Welcome to the glossary of global health information technology terms. Find definitions for healthcare interfacing, HL7, and interoperability terminology.
Visit the HL7 Resources section for more detailed information on the HL7 Standard.
If you do not find a term you’re searching for related to healthcare interoperability, please email us at email@example.com. We welcome your suggestions and ideas.
a | b | c | d | e | f | g | h | i | j | k | l | m | n | o | p | q | r | s | t | u | v | w | x | y | z | #
Click one of the letters above to advance the page to terms beginning with that letter.
ACO (Accountable Care Organization)
(United States) An Accountable Care Organization (ACO), according to the Centers for Medicare & Medicaid Services (CMS) “is an organization of health care providers that agrees to be accountable for the quality, cost, and overall care of Medicare beneficiaries who are enrolled in the traditional fee-for-service program who are assigned to it.” Under the health care reform legislation passed in March 2010, the Medicare program is authorized to contract with ACOs.
ACA (Affordable Care Act)
(United States) The Patient Protection and Affordable Care Act is a United States federal statute enacted by Congress and signed into law by President Barack Obama on March 23, 2010. Under the act, hospitals and primary physicians are encouraged to transform their practices financially, technologically, and clinically to drive better health outcomes, lower costs, and improve their methods of distribution and accessibility. The ACA was designed to increase health insurance quality and affordability, lower the uninsured rate by expanding insurance coverage, and reduce the costs of healthcare. It introduced mechanisms including mandates, subsidies, and insurance exchanges. The law requires insurers to accept all applicants, cover a specific list of conditions and charge the same rates regardless of pre-existing conditions or sex.
Alert fatigue is sensory overload when clinicians are exposed to an excessive number of alerts, which can result in desensitization to alerts and missed alerts. Patient deaths have been attributed to alert fatigue. It is also referred to as alarm fatigue.
ARRA (American Recovery and Reinvestment Act of 2009)
(United States) The ARRA is an economic stimulus package enacted by the 111th United States Congress in February 2009 to provide a stimulus to the U.S. economy in the wake of the economic downturn. The act includes federal tax cuts; expansion of unemployment benefits and other social welfare provisions; and domestic spending in education, health care, and infrastructure, including the energy sector. Included in the ARRA legislation is the HITECH provision, which is focused on health information technology adoption and funding.
API (Application Programming Interface)
An API is a way for two systems to communicate and exchange data with one another. The API defines what information is needed to send to an application, or an application to send to another application, to get the data needed.
A set of standards that enable communication between multiple sources, most typically software applications. The two types of APIs are open APIs and closed APIs. Open APIs are used in applications such as Google Maps. Closed, or private, APIs are useful for integrating data within a company from business partners or consumers. Open APIs provide specified software with a standardized, public interface so anyone can receive and send data with the proper security authentication. When EHRs have an open API, countless third-party applications and downstream systems can input and/or leverage existing data within the system’s database. Both open and private APIs are valuable in healthcare and widely used in other industries. APIs are based on web service data exchange standards. The HL7 FHIR standard is ideally suited for API data exchange in healthcare.
AI (Artificial Intelligence)
AI is the development of systems designed to analyze data, learn from patterns, make decisions, and solve problems. AI encompasses various subfields, including machine learning, natural language processing, generative AI, large language models, and more. AI technologies are used in diverse applications, ranging from virtual assistants and autonomous vehicles to medical diagnostics and financial forecasting.
ASP (Application Service Provider)
An Application Service Provider (ASP) is an organization that provides applications and related services over the internet. ASPs often provide software as a service (SaaS), allowing users to connect to and use cloud-based apps over the internet. ASPs also offer infrastructure as a service (IaaS), which means the vendor provides the storage, network, and servers.
AWS (Amazon Web Services)
Amazon Web Services is a comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. Rhapsody health solutions partners with AWS to provide a resilient system that can be trusted with mission-critical healthcare data exchange.
The Privacy Act
(Australia) The Privacy Act is the principal piece of Australian legislation protecting the handling of personal information about individuals. This includes the collection, use, storage and disclosure of personal information in the federal public sector and in the private sector. The Australian Government has announced almost a five-fold increase in fines that breach The Privacy Act 1988, which is expected to pass by the end of December 2022. The key piece of Australian legislation protecting the handling of personal information about individuals, including the collection, use, storage, and disclosure of personal information in the federal public and private sector.
