Skip to Main Content

Glossary

Acceptable Use Policy

Set of rules and guidelines that specify appropriate use of computer systems or networks.

Access

The process or ability of obtaining data from or placing data into a computer system or storage device. It refers to such actions by any individual or entity that has the appropriate authorization for such actions.

Access Control

To prevent the unauthorized use of health information resources.

Accountability

To ensure the actions of a person or agency can be traced to that individual or agency.

Administrative Safeguards

Administrative actions, policies and procedures that manage the selection, development, implementation and maintenance of security measures to protect electronic health information and that manage the conduct of the covered entity's workforce in relation to the protection of that information.

Agency for Health care Research and Quality (AHRQ)

AHRQ is a part of the United States Department of Health and Human Services and its mission is to improve the quality, safety, efficiency and effectiveness of health care for Americans.

AHRQ - Agency for Health care Research and Quality

AHRQ is a part of the United States Department of Health and Human Services and its mission is to improve the quality, safety, efficiency and effectiveness of health care for Americans.

American National Standards Institute (ANSI)

A broad based agency charged with overseeing voluntary standards development for everything from computers to household products. ANSI accredits standards development organizations (SDO) based on their consensus process, then reviews and officially approves the SDO recommendations.

American Recovery and Reinvestment Act of 2009 (ARRA)

A $787.2 billion stimulus measure, signed by President Obama on February 17, 2009, that provides aid to states and cities, funding for transportation and infrastructure projects, expansion of the Medicaid program to cover more unemployed workers, health IT funding, and personal and business tax breaks, among other provisions designed to "stimulate" the economy.

American Society for Testing and Materials (ASTM)

American Society for Testing and Materials develops standards on characteristics and performance of materials, products, systems, and services. There are numerous standards-writing technical committees. E31 is the Committee on Computerized Systems and E31.28 is the subcommittee on Health care Informatics responsible for the Continuity of Care (CCR) standard.

Anonymized

Personal information which has been processed to make it impossible to know whose information it is.

ANSI - American National Standards Institute

A broad based agency charged with overseeing voluntary standards development for everything from computers to household products. ANSI accredits standards development organizations (SDO) based on their consensus process, then reviews and officially approves the SDO recommendations.

Antivirus software

A software program that checks a computer or network to find all major types of harmful software that can damage a computer system.

Application Service Provider (ASP)

Application service provider is remote software that you access through a web browser. Instead of installing megabytes of software on your local C drive, you simply rent the use of some ASP software that exists elsewhere on the Internet. You never really own ASP software, you borrow it for a fee.

Architecture

The orderly arrangement of parts; structure.

ARRA - American Recovery and Reinvestment Act of 2009

A $787.2 billion stimulus measure, signed by President Obama on February 17, 2009, that provides aid to states and cities, funding for transportation and infrastructure projects, expansion of the Medicaid program to cover more unemployed workers, health IT funding, and personal and business tax breaks, among other provisions designed to "stimulate" the economy.

ASP - Application Service Provider

Application service provider is remote software that you access through a web browser. Instead of installing megabytes of software on your local C drive, you simply rent the use of some ASP software that exists elsewhere on the Internet. You never really own ASP software, you borrow it for a fee.

ASTM - American Society for Testing and Materials

American Society for Testing and Materials develops standards on characteristics and performance of materials, products, systems, and services. There are numerous standards-writing technical committees. E31 is the Committee on Computerized Systems and E31.28 is the subcommittee on Health care Informatics responsible for the Continuity of Care (CCR) standard.

Asymmetric Key System

A system designed to use different keys for encryption and decryption. Within such a system, it is computationally infeasible to determine the decryption key (which is kept private) from the encryption key (which is made publicly available).

Audit Trail

A chronological record of system activity, which enables the reconstruction of information regarding the creation, distribution, modification, and deletion of data. This record also shows the specific individuals who have accessed a computer and what they have done while they were in that computer.

Authentication

Any process by which a system verifies the identity of a user before allowing access to an information system.

Authorization

The role or set of permissions for information system activity assigned to an individual.

Availability

Data or information is accessible and useable upon demand by an authorized person.

BAA

Business Associate Agreement

Backup

A copy of files made to regain lost information if necessary.

CA - Certification Authority

The entity providing third party trust within Public Key Infrastructure (PKI).

CCD - Continuity of Care Document

A summary of a patient's health information for each visit to a health care provider to be delivered through the health information exchange.

CCHIT - Certification Commission for Health care Information Technology

A recognized certification body (RCB) for electronic health records and their networks. It is an independent, voluntary, private-sector initiative, established by the American Health Information Management Association (AHIMA), the Health care Information and Management Systems Society (HIMSS), and The National Alliance for Health Information Technology.

CCR - Continuity of Care Record

A standard specification being developed jointly by ASTM International, the Massachusetts Medical Society (MMS), the Health Information Management and Systems Society (HIMSS), the American Academy of Family Physicians (AAFP), and the American Academy of Pediatrics. It is intended to foster and improve continuity of patient care, to reduce medical errors, and to assure at least a minimum standard of health information transportability when a patient is referred or transferred to, or is otherwise seen by, another provider.

CDA - Clinical Document Architecture

A HL7 standard for the representation and machine processing of clinical documents in a way which makes the documents both human readable and machine processable, and guarantees preservation of the content by using the eXtensible Markup Language (XML) standard. It is a useful approach to management of documents which make up a large part of the clinical information processing arena.

