
Electronic Billing (Claims, Eligibility, Remittance): The ability to contact the payer before the patient is seen and get a response that indicates whether or not the services to be rendered will be covered by the payer. Back to top
Electronic Health Record (EHR): As defined in the ARRA, an Electronic Health Record (EHR) means an electronic record of health-related information on an individual that includes patient demographic and clinical health information, such as medical histories and problem lists; and has the capacity to provide clinical decision support; to support physician order entry; to capture and query information relevant to healthcare quality; and to exchange electronic health information with, and integrate such information from other sources. Back to top
Electronic Imaging Results Delivery: The ability to accept messages from radiology sources and integrate the data for presentation to a clinician. Back to top
Electronic Medical Record (EMR): An electronic record of health-related information on an individual that can be created, gathered, managed, and consulted by authorized clinicians and staff within one health care organization. Back to top
Electronic Personal Health Record (ePHR): A universally accessible, layperson comprehensible, lifelong tool for managing relevant health information, promoting health maintenance and assisting with chronic disease management via an interactive, common data set of electronic health information and e-health tools. The ePHR is owned, managed, and shared by the individual or his or her legal proxy(s) and must be secure to protect the privacy and confidentiality of the health information it contains. It is not a legal record unless so defined and is subject to various legal limitations. Back to top
Electronic Prescribing (e-prescribing): A type of computer technology whereby physicians use handheld or personal computer devices to review drug and formulary coverage and to transmit prescriptions to a printer or to a local pharmacy. ePrescribing software can be integrated into existing clinical information systems to allow physician access to patient-specific information to screen for drug interactions and allergies. Back to top
Electronic Signature: A digital signature, which serves as a unique identifier for an individual. Back to top
ELINCS = EHR Lab Interoperability and Connectivity Standard Back to top
EMR - Electronic Medical Record: An electronic record of health-related information on an individual that can be created, gathered, managed, and consulted by authorized clinicians and staff within one health care organization. Back to top
Encryption: The translation of information to a code to keep it secret. Back to top
ePHR - electronic Personal Health Record: A universally accessible, layperson comprehensible, lifelong tool for managing relevant health information, promoting health maintenance and assisting with chronic disease management via an interactive, common data set of electronic health information and e-health tools. The ePHR is owned, managed, and shared by the individual or his or her legal proxy(s) and must be secure to protect the privacy and confidentiality of the health information it contains. It is not a legal record unless so defined and is subject to various legal limitations. Back to top
Event: Any observable occurrence in a network or system. Back to top
F
Federally-Qualified Health Centers (FQHCs): "Safety net" providers such as community health centers, public housing centers, outpatient health programs funded by the Indian Health Service, and programs serving migrants and the homeless. FQHCs provide their services to all persons regardless of ability to pay, and charge for services on a community board approved sliding-fee scale that is based on patients' family income and size. FQHCs are funded by the federal government under Section 330 of the Public Health Service Act. Back to top
FQHCs - Federally-Qualified Health Centers: "Safety net" providers such as community health centers, public housing centers, outpatient health programs funded by the Indian Health Service, and programs serving migrants and the homeless. FQHCs provide their services to all persons regardless of ability to pay, and charge for services on a community board approved sliding-fee scale that is based on patients' family income and size. FQHCs are funded by the federal government under Section 330 of the Public Health Service Act. Back to top
H
Health Information: Any information, whether oral or recorded in any form or medium, that is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual. Back to top
Health Information Exchange (HIE): As defined by the Office of the National Coordinator and the National Alliance for Health Information Technology (NAHIT), Health Information Exchange means the electronic movement of health-related information among organizations according to nationally recognized standards. Back to top
Health Information for Economic and Clinical Health (HITECH) Act: Collectively refers to the health information technology provisions included at Title XIII of Division A and Title IV of Division B of the ARRA. Back to top
Health Information Organization: An organization that oversees and governs the exchange of health-related information among organizations according to nationally recognized standards. Back to top
Health Information Privacy: An individual's right to control the acquiring, use or release of his or her personal health information. Back to top
Health Information Security: A set of policies or standards put in place to disallow a person's personal health information from being shared without the owner's permission. Back to top