Australian Digital Health Agency
(Australia) The Australian Digital Health Agency is the Australian government agency responsible for e-health programs such as My Health Record, Australia’s digital prescriptions and health referral system.
Best known as the technology behind bitcoin, blockchain enables a ledger of transactions to be shared across a network of participants. When a new digital transaction occurs (e.g., a patient’s medical record is exchanged), a unique algorithm-generated token is created and assigned to that transaction. Tokens are grouped into blocks (e.g., every 10 minutes) and distributed across the network, updating every ledger at once. New transaction blocks are validated and linked to older blocks, creating a strong, secure, and verifiable record of all transactions, without the need for intermediaries or centralized databases.
BPM (Business Process Management)
Business Process Management is a “process optimization” approach and technology. BPM includes discovering, modeling, and executing models of processes and workflows. During model execution, tasks are tracked to completion or escalated, resulting in fast, consistent, error-free task management. BPM software is exceptionally agile, because executable models of processes and workflows are easily changed and optimized. Increasingly, many applications not traditionally categorized as BPM software, such as customer relationship management (CRM) and integration engines, are embedding BPM-like functionality and behavior.
(United States) Carequality is a public-private, multi-stakeholder collaborative that works to meet interoperability challenges. The collaborative’s goal is to employ a consensus-based process to enable seamless connectivity across all participating networks. Carequality is a part of The Sequoia Project and has recently partnered with CommonWell Health Alliance to expand data exchange networks.
CARES Act (Coronavirus Aid, Relief, and Economic Security Act)
(United States) The CARES Act was passed by Congress on March 25, 2020 and signed into law on March 27, 2020. The CARES Act provided fast and direct economic assistance for American workers, families, small businesses, and industries. It implemented a variety of programs to address issues related to the onset of the COVID-19 pandemic.
CAH (Critical Access Hospital)
(United States) In general, a Critical Access Hospital or CAH is a rural acute care hospital consisting of no more than 25 beds. Bed types can vary between acute care and swing but cannot exceed 25. The Critical Access Hospital must not exceed a 96-hour length of stay and will have agreements, contracts or affiliations for transfer and services. Critical Access Hospitals must be certified to receive cost-based reimbursement from Medicare. The goal is to improve rural health care access and reduce hospital closures. Learn more at the Rural Access Center.
CDC (Centers for Disease Control and Prevention)
(United States) The Centers for Disease Control and Prevention (CDC) is the national public health agency of the United States. It is a United States federal agency under the Department of Health and Human Services
CCD (Continuity of Care Document)
The HL7 Continuity of Care Document (CCD) is the result of a collaborative effort between the Health Level Seven and American Society for Testing Materials (ASTM) to “harmonize” the data format between ASTM’s Continuity of Care Record (CCR) and HL7’s Clinical Document Architecture (CDA) specifications. Read the HL7 and Continuity of Care Document white paper.
C-CDA (Consolidated Clinical Document Architecture)
The HL7 Consolidated Clinical Document Architecture (C-CDA) is an XML-based markup standard which provides a library of CDA formatted documents. All certified EHRs in the U.S. are required to export medical data using the C-CDA standard. The C-CDA implementation guide contains the specifications for eleven document types within the CDA family. They include:
- Care Plan
- Consultation Note
- Continuity of Care Document
- Diagnostic Imaging Report
- Discharge Summary
- History and Physical
- Operative Note
- Procedure Note
- Progress Note
- Transfer Summary
- Unstructured Document
CCHIT (Certification Commission for Healthcare IT)
(United States) Certification Commission for Healthcare IT (CCHIT) serves as the recognized US certification authority for electronic health records (EHR) and their networks. In September 2005, CCHIT was awarded a 3-year contract by the U.S. Department of Health and Human Services to develop and evaluate the certification criteria and inspection process for EHRs and the networks through which they interoperate. CCHIT serves one of the ONC-ATCB for electronic health record (EHR) certification. CCHIT was certified by the ONC on September 3, 2010 and is authorized to certify complete EHR and EHR modules.
CCOW (Clinical Context Object Workgroup)
Clinical Context Object Workgroup (CCOW) is an HL7 standard protocol designed to enable disparate applications to synchronize in real-time and at the user-interface level. It is vendor independent and allows applications to present information at the desktop and/or portal level in a unified way.
CCR (Continuity of Care Record)
Continuity of Care Record (CCR) is an XML-based standard for the movement of “documents” between clinical applications. Furthermore, it responds to the need to organize and make transportable a set of basic information about a patient’s health care that is accessible to clinicians and patients. Read the Understanding the Continuity of Care Record white paper.