Centers for Medicare and Medicaid Services (CMS)

CMS is the Federal agency within the United States Department of Health and Human Services that administers the Medicare program and works in partnership with state governments to administer Medicaid, the State Children's Health Insurance Program (SCHIP), and health insurance portability standards.

Certification

A complete examination of an information system to be sure that the system can perform at the level required to support the intended results and meet the national standards for health information technology.

Certification Authority (CA)

The entity providing third party trust within Public Key Infrastructure (PKI).

Certification Commission for Health care IT (CCHIT)

A recognized certification body (RCB) for electronic health records and their networks. It is an independent, voluntary, private-sector initiative, established by the American Health Information Management Association (AHIMA), the Health care Information and Management Systems Society (HIMSS), and The National Alliance for Health Information Technology.

Certification/Conformance Testing

The monitored performance (test) of a product for the existence of specific features, functions, or characteristics required by a standard in order to determine the extent to which that product satisfies the standard requirements.

Certified EHR Technology

An electronic record of health-related information system (whether complete or modular) that (1) meets the requirements included in the definition of a Qualified EHR; and (2) has been tested and certified in accordance with the certification program established by the National Coordinator as having met all applicable certification criteria adopted by the Secretary. This technology must be used by an Eligible Professional (EP) or Eligible Hospital (EH) in order to qualify for financial incentives (and avoid reimbursement penalties).

Clinical Data Repository

The data warehouse that contains clinical data (HL7 messages) centrally.

Clinical Document Architecture (CDA)

A HL7 standard for the representation and machine processing of clinical documents in a way which makes the documents both human readable and machine processable, and guarantees preservation of the content by using the eXtensible Markup Language (XML) standard. It is a useful approach to management of documents which make up a large part of the clinical information processing arena.

Clinical Messaging

The communication among providers involved in the care process that can range from real time communication (for example, fulfillment of an injection while the patient is in the exam room), to asynchronous communication (for example, consult reports between physicians).

Clinical User Authentication

The process used by the HIE to determine the identity of the person accessing the system with adequate certainty to maintain security and confidentiality of personal health information and to administer with certainty of identity a regulated process such as e-prescribing and chart signing.

CMS - Centers for Medicare and Medicaid Services

CMS is the Federal agency within the United States Department of Health and Human Services that administers the Medicare program and works in partnership with state governments to administer Medicaid, the State Children's Health Insurance Program (SCHIP), and health insurance portability standards.

Computerized Provider Order Entry (CPOE)

A computer application that allows a physician's orders for diagnostic and treatment services (such as medications, laboratory, and other tests) to be entered electronically instead of being recorded on order sheets or prescription pads. The computer compares the order against standards for dosing, checks for allergies or interactions with other medications, and warns the physician about potential problems.

Confidentiality

Obligation of a person or agency that receives information about an individual, as part of providing a service to that individual, to protect that information from unauthorized persons or unauthorized uses. Confidentiality also includes respecting the privacy interest of the individuals who are associated with that information.

Consent

Consent is the permission granted by an authorized person that allows the provider, agency, or organization to release information about a person. The authorized person may be the subject of the information or they may be a designated representative such as a parent or guardian. Law, policy and procedures, and business agreements guide the use of consent.

Continuity of Care Document (CCD)

A summary of a patient's health information for each visit to a health care provider to be delivered through the health information exchange.

Continuity of Care Record (CCR)

A standard specification being developed jointly by ASTM International, the Massachusetts Medical Society (MMS), the Health Information Management and Systems Society (HIMSS), the American Academy of Family Physicians (AAFP), and the American Academy of Pediatrics. It is intended to foster and improve continuity of patient care, to reduce medical errors, and to assure at least a minimum standard of health information transportability when a patient is referred or transferred to, or is otherwise seen by, another provider.

Covered Entity

A health plan, a health care clearinghouse or a health care provider who transmits any health information in electronic form in connection with a transaction.

CPOE - Computerized Provider Order Entry

A computer application that allows a physician's orders for diagnostic and treatment services (such as medications, laboratory, and other tests) to be entered electronically instead of being recorded on order sheets or prescription pads. The computer compares the order against standards for dosing, checks for allergies or interactions with other medications, and warns the physician about potential problems.

Data Integrity

The accuracy and completeness of data, to be maintained by appropriate security measures and controls. The preservation of the original quality and accuracy of data, in written or in electronic form.

Data Recovery Services

A mechanism and process to safely store duplicate databases and recreate the data should a disaster occur.

Data Use Agreement

An agreement between a health provider, agency, or organization and a designated receiver of information that allows for the use of limited health information for the purpose of research, public health, or health care operations. The agreement assures that the information will be used only for specific purposes.

De-identified Health Information

Name, address, and other personal information are removed when sharing health information so that it cannot be used to determine who a person is.

Decision-Support System (DSS)

Computer tools or applications to assist physicians in clinical decisions by providing evidence-based knowledge in the context of patient specific data. Examples include drug interaction alerts at the time medication is prescribed and reminders for specific guideline-based interventions during the care of patients with chronic disease. Information should be presented in a patient-centric view of individual care and also in a population, or aggregate view to support population management and quality improvement.

Decryption

The process used to "unscramble" information so that a "scrambled" or jumbled message becomes understandable.

Demographics

Information about name, address, age, gender, and role used to link patient records from multiple sources in the absence of a unique patient identifier.

DICOM - Digital Imaging Communications in Medicine

A standard, which defines protocols for the exchange of medical images and associated information (such as patient identification details and technique information) between instruments, information systems, and health care providers. It establishes a common language that enables medical images produced on one system to be processed and displayed on another.