Health Information Technology (HIT): As defined in the ARRA, Health Information Technology means hardware, software, integrated technologies or related licenses, intellectual property, upgrades, or packaged solutions sold as services that are designed for or support the use by healthcare entities or patients for the electronic creation, maintenance, access, or exchange of health information. Back to top
Health Information Technology Research Center (HITRC): As set out in the ARRA, the Health Information Technology Research Center will be created by the Office of the National Coordinator to provide technical assistance and develop or recognize best practices to support and accelerate efforts by healthcare providers to adopt, implement, and effectively utilize health information technology that allows for the electronic exchange of information. Back to top
Health Insurance Portability and Accountability Act (HIPAA): Enacted by Congress in 1996. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic healthcare transactions and national identifiers for providers, health insurance plans, and employers. The Administration Simplification provisions also address the security and privacy of health data. The standards are meant to improve the efficiency and effectiveness of the nation's healthcare system by encouraging the widespread use of electronic data interchange in the U.S. healthcare system. Back to top
Health Level Seven (HL7): An ANSI approved American National Standard for electronic data exchange in health care. It enables disparate computer applications to exchange key sets of clinical and administrative information. Back to top
Health Maintenance Organization (HMO): A federally qualified HMO, an organization recognized as an HMO under State law, or a similar organization regulated for solvency under State law in the same manner and to the same extent as such an HMO. Back to top
Health Oversight Agency: An agency or authority of the United States, a State, a territory, a political subdivision of a State or territory, or an Indian tribe, or a person or entity acting under a grant of authority from or contract with such public agency, including the employees or agents of such public agency or its contractors or persons or entities to whom it has granted authority, that is authorized by law to oversee the health care system (whether public or private) or government programs in which health information is necessary to determine eligibility or compliance, or to enforce civil rights laws for which health information is relevant. Back to top
Health Plan: An individual or group plan that provides, or pays the cost of, medical care. Back to top
Healthcare: A provider of services, a provider of medical or health services and any other person or organization who furnishes, bills, or is paid for health care in the normal course of business. Back to top
Healthcare Information Technology Standards Panel (HITSP): A multi-stakeholder coordinating body designed to provide the process within which stakeholders identify, select, and harmonize standards for communicating and encouraging broad deployment and exchange of healthcare information throughout the healthcare spectrum. The Panel's processes are business process and use-case driven, with decision making based on the needs of all NHIN stakeholders. The Panel's activities are led by the American National Standards Institute (ANSI), a not-for-profit organization that has been coordinating the U.S. voluntary standardization system since 1918. Back to top
HHS - U.S. Department of Health and Human Services: The federal government agency responsible for protecting the health of all Americans and providing essential human services. HHS, through CMS, administers the Medicare (health insurance for elderly and disabled Americans) and Medicaid (health insurance for low-income people) programs, among others. Back to top
HIE - Health Information Exchange: As defined by the Office of the National Coordinator and the National Alliance for Health Information Technology (NAHIT), Health Information Exchange means the electronic movement of health-related information among organizations according to nationally recognized standards. Back to top
HIPAA: - Health Insurance and Portability and Accountability Act Enacted by Congress in 1996, Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic healthcare transactions and national identifiers for providers, health insurance plans, and employers. The Administration Simplification provisions also address the security and privacy of health data. The standards are meant to improve the efficiency and effectiveness of the nation's healthcare system by encouraging the widespread use of electronic data interchange in the U.S. healthcare system. Back to top
HIT - Health Information Technology: As defined in the ARRA, Health Information Technology means hardware, software, integrated technologies or related licenses, intellectual property, upgrades, or packaged solutions sold as services that are designed for or support the use by healthcare entities or patients for the electronic creation, maintenance, access, or exchange of health information. Back to top
HITECH - Health Information for Economic and Clinical Health Act: Collectively refers to the health information technology provisions included at Title XIII of Division A and Title IV of Division B of the ARRA. Back to top