CDA (Clinical Document Architecture)
Clinical Document Architecture (CDA) HL7 CDA uses XML for encoding documents and breaks down the document into generic, unnamed, and non-templated sections. Documents can include discharge summaries, progress notes, history and physical reports, prior lab results, etc. HL7’s CDA defines a very generic structure for delivering “any document” between systems. CDA was previously known as the Patient Record Architecture (PRA).
CDR (Clinical Document Repository)
Clinical Document Repository (CDR) enables hospitals to build a life-long health record environment using stored health records for the purpose of better treatment, clinical research and health statistics for policy making. It is a database that consolidates data from a variety of clinical sources to present a unified view of a single patient.
CDT (Current Dental Terminology)
(United States) Current Dental Terminology (CDT) is a code set with descriptive terms developed and updated by the American Dental Association (ADA) for reporting dental services and procedures to dental benefits plans.
CHPL (Certified Health IT Product List)
(United States) The Office of the National Coordinator has organized a Certified Health IT Product List for Ambulatory and Inpatient facilities looking to purchase a complete EHR or EHR module certified for the Meaningful Use incentive program. Each complete EHR and EHR module listed has been certified by an ONC-ATCB and reported to the ONC for use in the list. You can find a list of the reported certified complete EHR and EHR modules at here.
Clinical terminology refers to a standardized system of medical and healthcare terminology used to describe and represent various aspects of clinical concepts, conditions, procedures, and other healthcare-related information. It provides a structured and uniform vocabulary that allows healthcare professionals and computer systems to communicate and share clinical information accurately and efficiently. Clinical terminologies used vary by clinical specialty, type of clinical information, and geography/region. Examples of clinical terminologies include SNOMED CT and ICD.
See also: semantic interoperability
Cloud computing is the delivery of computing services (servers, storage, databases, networking, software, analytics, and more) over the Internet (the cloud). Cloud providers typically charge for services via subscription or based on usage, similar to how users are billed for utilities.
CMS (Centers for Medicare and Medicaid Services)
(United States) The Centers for Medicare and Medicaid Services (CMS) is a federal agency within the United States Department of Health and Human Services (HHS). It provides health coverage to people through Medicare, Medicaid, the Children’s Health Insurance Program, and the Health Insurance Marketplace.
The CMS Interoperability and Patient Access Final Rule
(United States) The CMS Interoperability and Patient Access Final Rule establishes policies that break down barriers in the nation’s health system to enable better patient access to their health information, improve interoperability and unleash innovation, while reducing burden on payers and providers.
CommonWell Health Alliance
(United States) CommonWell is a non-profit industry consortium in the United States that aims to enhance health data exchange and interoperability among different healthcare organizations. It was established in 2013 by a group of health IT companies and providers with the goal of improving data sharing and access to patient information. CommonWell’s services include patient identification and linking; patient record location and retrieval; and patient access, privacy, and consent management.
Conformance checking or gap analysis for HL7 messages is a logical process used to determine whether a message from one particular medical device or application is compatible to the selected HL7 standard messaging format, or a custom format adopted by another device or application. Read Conformance Checking for HL7 white paper for more details.
Connectathons are a cross-vendor, live, supervised and structured event where industry leaders test implementations to advance health IT interoperability. The most popular Connectathon in Healthcare IT is the IHE Connectathon. All tests are evaluated on interoperability and conformance to IHE Profiles found in IHE’s Technical Frameworks. The test floor is overseen by IHE’s technical project managers providing a safe, neutral test environment and an unparalleled opportunity for industry collaboration and problem resolution. IHE Connectathons take place annually in various countries across the world to advance health IT and patient safety. HL7 FHIR Connectathons are gaining popularity in healthcare IT.
CP-IS (Child Protection – Information Service)
(United Kingdom) Child Protection – Information Service (CP-IS) helps health and social care professionals securely share information regarding children. This helps better protect children with looked after status, those who have a child protection plan, and expectant women who have an unborn child protection plan.
CRIS (Clinical Record Interactive Search)
The Clinical Record Interactive Search is a system designed to securely access de-identified data from NHS Trusts’ electronic health records for research, audit and service evaluations for the purpose of improving services and treatments.