Digital Certificate

Like a driver's license, it proves electronically that the person is who he or she says they are.

Digital Signature

Uniquely identifies one person electronically and is used like a written signature. For example, a doctor or nurse may use a digital signature at the end of an e-mail to a patient just as he or she would sign a letter.

Direct

An Office of the National Coordinator for Health IT (ONC) project that specifies a simple, secure scalable, standards-based transportation mechanism that enables participants to send (push) encrypted health information directly to known, trusted recipients over the Internet.

Disclosure

The release, transfer, provision of access to, or any other manner of divulging information outside the entity holding the information.

DSS - Decision-Support System

Computer tools or applications to assist physicians in clinical decisions by providing evidence-based knowledge in the context of patient specific data. Examples include drug interaction alerts at the time medication is prescribed and reminders for specific guideline-based interventions during the care of patients with chronic disease. Information should be presented in a patient-centric view of individual care and also in a population, or aggregate view to support population management and quality improvement.

DURSA

Data Use Reciprocal Support Agreement

ED

Emergency Department

EHR - Electronic Health Record

As defined in the ARRA, an Electronic Health Record (EHR) means an electronic record of health-related information on an individual that includes patient demographic and clinical health information, such as medical histories and problem lists; and has the capacity to provide clinical decision support; to support physician order entry; to capture and query information relevant to health care quality; and to exchange electronic health information with, and integrate such information from other sources.

EHR Reporting Period

For the first Payment Year only, CMS proposes to define EHR Reporting Period to mean any continuous 90-day period within a Payment Year in which an Eligible Provider or Eligible Hospital successfully demonstrates meaningful use of certified EHR technology. Eligible Providers or Eligible Hospitals may choose to start their EHR reporting period on any date beginning with the first day of the Payment Year that allows for the 90-day period to be completed by the last day of the Payment Year. For the second Payment Year and all subsequent Payment Years, the EHR reporting period would be the entire Payment Year. See Payment Year.

Electronic Billing (Claims, Eligibility, Remittance)

The ability to contact the payer before the patient is seen and get a response that indicates whether or not the services to be rendered will be covered by the payer.

Electronic Health Record (EHR)

As defined in the ARRA, an Electronic Health Record (EHR) means an electronic record of health-related information on an individual that includes patient demographic and clinical health information, such as medical histories and problem lists; and has the capacity to provide clinical decision support; to support physician order entry; to capture and query information relevant to health care quality; and to exchange electronic health information with, and integrate such information from other sources.

Electronic Imaging Results Delivery

The ability to accept messages from radiology sources and integrate the data for presentation to a clinician.

Electronic Medical Record (EMR)

An electronic record of health-related information on an individual that can be created, gathered, managed, and consulted by authorized clinicians and staff within one health care organization.

Electronic Personal Health Record (ePHR)

A universally accessible, layperson comprehensible, lifelong tool for managing relevant health information, promoting health maintenance and assisting with chronic disease management via an interactive, common data set of electronic health information and e-health tools. The ePHR is owned, managed, and shared by the individual or his or her legal proxy(s) and must be secure to protect the privacy and confidentiality of the health information it contains. It is not a legal record unless so defined and is subject to various legal limitations.

Electronic Prescribing (e-prescribing)

A type of computer technology whereby physicians use handheld or personal computer devices to review drug and formulary coverage and to transmit prescriptions to a printer or to a local pharmacy. ePrescribing software can be integrated into existing clinical information systems to allow physician access to patient-specific information to screen for drug interactions and allergies.

Electronic Signature

A digital signature, which serves as a unique identifier for an individual.

ELINCS

EHR Lab Interoperability and Connectivity Standard

EMR - Electronic Medical Record

An electronic record of health-related information on an individual that can be created, gathered, managed, and consulted by authorized clinicians and staff within one health care organization.

Encryption

The translation of information to a code to keep it secret.

ePHR - electronic Personal Health Record

A universally accessible, layperson comprehensible, lifelong tool for managing relevant health information, promoting health maintenance and assisting with chronic disease management via an interactive, common data set of electronic health information and e-health tools. The ePHR is owned, managed, and shared by the individual or his or her legal proxy(s) and must be secure to protect the privacy and confidentiality of the health information it contains. It is not a legal record unless so defined and is subject to various legal limitations.

Event

Any observable occurrence in a network or system.

Federally-Qualified Health Centers (FQHCs)

"Safety net" providers such as community health centers, public housing centers, outpatient health programs funded by the Indian Health Service, and programs serving migrants and the homeless. FQHCs provide their services to all persons regardless of ability to pay, and charge for services on a community board approved sliding-fee scale that is based on patients' family income and size. FQHCs are funded by the federal government under Section 330 of the Public Health Service Act.

FQHCs - Federally-Qualified Health Centers

"Safety net" providers such as community health centers, public housing centers, outpatient health programs funded by the Indian Health Service, and programs serving migrants and the homeless. FQHCs provide their services to all persons regardless of ability to pay, and charge for services on a community board approved sliding-fee scale that is based on patients' family income and size. FQHCs are funded by the federal government under Section 330 of the Public Health Service Act.

Health Information

Any information, whether oral or recorded in any form or medium, that is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.

Health Information Exchange (HIE)

As defined by the Office of the National Coordinator and the National Alliance for Health Information Technology (NAHIT), Health Information Exchange means the electronic movement of health-related information among organizations according to nationally recognized standards.

Health Information for Economic and Clinical Health (HITECH) Act

Collectively refers to the health information technology provisions included at Title XIII of Division A and Title IV of Division B of the ARRA.