HITRC - Health Information Technology Research Center: As set out in the ARRA, the Health Information Technology Research Center will be created by the Office of the National Coordinator to provide technical assistance and develop or recognize best practices to support and accelerate efforts by healthcare providers to adopt, implement, and effectively utilize health information technology that allows for the electronic exchange of information. Back to top
HITSP - Health Information Technology Standards Panel: A multi-stakeholder coordinating body designed to provide the process within which stakeholders identify, select, and harmonize standards for communicating and encouraging broad deployment and exchange of healthcare information throughout the healthcare spectrum. The Panel's processes are business process and use-case driven, with decision making based on the needs of all NHIN stakeholders. The Panel's activities are led by the American National Standards Institute (ANSI), a not-for-profit organization that has been coordinating the U.S. voluntary standardization system since 1918. Back to top
HL7 - Health Level Seven: An ANSI approved American National Standard for electronic data exchange in health care. It enables disparate computer applications to exchange key sets of clinical and administrative information. Back to top
HMO - Health Maintenance Organization: A federally qualified HMO, an organization recognized as an HMO under State law, or a similar organization regulated for solvency under State law in the same manner and to the same extent as such an HMO. Back to top
I
Identity: A characteristic or set of characteristics that recognizes an individual as unique from another. Back to top
IDN - Integrated Delivery Network: An organization that combines hospital, physician and other medical services as part of a larger health care system. Back to top
IIHI - Individually Identifiable Health Information: Information that is a subset of health information, including demographic information collected from an individual, and is created or received by a health care provider, health plan, employer, or health care clearinghouse; and relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and that identifies the individual; or with respect to which there is a reasonable basis to believe the information can be used to identify the individual. Back to top
Implementation Services: Consulting services offered by the vendor. These services will provide planning and actual implementation of an EHR system. It is important when comparing quoted implementation costs that physicians understand which detailed cost line items a particular vendor will be supplying. Back to top
Inappropriate Usage: Using personal information without that person's permission. Back to top
Incident Response Plan: The instructions or procedures that an organization can use to detect, respond to, and limit the effect of computer system attacks. Back to top
Individual: The person who is the subject of protected health information. Back to top
Individually Identifiable Health Information (IIHI): Information that is a subset of health information, including demographic information collected from an individual, and is created or received by a health care provider, health plan, employer, or health care clearinghouse; and relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and that identifies the individual; or with respect to which there is a reasonable basis to believe the information can be used to identify the individual. Back to top
Information System: An interconnected set of information resources under the same direct management control that shares common functionality. A system normally includes hardware, software, information, data, applications, communications, and people. Back to top
Informed Consent: Information exchange between a clinical investigator and research subjects. This exchange may include question/answer sessions, verbal instructions, measures of understanding, and reading and signing informed consent documents and recruitment materials. Back to top
Integrated Delivery Network (IDN): An organization that combines hospital, physician and other medical services as part of a larger health care system. Back to top
Integrity: Data or information that has not been changed or destroyed in an unauthorized way. Back to top
Interface: A means of interaction between two devices or systems that handle data. Back to top
(The) International Organization for Standardization (ISO): It is a worldwide federation of national standards bodies from some 130 countries, one from each country. ISO's work results in international agreements, which are published as International Standards. Back to top
Interoperability: Interoperability means the ability of health information systems to work together within and across organizational boundaries in order to advance the effective delivery of healthcare for individuals and communities. Back to top
ISO - The International Organization for Standardization: It is a worldwide federation of national standards bodies from some 130 countries, one from each country. ISO's work results in international agreements, which are published as International Standards. Back to top
K
Key Certificate: A data record that authenticates the owner of a public key for an asymmetric algorithm. It is issued by a certification authority and is protected by a digital signature allowing the certificate to be verified widely. The certificate may also contain other fields beside the value to the key and the name of the owner, for example an expiration date. Back to top
Keys: A sequence of symbols that controls the operations of encryption and decryption. Back to top
L