Health Information Organization

An organization that oversees and governs the exchange of health-related information among organizations according to nationally recognized standards.

Health Information Privacy

An individual's right to control the acquiring, use or release of his or her personal health information.

Health Information Security

A set of policies or standards put in place to disallow a person's personal health information from being shared without the owner's permission.

Health Information Technology (HIT)

As defined in the ARRA, Health Information Technology means hardware, software, integrated technologies or related licenses, intellectual property, upgrades, or packaged solutions sold as services that are designed for or support the use by health care entities or patients for the electronic creation, maintenance, access, or exchange of health information.

Health Information Technology Research Center (HITRC)

As set out in the ARRA, the Health Information Technology Research Center will be created by the Office of the National Coordinator to provide technical assistance and develop or recognize best practices to support and accelerate efforts by health care providers to adopt, implement, and effectively utilize health information technology that allows for the electronic exchange of information.

Health Insurance Portability and Accountability Act (HIPAA)

Enacted by Congress in 1996. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. The Administration Simplification provisions also address the security and privacy of health data. The standards are meant to improve the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in the U.S. health care system.

Health Level Seven (HL7)

An ANSI approved American National Standard for electronic data exchange in health care. It enables disparate computer applications to exchange key sets of clinical and administrative information.

Health Maintenance Organization (HMO)

A federally qualified HMO, an organization recognized as an HMO under State law, or a similar organization regulated for solvency under State law in the same manner and to the same extent as such an HMO.

Health Oversight Agency

An agency or authority of the United States, a State, a territory, a political subdivision of a State or territory, or an Indian tribe, or a person or entity acting under a grant of authority from or contract with such public agency, including the employees or agents of such public agency or its contractors or persons or entities to whom it has granted authority, that is authorized by law to oversee the health care system (whether public or private) or government programs in which health information is necessary to determine eligibility or compliance, or to enforce civil rights laws for which health information is relevant.

Health Plan

An individual or group plan that provides, or pays the cost of, medical care.

Healthcare

A provider of services, a provider of medical or health services and any other person or organization who furnishes, bills, or is paid for health care in the normal course of business.

Healthcare Information Technology Standards Panel (HITSP)

A multi-stakeholder coordinating body designed to provide the process within which stakeholders identify, select, and harmonize standards for communicating and encouraging broad deployment and exchange of health care information throughout the health care spectrum. The Panel's processes are business process and use-case driven, with decision making based on the needs of all NHIN stakeholders. The Panel's activities are led by the American National Standards Institute (ANSI), a not-for-profit organization that has been coordinating the U.S. voluntary standardization system since 1918.

HHS - U.S. Department of Health and Human Services

The federal government agency responsible for protecting the health of all Americans and providing essential human services. HHS, through CMS, administers the Medicare (health insurance for elderly and disabled Americans) and Medicaid (health insurance for low-income people) programs, among others.

HIE - Health Information Exchange

As defined by the Office of the National Coordinator and the National Alliance for Health Information Technology (NAHIT), Health Information Exchange means the electronic movement of health-related information among organizations according to nationally recognized standards.

HIPAA

- Health Insurance and Portability and Accountability Act

Enacted by Congress in 1996, Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. The Administration Simplification provisions also address the security and privacy of health data. The standards are meant to improve the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in the U.S. health care system.

HIT - Health Information Technology

As defined in the ARRA, Health Information Technology means hardware, software, integrated technologies or related licenses, intellectual property, upgrades, or packaged solutions sold as services that are designed for or support the use by health care entities or patients for the electronic creation, maintenance, access, or exchange of health information.

HITECH - Health Information for Economic and Clinical Health Act

Collectively refers to the health information technology provisions included at Title XIII of Division A and Title IV of Division B of the ARRA.

HITRC - Health Information Technology Research Center

As set out in the ARRA, the Health Information Technology Research Center will be created by the Office of the National Coordinator to provide technical assistance and develop or recognize best practices to support and accelerate efforts by health care providers to adopt, implement, and effectively utilize health information technology that allows for the electronic exchange of information.

HITSP - Health Information Technology Standards Panel

A multi-stakeholder coordinating body designed to provide the process within which stakeholders identify, select, and harmonize standards for communicating and encouraging broad deployment and exchange of health care information throughout the health care spectrum. The Panel's processes are business process and use-case driven, with decision making based on the needs of all NHIN stakeholders. The Panel's activities are led by the American National Standards Institute (ANSI), a not-for-profit organization that has been coordinating the U.S. voluntary standardization system since 1918.

HL7 - Health Level Seven

An ANSI approved American National Standard for electronic data exchange in health care. It enables disparate computer applications to exchange key sets of clinical and administrative information.

HMO - Health Maintenance Organization

A federally qualified HMO, an organization recognized as an HMO under State law, or a similar organization regulated for solvency under State law in the same manner and to the same extent as such an HMO.

Identity

A characteristic or set of characteristics that recognizes an individual as unique from another.

IDN - Integrated Delivery Network

An organization that combines hospital, physician and other medical services as part of a larger health care system.

IIHI - Individually Identifiable Health Information

Information that is a subset of health information, including demographic information collected from an individual, and is created or received by a health care provider, health plan, employer, or health care clearinghouse; and relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and that identifies the individual; or with respect to which there is a reasonable basis to believe the information can be used to identify the individual.

Implementation Services

Consulting services offered by the vendor. These services will provide planning and actual implementation of an EHR system. It is important when comparing quoted implementation costs that physicians understand which detailed cost line items a particular vendor will be supplying.

Inappropriate Usage

Using personal information without that person's permission.

Incident Response Plan

The instructions or procedures that an organization can use to detect, respond to, and limit the effect of computer system attacks.

Individual

The person who is the subject of protected health information.

Individually Identifiable Health Information (IIHI)

Information that is a subset of health information, including demographic information collected from an individual, and is created or received by a health care provider, health plan, employer, or health care clearinghouse; and relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and that identifies the individual; or with respect to which there is a reasonable basis to believe the information can be used to identify the individual.

Information System

An interconnected set of information resources under the same direct management control that shares common functionality. A system normally includes hardware, software, information, data, applications, communications, and people.

Informed Consent

Information exchange between a clinical investigator and research subjects. This exchange may include question/answer sessions, verbal instructions, measures of understanding, and reading and signing informed consent documents and recruitment materials.

Integrated Delivery Network (IDN)

An organization that combines hospital, physician and other medical services as part of a larger health care system.

Integrity

Data or information that has not been changed or destroyed in an unauthorized way.

Interface

A means of interaction between two devices or systems that handle data.

(The) International Organization for Standardization (ISO)

It is a worldwide federation of national standards bodies from some 130 countries, one from each country. ISO's work results in international agreements, which are published as International Standards.

Interoperability

Interoperability means the ability of health information systems to work together within and across organizational boundaries in order to advance the effective delivery of health care for individuals and communities.

ISO - The International Organization for Standardization

It is a worldwide federation of national standards bodies from some 130 countries, one from each country. ISO's work results in international agreements, which are published as International Standards.

Key Certificate

A data record that authenticates the owner of a public key for an asymmetric algorithm. It is issued by a certification authority and is protected by a digital signature allowing the certificate to be verified widely. The certificate may also contain other fields beside the value to the key and the name of the owner, for example an expiration date.

Keys

A sequence of symbols that controls the operations of encryption and decryption.

Limited Data Set

Health information that does not contain identifiers. It is protected but may be used for certain purposes without the owner's consent.

Log In, Logging Into

The action a person must take to confirm his or her identity before being allowed to use a computer system.

Logical Observation Identifiers, Names, and Codes (LOINC)

The LOINC databases provide sets of universal names and ID codes for identifying laboratory and clinical test results. The purpose is to facilitate the exchange and pooling of results, such as blood hemoglobin, serum potassium, or vital signs, for clinical care, outcomes management, and research.

LOINC - Logical Observation Identifiers, Names, and Codes

The LOINC databases provide sets of universal names and ID codes for identifying laboratory and clinical test results. The purpose is to facilitate the exchange and pooling of results, such as blood hemoglobin, serum potassium, or vital signs, for clinical care, outcomes management, and research.

Master Patient Index (MPI)

A list of all known patients in an area, activity, or organization.

Meaningful EHR User

As set out in the ARRA, a Meaningful EHR user meets the following requirements: (i) use of a certified EHR technology in a meaningful manner, which includes the use of electronic prescribing; (ii) use of a certified EHR technology that is connected in a manner that provides for the electronic exchange of health information to improve the quality of healthcare; and (iii) use of a certified EHR technology to submit information on clinical quality and other measures as selected by the Secretary of HHS.

Meaningful Use

Under the HITECH Act, an eligible professional or hospital is considered a "meaningful EHR user" if they use certified EHR technology in a manner consistent with criteria established by the Secretary of Health & Human Services (HHS), including but not limited to e-prescribing through an EHR and the electronic exchange of information for the purposes of quality improvement, such as care coordination. In addition, eligible professionals and hospitals must submit clinical quality and other measures to HHS.

Meaningful Use: Stage 1

(2011 and 2012)

Meaningful use includes both a core set and a menu set of objectives that are specific for eligible professionals and hospitals. For Eligible Professionals, there are a total of 25 meaningful use objectives. Twenty of the objectives must be completed to qualify for an incentive payment. Fifteen are core objectives that are required, and the remaining 5 objectives may be chosen from the list of 10 menu set objectives. For Hospitals, there are a total of 24 meaningful use objectives. Fourteen are core objectives that are required, and the remaining 5 objectives may be chosen from the list of 10 menu set objectives.

Measure

Benchmarks in the meaningful use criteria CMS established against which an Eligible Professional or Eligible Hospital demonstrates meeting a meaningful use objective. See Objective.

Medical Trading Area (MTA)

The natural market within which most referrals, hospitalizations, and other flows of both patients and patient information typically occur. Another term for this is a medical referral area.

Medicare Advantage Plans

Health plans offered by private companies that contract with Medicare to provide beneficiaries with Medicare Part A and Part B benefits. Medicare Advantage Plans are HMOs, PPOs, or Private Fee-for-Service Plans.

Medication Reconciliation

Alerts providers in real-time to potential administration errors such as wrong patient, wrong drug, wrong dose, wrong route and wrong time in support of medication administration or pharmacy dispense/supply management and workflow.

Message Integrity

Protecting a message against its unauthorized modification, often by the originator of the message generating a digital signature.

Modification

A change adopted through agreed regulation, to a standard or an implementation specification.

MPI - Master Patient Index

A list of all known patients in an area, activity, or organization.

MTA - Medical Trading Area

The natural market within which most referrals, hospitalizations, and other flows of both patients and patient information typically occur. Another term for this is a medical referral area.

NAHIT - National Alliance for Health Information Technology

Formed in 2002 in an effort to promote the use of health IT, NAHIT's members consisted of health care providers, payers, pharmaceutical companies and other industry organizations. The group ceased operations on Sept. 30, 2009.