Limited Data Set: Health information that does not contain identifiers. It is protected but may be used for certain purposes without the owner's consent. Back to top
Log In, Logging Into: The action a person must take to confirm his or her identity before being allowed to use a computer system. Back to top
Logical Observation Identifiers, Names, and Codes (LOINC): The LOINC databases provide sets of universal names and ID codes for identifying laboratory and clinical test results. The purpose is to facilitate the exchange and pooling of results, such as blood hemoglobin, serum potassium, or vital signs, for clinical care, outcomes management, and research. Back to top
LOINC - Logical Observation Identifiers, Names, and Codes: The LOINC databases provide sets of universal names and ID codes for identifying laboratory and clinical test results. The purpose is to facilitate the exchange and pooling of results, such as blood hemoglobin, serum potassium, or vital signs, for clinical care, outcomes management, and research. Back to top
M
Master Patient Index (MPI): A list of all known patients in an area, activity, or organization. Back to top
Meaningful EHR User: As set out in the ARRA, a Meaningful EHR user meets the following requirements: (i) use of a certified EHR technology in a meaningful manner, which includes the use of electronic prescribing; (ii) use of a certified EHR technology that is connected in a manner that provides for the electronic exchange of health information to improve the quality of healthcare; and (iii) use of a certified EHR technology to submit information on clinical quality and other measures as selected by the Secretary of HHS. Back to top
Meaningful Use: Under the HITECH Act, an eligible professional or hospital is considered a "meaningful EHR user" if they use certified EHR technology in a manner consistent with criteria established by the Secretary of Health & Human Services (HHS), including but not limited to e-prescribing through an EHR and the electronic exchange of information for the purposes of quality improvement, such as care coordination. In addition, eligible professionals and hospitals must submit clinical quality and other measures to HHS. Back to top
Meaningful Use: Stage 1: (2011 and 2012) Meaningful use includes both a core set and a menu set of objectives that are specific for eligible professionals and hospitals. For Eligible Professionals, there are a total of 25 meaningful use objectives. Twenty of the objectives must be completed to qualify for an incentive payment. Fifteen are core objectives that are required, and the remaining 5 objectives may be chosen from the list of 10 menu set objectives. For Hospitals, there are a total of 24 meaningful use objectives. Fourteen are core objectives that are required, and the remaining 5 objectives may be chosen from the list of 10 menu set objectives. Back to top
Measure: Benchmarks in the meaningful use criteria CMS established against which an Eligible Professional or Eligible Hospital demonstrates meeting a meaningful use objective. See Objective. Back to top
Medical Trading Area (MTA): The natural market within which most referrals, hospitalizations, and other flows of both patients and patient information typically occur. Another term for this is a medical referral area. Back to top
Medicare Advantage Plans: Health plans offered by private companies that contract with Medicare to provide beneficiaries with Medicare Part A and Part B benefits. Medicare Advantage Plans are HMOs, PPOs, or Private Fee-for-Service Plans. Back to top
Medication Reconciliation: Alerts providers in real-time to potential administration errors such as wrong patient, wrong drug, wrong dose, wrong route and wrong time in support of medication administration or pharmacy dispense/supply management and workflow. Back to top
Message Integrity: Protecting a message against its unauthorized modification, often by the originator of the message generating a digital signature. Back to top
Modification: A change adopted through agreed regulation, to a standard or an implementation specification. Back to top
MPI - Master Patient Index: A list of all known patients in an area, activity, or organization. Back to top
MTA - Medical Trading Area: The natural market within which most referrals, hospitalizations, and other flows of both patients and patient information typically occur. Another term for this is a medical referral area. Back to top
N
NAHIT - National Alliance for Health Information Technology: Formed in 2002 in an effort to promote the use of health IT, NAHIT's members consisted of health care providers, payers, pharmaceutical companies and other industry organizations. The group ceased operations on Sept. 30, 2009. Back to top
National Alliance for Health Information Technology (NAHIT): Formed in 2002 in an effort to promote the use of health IT, NAHIT's members consisted of health care providers, payers, pharmaceutical companies and other industry organizations. The group ceased operations on Sept. 30, 2009. Back to top
National Institute of Standards and Technology (NIST): The non-regulatory federal agency within the U.S. Department of Commerce whose mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology. NIST oversees the NIST Laboratories, the Baldrige National Quality Program, the Hollings Manufacturing Extension Partnership, and the Technology Innovation Program. Back to top
National Provider Identifier (NPI): A system for classifying all providers of health care services, supplies, and equipment covered under HIPAA. Back to top
Nationwide Health Information Network (NHIN): The NwHIN is a federal initiative to develop a set of standards, services, and policies that enable the secure exchange of health information over the Internet for sharing among health decision makers, including consumers and patients, to promote improvements in health and health care. A group of federal agencies, local, regional and state-level Health Information Exchange Organizations (HIOs) and integrated delivery networks has been helping to develop the NwHIN standards, services and policies. Currently, the Nationwide Health Information Network (NwHIN) is operating as the NwHIN Exchange. By the end of 2010, it is expected that approximately a dozen federal and private entities will be securely sharing live health information. Back to top
Network: A set of connected elements. For computers, any collection of computers connected together so that they are able to communicate, permitting the sharing of data or programs. Back to top
Network Connectivity: The process used for maintaining connection for communication between the HIE and a data source (laboratory, radiology practice, physician practice, or hospital) and data user (physician practice or hospital). Back to top
NHIN - Nationwide Health Information Network: The NwHIN is a federal initiative to develop a set of standards, services, and policies that enable the secure exchange of health information over the Internet for sharing among health decision makers, including consumers and patients, to promote improvements in health and health care. A group of federal agencies, local, regional and state-level Health Information Exchange Organizations (HIOs) and integrated delivery networks has been helping to develop the NwHIN standards, services and policies. Currently, the Nationwide Health Information Network (NwHIN) is operating as the NwHIN Exchange. By the end of 2010, it is expected that approximately a dozen federal and private entities will be securely sharing live health information. Back to top
NIST - National Institute of Standards and Technology: The non-regulatory federal agency within the U.S. Department of Commerce whose mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology. NIST oversees the NIST Laboratories, the Baldrige National Quality Program, the Hollings Manufacturing Extension Partnership, and the Technology Innovation Program. Back to top
Non-Repudiation: The process of confirming proof of information delivery to the sender and proof of sender identity to the recipient. Back to top
Notice of Privacy Practices or Privacy Notice: HIPAA requires that all covered health plans, health care clearinghouses, or health care providers give patients a document that explains their privacy practices and how information about the patients' medical records may be shared. Back to top
NPI - National Provider Identifier: A system for classifying all providers of health care services, supplies, and equipment covered under HIPAA. Back to top
O
Objective: Broad aspirations CMS established within the meaningful use criteria for Eligible Providers and Eligible Hospitals to meet. Eligible Professionals have a set of 25 criteria to meet to demonstrate meaningful use. Eligible hospitals have a set of 23 criteria to meet to demonstrate meaningful use. See Measures. Back to top
Office of e-Health Initiatives: Serves as the single coordinating authority for the exchange of electronic health information in Tennessee. The Office of e-Health works to improve the health of Tennesseans by ensuring providers have complete patient information at the point of care and therefore, enabling providers to create a more comprehensive treatment plan for patients. Back to top
Office of the National Coordinator (ONC): Serves as principal advisor to the Secretary of HHS on the development, application, and use of health information technology; coordinates HHS's health information technology policies and programs internally and with other relevant executive branch agencies; develops, maintains, and directs the implementation of HHS' strategic plan to guide the nationwide implementation of interoperable health information technology in both the public and private healthcare sectors, to the extent permitted by law; and provides comments and advice at the request of OMB regarding specific Federal health information technology programs. ONC was established within the Office of the Secretary of HHS in 2004 by Executive Order 13335. Back to top
ONC - Office of the National Coordinator: Serves as principal advisor to the Secretary of HHS on the development, application, and use of health information technology; coordinates HHS's health information technology policies and programs internally and with other relevant executive branch agencies; develops, maintains, and directs the implementation of HHS' strategic plan to guide the nationwide implementation of interoperable health information technology in both the public and private healthcare sectors, to the extent permitted by law; and provides comments and advice at the request of OMB regarding specific Federal health information technology programs. ONC was established within the Office of the Secretary of HHS in 2004 by Executive Order 13335. Back to top
Open Source: Systems whose human-readable ("source") code is always freely available to anyone who is interested in downloading it. This is in contrast to most commercial software, whose source code is considered intellectual property and a trade secret not to be disclosed. Advantages of open source include availability, extensibility, and the opportunity for peer review. Open source products are made available under a variety of licenses. Back to top