National Alliance for Health Information Technology (NAHIT)

Formed in 2002 in an effort to promote the use of health IT, NAHIT's members consisted of health care providers, payers, pharmaceutical companies and other industry organizations. The group ceased operations on Sept. 30, 2009.

National Institute of Standards and Technology (NIST)

The non-regulatory federal agency within the U.S. Department of Commerce whose mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology. NIST oversees the NIST Laboratories, the Baldrige National Quality Program, the Hollings Manufacturing Extension Partnership, and the Technology Innovation Program.

National Provider Identifier (NPI)

A system for classifying all providers of health care services, supplies, and equipment covered under HIPAA.

Nationwide Health Information Network (NHIN)

The NwHIN is a federal initiative to develop a set of standards, services, and policies that enable the secure exchange of health information over the Internet for sharing among health decision makers, including consumers and patients, to promote improvements in health and health care. A group of federal agencies, local, regional and state-level Health Information Exchange Organizations (HIOs) and integrated delivery networks has been helping to develop the NwHIN standards, services and policies. Currently, the Nationwide Health Information Network (NwHIN) is operating as the NwHIN Exchange. By the end of 2010, it is expected that approximately a dozen federal and private entities will be securely sharing live health information.

Network

A set of connected elements. For computers, any collection of computers connected together so that they are able to communicate, permitting the sharing of data or programs.

Network Connectivity

The process used for maintaining connection for communication between the HIE and a data source (laboratory, radiology practice, physician practice, or hospital) and data user (physician practice or hospital).

NHIN - Nationwide Health Information Network

The NwHIN is a federal initiative to develop a set of standards, services, and policies that enable the secure exchange of health information over the Internet for sharing among health decision makers, including consumers and patients, to promote improvements in health and health care. A group of federal agencies, local, regional and state-level Health Information Exchange Organizations (HIOs) and integrated delivery networks has been helping to develop the NwHIN standards, services and policies. Currently, the Nationwide Health Information Network (NwHIN) is operating as the NwHIN Exchange. By the end of 2010, it is expected that approximately a dozen federal and private entities will be securely sharing live health information.

NIST - National Institute of Standards and Technology

The non-regulatory federal agency within the U.S. Department of Commerce whose mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology. NIST oversees the NIST Laboratories, the Baldrige National Quality Program, the Hollings Manufacturing Extension Partnership, and the Technology Innovation Program.

Non-Repudiation

The process of confirming proof of information delivery to the sender and proof of sender identity to the recipient.

Notice of Privacy Practices or Privacy Notice

HIPAA requires that all covered health plans, health care clearinghouses, or health care providers give patients a document that explains their privacy practices and how information about the patients' medical records may be shared.

NPI - National Provider Identifier

A system for classifying all providers of health care services, supplies, and equipment covered under HIPAA.

Objective

Broad aspirations CMS established within the meaningful use criteria for Eligible Providers and Eligible Hospitals to meet. Eligible Professionals have a set of 25 criteria to meet to demonstrate meaningful use. Eligible hospitals have a set of 23 criteria to meet to demonstrate meaningful use. See Measures.

Office of e-Health Initiatives

Serves as the single coordinating authority for the exchange of electronic health information in Tennessee. The Office of e-Health works to improve the health of Tennesseans by ensuring providers have complete patient information at the point of care and therefore, enabling providers to create a more comprehensive treatment plan for patients.

Office of the National Coordinator (ONC)

Serves as principal advisor to the Secretary of HHS on the development, application, and use of health information technology; coordinates HHS's health information technology policies and programs internally and with other relevant executive branch agencies; develops, maintains, and directs the implementation of HHS' strategic plan to guide the nationwide implementation of interoperable health information technology in both the public and private health care sectors, to the extent permitted by law; and provides comments and advice at the request of OMB regarding specific Federal health information technology programs. ONC was established within the Office of the Secretary of HHS in 2004 by Executive Order 13335.

ONC - Office of the National Coordinator

Serves as principal advisor to the Secretary of HHS on the development, application, and use of health information technology; coordinates HHS's health information technology policies and programs internally and with other relevant executive branch agencies; develops, maintains, and directs the implementation of HHS' strategic plan to guide the nationwide implementation of interoperable health information technology in both the public and private health care sectors, to the extent permitted by law; and provides comments and advice at the request of OMB regarding specific Federal health information technology programs. ONC was established within the Office of the Secretary of HHS in 2004 by Executive Order 13335.

Open Source

Systems whose human-readable ("source") code is always freely available to anyone who is interested in downloading it. This is in contrast to most commercial software, whose source code is considered intellectual property and a trade secret not to be disclosed. Advantages of open source include availability, extensibility, and the opportunity for peer review. Open source products are made available under a variety of licenses.

Open Systems Interconnection (OSI)

An international standard for networking adopted by the ISO (International Organization for Standardization). This 7-layer model offers the widest range of capabilities for networking.

Opt-in/Opt-out

Patients or consumers adding or removing themselves from participation in health information technology systems (e.g., HIE).

Order Entry

The process of communicating health care provider orders through electronic, computerized processes.

OSI - Open Systems Interconnection

An international standard for networking adopted by the ISO (International Organization for Standardization). This 7-layer model offers the widest range of capabilities for networking.

Participant

An authorized provider, payer, patient, health care organization, local board of health or the Iowa Department of Public Health that has agreed to authorize, submit, access and/or disclose health information through the health information exchange in accordance with all applicable laws, rules, agreements, policies and procedures.