Open Systems Interconnection (OSI): An international standard for networking adopted by the ISO (International Organization for Standardization). This 7-layer model offers the widest range of capabilities for networking. Back to top
Opt-in/Opt-out: Patients or consumers adding or removing themselves from participation in health information technology systems (e.g., HIE). Back to top
Order Entry: The process of communicating health care provider orders through electronic, computerized processes. Back to top
OSI - Open Systems Interconnection: An international standard for networking adopted by the ISO (International Organization for Standardization). This 7-layer model offers the widest range of capabilities for networking. Back to top
P
Participant: An authorized provider, payer, patient, health care organization, local board of health or the Iowa Department of Public Health that has agreed to authorize, submit, access and/or disclose health information through the health information exchange in accordance with all applicable laws, rules, agreements, policies and procedures. Back to top
Password: Confidential authentication information composed of a string of characters. Back to top
Patient Permission: The consent or authorization that patients provide regarding their health care or the use of their health information. Back to top
Pay-for-Performance (P4P)/Quality Data Reporting: Supports the capture and reporting of quality, performance, and accountability measures to which providers/ facilities/ delivery systems/communities are held accountable including measures related to process, outcomes, and/or costs of care, may be used in 'pay for performance' monitoring and adherence to best practice guidelines. Back to top
Payment Year: For Eligible Providers, any calendar year beginning with 2011. For Eligible Hospitals, any fiscal year beginning with 2011. The first Payment Year would mean the first calendar or Federal fiscal year for which an Eligible Provider or Eligible Hospital receives an incentive payment. Back to top
Payor: In healthcare, the entity responsible for making the payment to the healthcare provider for services rendered to a patient (insurance plan, Medicaid, Medicare, etc.). Back to top
Personal Health Record (PHR): An electronic record of health-related information on an individual that conforms to nationally recognized interoperability standards and that can be drawn from multiple sources while being managed, shared, and controlled by the individual. Back to top
PHR - Personal Health Record: An electronic record of health-related information on an individual that conforms to nationally recognized interoperability standards and that can be drawn from multiple sources while being managed, shared, and controlled by the individual. Back to top
PKI - Public Key Infrastructure: A conceptual framework that enables the encryption, decryption and electronic "signing" of data transmissions in a secure fashion within an open network environment. Back to top
Privacy: In December 2008, the Office of the National Coordinator for Health IT released its "Nationwide Privacy and Security Framework For Electronic Exchange of Individually Identifiable Health Information," (Framework) in which it defined privacy as, "An individual's interest in protecting his or her individually identifiable health information and the corresponding obligation of those persons and entities that participate in a network for the purposes of electronic exchange of such information, to respect those interests through fair information practices." This language contrasts with the definition of privacy included in the National Committee on Vital and Health Statistics' (NCVHS) June 2006 report, entitled, "Privacy and Confidentiality in the Nationwide Health Information Network." In its report, NCVHS recommended the following definition for "privacy": "Health information 'privacy' is an individual's right to control the acquisition, uses, or disclosures of his or her identifiable health data. Back to top
Private Key: In asymmetric cryptography, the key, which is held only by the user for signing and decrypting, messages. Back to top
Protected Health Information: Health information transmitted or maintained in any form that can reasonably be used to identify an individual. Back to top
Provider: A person, hospital, physician clinic, pharmacy, laboratory or other health service provider that is licensed, certified, or otherwise authorized by law to administer health care in the ordinary course of business or in the practice of a profession, or any other person or organization that furnishes, bills or is paid for health care in the normal course of business. Back to top
Public Health Authority: An agency or authority of the United States, a State, a territory, a political subdivision of a State or territory, or an Indian tribe, or a person or entity acting under a grant of authority from or contract with such public agency, including the employees or agents of such public agency or its contractors or persons or entities to whom it has granted authority, that is responsible for public health matters as part of its official mandate. Back to top
Public Key: In asymmetric cryptography, the key that is published by the user to encrypt messages and so that others may verify his/her signature. Back to top
Public Key Certificate: A data record that authenticates the owner of a public key for an asymmetrical key system. It is issued by a CA and is protected by a digital signature, allowing the certificate to be verified widely. Back to top
Public Key Infrastructure (PKI): A conceptual framework that enables the encryption, decryption and electronic "signing" of data transmissions in a secure fashion within an open network environment. Back to top
Purchaser: Any individual, employer or organization that purchases health insurance and includes intermediaries. Back to top
Q
Qsource: A leading not-for-profit quality improvement organization headquartered in Nashville, Tennessee, and the State's Quality Improvement Organization. Back to top
Qualified Electronic Health Record: An electronic record of health-related information concerning an individual which includes patient demographic and clinical health information, such as medical history and problem lists, and which has the capacity to provide clinical decision support, to support physician order entry, to capture and query information relevant to health care quality, and to exchange electronic health information with, and integrate such information from, other sources. Back to top
R
REC - Regional Extension Center: As set out in the ARRA, Regional Extension Centers will be established and may qualify for funding under ARRA to provide technical assistance and disseminate best practices and other information learned from the Health Information Technology Research Center to aid healthcare providers with the adoption of health information technology. Back to top
Record Locator Services (RLS): An electronic index of patient identifying information that directs providers in a health information exchange to the location of patient health records held by providers and other data sources. Back to top
Regional Extension Center (REC): As set out in the ARRA, Regional Extension Centers will be established and may qualify for funding under ARRA to provide technical assistance and disseminate best practices and other information learned from the Health Information Technology Research Center to aid healthcare providers with the adoption of health information technology. Back to top
Regional Health Information Organization (RHIO): A health information organization that brings together healthcare stakeholders within a defined geographic area and governs health information exchange among them for the purpose of improving health and care in that community. Back to top
Registration Authority: An entity (group or agency) that has been delegated by a CA to perform a specific set of 'trusted authority' functions within PKI. Relates to the privacy of individually identifiable health information means, with respect to a State law, that the State law has the specific purpose of protecting the privacy of health information or affects the privacy of health information in a direct, clear, and substantial way. Back to top
RHIO - Regional Health Information Organization: A health information organization that brings together healthcare stakeholders within a defined geographic area and governs health information exchange among them for the purpose of improving health and care in that community. Back to top
RLS - Record Locator Services: An electronic index of patient identifying information that directs providers in a health information exchange to the location of patient health records held by providers and other data sources. Back to top
S
Safeguards: Measures that protect the security of health information. Back to top
SDEs - State-Designated Entities: As defined in the ARRA, State-Designated Entities (SDEs) may be designated by a state as eligible to receive grants under Section 3013 of the ARRA. To qualify as an SDE, an entity must be a not-for-profit entity with broad stakeholder representation on its governing board; demonstrate that one of its principal goals is to use information technology to improve healthcare quality and efficiency through the authorized and secure electronic exchange and use of health information; adopt nondiscrimination and conflict of interest policies that demonstrate a commitment to open, fair, and nondiscriminatory participation by stakeholders; and conform to other requirements as specified by HHS. Back to top
Security: The Health Insurance Portability and Accountability Act Security rule defines "Security or Security measures" as encompassing all of the administrative, physical, and technical safeguards in an information system. These safeguards are to ensure health information is protected from unauthorized access and alteration, while being accessible, when needed, by those that are authorized. Back to top
Sensitive Information: Health information with greater privacy and security protections established by law, including substance abuse, family planning, mental health, HIV/AIDS, and genetic disorders. Back to top
SMHP - State Medicaid HIT Plan: The Centers for Medicare and Medicaid Services (CMS) requires each state to have a plan with a common vision of how Medicaid's provider incentive program will operate in concert with the larger health system and statewide efforts. The plan must include at least four components: a current landscape assessment, a vision of the State's HIT future, specific actions necessary to implement the incentive payments program, and a HIT road map. Back to top
SNOMED: - Systematized Nomenclature of Medicine A systematically organized computer processable collection of medical terminology that allows a consistent way to index, store, retrieve, and aggregate clinical data; it also helps organize the content of medical records, reducing the variability in the way data is captured, encoded and used for clinical care of patients. Back to top