Password

Confidential authentication information composed of a string of characters.

Patient Permission

The consent or authorization that patients provide regarding their health care or the use of their health information.

Pay-for-Performance (P4P)/Quality Data Reporting

Supports the capture and reporting of quality, performance, and accountability measures to which providers/ facilities/ delivery systems/communities are held accountable including measures related to process, outcomes, and/or costs of care, may be used in 'pay for performance' monitoring and adherence to best practice guidelines.

Payment Year

For Eligible Providers, any calendar year beginning with 2011. For Eligible Hospitals, any fiscal year beginning with 2011. The first Payment Year would mean the first calendar or Federal fiscal year for which an Eligible Provider or Eligible Hospital receives an incentive payment.

Payor

In healthcare, the entity responsible for making the payment to the health care provider for services rendered to a patient (insurance plan, Medicaid, Medicare, etc.).

Personal Health Record (PHR)

An electronic record of health-related information on an individual that conforms to nationally recognized interoperability standards and that can be drawn from multiple sources while being managed, shared, and controlled by the individual.

PHR - Personal Health Record

An electronic record of health-related information on an individual that conforms to nationally recognized interoperability standards and that can be drawn from multiple sources while being managed, shared, and controlled by the individual.

PKI - Public Key Infrastructure

A conceptual framework that enables the encryption, decryption and electronic "signing" of data transmissions in a secure fashion within an open network environment.

Privacy

In December 2008, the Office of the National Coordinator for Health IT released its "Nationwide Privacy and Security Framework For Electronic Exchange of Individually Identifiable Health Information," (Framework) in which it defined privacy as, "An individual's interest in protecting his or her individually identifiable health information and the corresponding obligation of those persons and entities that participate in a network for the purposes of electronic exchange of such information, to respect those interests through fair information practices." This language contrasts with the definition of privacy included in the National Committee on Vital and Health Statistics' (NCVHS) June 2006 report, entitled, "Privacy and Confidentiality in the Nationwide Health Information Network." In its report, NCVHS recommended the following definition for "privacy": "Health information 'privacy' is an individual's right to control the acquisition, uses, or disclosures of his or her identifiable health data.

Private Key

In asymmetric cryptography, the key, which is held only by the user for signing and decrypting, messages.

Protected Health Information

Health information transmitted or maintained in any form that can reasonably be used to identify an individual.

Provider

A person, hospital, physician clinic, pharmacy, laboratory or other health service provider that is licensed, certified, or otherwise authorized by law to administer health care in the ordinary course of business or in the practice of a profession, or any other person or organization that furnishes, bills or is paid for health care in the normal course of business.

Public Health Authority

An agency or authority of the United States, a State, a territory, a political subdivision of a State or territory, or an Indian tribe, or a person or entity acting under a grant of authority from or contract with such public agency, including the employees or agents of such public agency or its contractors or persons or entities to whom it has granted authority, that is responsible for public health matters as part of its official mandate.

Public Key

In asymmetric cryptography, the key that is published by the user to encrypt messages and so that others may verify his/her signature.

Public Key Certificate

A data record that authenticates the owner of a public key for an asymmetrical key system. It is issued by a CA and is protected by a digital signature, allowing the certificate to be verified widely.

Public Key Infrastructure (PKI)

A conceptual framework that enables the encryption, decryption and electronic "signing" of data transmissions in a secure fashion within an open network environment.

Purchaser

Any individual, employer or organization that purchases health insurance and includes intermediaries.

Qsource

A leading not-for-profit quality improvement organization headquartered in Nashville, Tennessee, and the State's Quality Improvement Organization.

Qualified Electronic Health Record

An electronic record of health-related information concerning an individual which includes patient demographic and clinical health information, such as medical history and problem lists, and which has the capacity to provide clinical decision support, to support physician order entry, to capture and query information relevant to health care quality, and to exchange electronic health information with, and integrate such information from, other sources.

REC - Regional Extension Center

As set out in the ARRA, Regional Extension Centers will be established and may qualify for funding under ARRA to provide technical assistance and disseminate best practices and other information learned from the Health Information Technology Research Center to aid health care providers with the adoption of health information technology.

Record Locator Services (RLS)

An electronic index of patient identifying information that directs providers in a health information exchange to the location of patient health records held by providers and other data sources.

Regional Extension Center (REC)

As set out in the ARRA, Regional Extension Centers will be established and may qualify for funding under ARRA to provide technical assistance and disseminate best practices and other information learned from the Health Information Technology Research Center to aid health care providers with the adoption of health information technology.

Regional Health Information Organization (RHIO)

A health information organization that brings together health care stakeholders within a defined geographic area and governs health information exchange among them for the purpose of improving health and care in that community.

Registration Authority

An entity (group or agency) that has been delegated by a CA to perform a specific set of 'trusted authority' functions within PKI. Relates to the privacy of individually identifiable health information means, with respect to a State law, that the State law has the specific purpose of protecting the privacy of health information or affects the privacy of health information in a direct, clear, and substantial way.

RHIO - Regional Health Information Organization

A health information organization that brings together health care stakeholders within a defined geographic area and governs health information exchange among them for the purpose of improving health and care in that community.

RLS - Record Locator Services

An electronic index of patient identifying information that directs providers in a health information exchange to the location of patient health records held by providers and other data sources.

Safeguards

Measures that protect the security of health information.

SDEs - State-Designated Entities

As defined in the ARRA, State-Designated Entities (SDEs) may be designated by a state as eligible to receive grants under Section 3013 of the ARRA. To qualify as an SDE, an entity must be a not-for-profit entity with broad stakeholder representation on its governing board; demonstrate that one of its principal goals is to use information technology to improve health care quality and efficiency through the authorized and secure electronic exchange and use of health information; adopt nondiscrimination and conflict of interest policies that demonstrate a commitment to open, fair, and nondiscriminatory participation by stakeholders; and conform to other requirements as specified by HHS.

Security

The Health Insurance Portability and Accountability Act Security rule defines "Security or Security measures" as encompassing all of the administrative, physical, and technical safeguards in an information system. These safeguards are to ensure health information is protected from unauthorized access and alteration, while being accessible, when needed, by those that are authorized.

Sensitive Information

Health information with greater privacy and security protections established by law, including substance abuse, family planning, mental health, HIV/AIDS, and genetic disorders.

SMHP - State Medicaid HIT Plan

The Centers for Medicare and Medicaid Services (CMS) requires each state to have a plan with a common vision of how Medicaid's provider incentive program will operate in concert with the larger health system and statewide efforts. The plan must include at least four components: a current landscape assessment, a vision of the State's HIT future, specific actions necessary to implement the incentive payments program, and a HIT road map.

SNOMED - Systematized Nomenclature of Medicine

A systematically organized computer processable collection of medical terminology that allows a consistent way to index, store, retrieve, and aggregate clinical data; it also helps organize the content of medical records, reducing the variability in the way data is captured, encoded and used for clinical care of patients.

Stages 1 to 3

Three graduated stages CMS established for implementing meaningful use and EHR certification requirements. Stage 1 meaningful use criteria focus on: i) capturing health information in a coded format, ii) using the information to track key clinical conditions; iii) communicating captured information for care coordination purposes; and iv) reporting of clinical quality measures and public health information. Stage 2 criteria is likely to expand on Stage 1 criteria in the areas of disease management, clinical decision support, medication management, support for patient access to personal health information, transitions in care, quality measurement, research, and bi-directional communication with public health agencies. CMS expects to propose Stage 2 criteria by the end of 2011 Stage 3 criteria likely will focus on achieving improvements in quality, safety and efficiency, focusing on decision support for national high priority conditions, patient access to self-management tools, access to comprehensive patient data and improving population health outcomes. CMS expects to propose Stage 3 criteria by the end of 2013.

Standard

Documented agreements containing technical specifications or other precise criteria to be used consistently as rules, guidelines, or definitions of characteristics to ensure that materials, products, processes, and services are fit for their purpose.

State-Designated Entities (SDEs)

As defined in the ARRA, State-Designated Entities (SDEs) may be designated by a state as eligible to receive grants under Section 3013 of the ARRA. To qualify as an SDE, an entity must be a not-for-profit entity with broad stakeholder representation on its governing board; demonstrate that one of its principal goals is to use information technology to improve health care quality and efficiency through the authorized and secure electronic exchange and use of health information; adopt nondiscrimination and conflict of interest policies that demonstrate a commitment to open, fair, and nondiscriminatory participation by stakeholders; and conform to other requirements as specified by HHS.

State Medicaid HIT Plan (SMHP)

The Centers for Medicare and Medicaid Services (CMS) requires each state to have a plan with a common vision of how Medicaid's provider incentive program will operate in concert with the larger health system and statewide efforts. The plan must include at least four components: a current landscape assessment, a vision of the State's HIT future, specific actions necessary to implement the incentive payments program, and a HIT road map.

Summary Health Information

Information, that may be individually identifiable health information, and that summarizes the claims history, claims expenses, or type of claims experienced by individuals for whom a plan sponsor has provided health benefits under a group health plan.

Systematized Nomenclature of Medicine (SNOMED)

A systematically organized computer processable collection of medical terminology that allows a consistent way to index, store, retrieve, and aggregate clinical data; it also helps organize the content of medical records, reducing the variability in the way data is captured, encoded and used for clinical care of patients.

Technical Safeguards

The technology and the policy and procedures for its use that protect electronic protected health information and control access to it.

TennCare

The Bureau of TennCare, Tennessee's state Medicaid agency.

TPA - Trading Partner Agreement

An agreement related to the exchange of information in electronic transactions, whether the agreement is distinct or part of a larger agreement, between each party to the agreement. (For example, a trading partner agreement may specify, among other things, the duties and responsibilities of each party to the agreement in conducting a standard transaction.)

Trading Partner Agreement (TPA)

An agreement related to the exchange of information in electronic transactions, whether the agreement is distinct or part of a larger agreement, between each party to the agreement. (For example, a trading partner agreement may specify, among other things, the duties and responsibilities of each party to the agreement in conducting a standard transaction.)

Transaction

Transmission of information between two parties to carry out financial or administrative activities related to health care.

Treatment

The provision, coordination, or management of health care and related services by one or more health care providers, including the coordination or management of health care by a health care provider with a third party; consultation between health care providers relating to a patient; or the referral of a patient for health care from one health care provider to another.

U.S. Department of Health and Human Services (HHS)

The federal government agency responsible for protecting the health of all Americans and providing essential human services. HHS, through CMS, administers the Medicare (health insurance for elderly and disabled Americans) and Medicaid (health insurance for low-income people) programs, among others.

Unauthorized Access

The act of gaining access to a network, system, application, health information, or other resource without permission.

Unauthorized Disclosure

An act that involves exposing, releasing, or displaying health information to those not authorized to have access to the information.

Use

Sharing, employing, applying, utilizing, examining, or analyzing health information.

User

A person or entity with the appropriate authority to access a system.