Stages 1 to 3: Three graduated stages CMS established for implementing meaningful use and EHR certification requirements. Stage 1 meaningful use criteria focus on: i) capturing health information in a coded format, ii) using the information to track key clinical conditions; iii) communicating captured information for care coordination purposes; and iv) reporting of clinical quality measures and public health information. Stage 2 criteria is likely to expand on Stage 1 criteria in the areas of disease management, clinical decision support, medication management, support for patient access to personal health information, transitions in care, quality measurement, research, and bi-directional communication with public health agencies. CMS expects to propose Stage 2 criteria by the end of 2011 Stage 3 criteria likely will focus on achieving improvements in quality, safety and efficiency, focusing on decision support for national high priority conditions, patient access to self-management tools, access to comprehensive patient data and improving population health outcomes. CMS expects to propose Stage 3 criteria by the end of 2013. Back to top
Standard: Documented agreements containing technical specifications or other precise criteria to be used consistently as rules, guidelines, or definitions of characteristics to ensure that materials, products, processes, and services are fit for their purpose. Back to top
State-Designated Entities (SDEs): As defined in the ARRA, State-Designated Entities (SDEs) may be designated by a state as eligible to receive grants under Section 3013 of the ARRA. To qualify as an SDE, an entity must be a not-for-profit entity with broad stakeholder representation on its governing board; demonstrate that one of its principal goals is to use information technology to improve healthcare quality and efficiency through the authorized and secure electronic exchange and use of health information; adopt nondiscrimination and conflict of interest policies that demonstrate a commitment to open, fair, and nondiscriminatory participation by stakeholders; and conform to other requirements as specified by HHS. Back to top
State Medicaid HIT Plan (SMHP): The Centers for Medicare and Medicaid Services (CMS) requires each state to have a plan with a common vision of how Medicaid's provider incentive program will operate in concert with the larger health system and statewide efforts. The plan must include at least four components: a current landscape assessment, a vision of the State's HIT future, specific actions necessary to implement the incentive payments program, and a HIT road map. Back to top
Summary Health Information: Information, that may be individually identifiable health information, and that summarizes the claims history, claims expenses, or type of claims experienced by individuals for whom a plan sponsor has provided health benefits under a group health plan. Back to top
Systematized Nomenclature of Medicine (SNOMED): A systematically organized computer processable collection of medical terminology that allows a consistent way to index, store, retrieve, and aggregate clinical data; it also helps organize the content of medical records, reducing the variability in the way data is captured, encoded and used for clinical care of patients. Back to top
T
Technical Safeguards: The technology and the policy and procedures for its use that protect electronic protected health information and control access to it. Back to top
TennCare: The Bureau of TennCare, Tennessee's state Medicaid agency. Back to top
TPA - Trading Partner Agreement: An agreement related to the exchange of information in electronic transactions, whether the agreement is distinct or part of a larger agreement, between each party to the agreement. (For example, a trading partner agreement may specify, among other things, the duties and responsibilities of each party to the agreement in conducting a standard transaction.) Back to top
Trading Partner Agreement (TPA): An agreement related to the exchange of information in electronic transactions, whether the agreement is distinct or part of a larger agreement, between each party to the agreement. (For example, a trading partner agreement may specify, among other things, the duties and responsibilities of each party to the agreement in conducting a standard transaction.) Back to top
Transaction: Transmission of information between two parties to carry out financial or administrative activities related to health care. Back to top
Treatment: The provision, coordination, or management of health care and related services by one or more health care providers, including the coordination or management of health care by a health care provider with a third party; consultation between health care providers relating to a patient; or the referral of a patient for health care from one health care provider to another. Back to top
U
U.S. Department of Health and Human Services (HHS): The federal government agency responsible for protecting the health of all Americans and providing essential human services. HHS, through CMS, administers the Medicare (health insurance for elderly and disabled Americans) and Medicaid (health insurance for low-income people) programs, among others. Back to top
Unauthorized Access: The act of gaining access to a network, system, application, health information, or other resource without permission. Back to top
Unauthorized Disclosure: An act that involves exposing, releasing, or displaying health information to those not authorized to have access to the information. Back to top
Use: Sharing, employing, applying, utilizing, examining, or analyzing health information. Back to top
User: A person or entity with the appropriate authority to access a system. Back to top