CPT (Current Procedural Terminology)
(United States, Middle East) Current Procedural Terminology (CPT) is a set of codes developed by the American Medical Association (AMA) and is licensed for use by healthcare delivery organizations and healthcare IT vendors. CPT codes offer health care professionals a uniform language for coding medical services and procedures to streamline reporting, increase accuracy and efficiency.
The CPT code set describes medical, surgical, and diagnostic services and is designed to communicate uniform information about medical services and procedures among physicians, coders, patients, accreditation organizations, and payers for administrative, financial, and analytical purposes. All CPT codes are five-digits and can be either numeric or alphanumeric, depending on the category.
According to the AMA, there are various types of CPT codes:
- Category I: These codes have descriptors that correspond to a procedure or service. Codes range from 00100–99499 and are generally ordered into sub-categories based on procedure/service type and anatomy.
- Category II: These alphanumeric tracking codes are supplemental codes used for performance measurement. Using them is optional and not required for correct coding.
- Category III: These are temporary alphanumeric codes for new and developing technology, procedures and services. They were created for data collection, assessment and in some instances, payment of new services and procedures that currently don’t meet the criteria for a Category I code.
- Proprietary Laboratory Analyses (PLA) codes: Recently added to the CPT code set, these codes describe proprietary clinical laboratory analyses and can be either provided by a single (“solesource”) laboratory or licensed or marketed to multiple providing laboratories that are cleared or approved by the Food and Drug Administration (FDA)). This category includes but is not limited to Advanced Diagnostic Laboratory Tests (ADLTs) and Clinical Diagnostic Laboratory Tests (CDLTs), as defined under the Protecting Access to Medicare Act of 2014 (PAMA).
Cures Act Final Rule
The Cures Act Final Rule from the ONC is designed to give patients and their healthcare providers secure access to health information. It also aims to increase innovation and competition by fostering an ecosystem of new applications to provide patients with more choices in their healthcare.
It calls on the healthcare industry to adopt standardized application programming interfaces (APIs), which will help allow individuals to securely and easily access structured electronic health information using smartphone applications.
The rule includes a provision requiring that patients can electronically access all their electronic health information (EHI) at no cost.
(United States) The CDC’s National Center of Immunization and Respiratory Diseases (NCIRD) developed and maintains the CVX (vaccine administered) code set. It includes both active and inactive vaccines available in the US. CVX codes for inactive vaccines allow transmission of historical immunization records. When a MVX (manufacturer) code is paired with a CVX (vaccine administered) code, the specific trade named vaccine may be indicated.
Cybersecurity is the technologies, processes, and activities designed to protect data, networks, computers, and software from attacks, damage, or unauthorized access by computer viruses, ransomware, or hackers.
Data Saves Lives
(United Kingdom) The United Kingdom Government set out the strategy “Data Saves Lives: Reshaping Health and Social Care with Data” as a vision and clear action plan to make better use of data to save lives.
(United Kingdom) The Data Security and Protection Toolkit (DSPT) is a self-assessment for health and social care organizations. All organizations that have access to NHS patient data and systems must use the Data Security and Protection Toolkit to provide assurance that they are practicing good data security and that personal information is handled correctly.
Delimited files are files that have data separated by specific characters, for example, a comma-delimited file (.csv). Delimited files are used for clinical data transfer/integration.
DICOM (Digital Imaging and Communications in Medicine)
Digital Imaging and Communications in Medicine (DICOM) is a common format for image storage. It allows for handling, storing, printing, and transmitting information in medical imaging. Visit DICOM website.
(United States) The Direct Project was launched by the ONC within Health and Human Services (HHS) on March 1, 2010. It was initially called NHIN Direct. The object of the Direct Project is to replace the use of faxes, phones, and paper transactions with a simple and secure point-to-point communication over the Internet.
The Direct Project achieves this in one of two ways:
- Applicability Statement for Secure Health Transport: This is the primary Direct Project specification which uses the SMTP e-mail protocol with secure S/MIME attachments and x509 certificates.
- XDR and XDM for Direct Messaging: This is the utilization of IHE profiles XDR and XDM in the Direct messaging environment.
These protocols ensure the secure delivery of messages between two trusted endpoints for a variety of purposes including transfer of patient health information in the form or a CCD document.
The Direct Project was included as part of the standards for Meaningful Use Stage 2. Read more about Direct project basics.
Disaster recovery is a documented process or set of procedures to recover and protect IT infrastructure in the event of a disaster. Automated solutions for software applications are available.
(United States) The Drummond Group serves one of the ONC-ATCB for electronic health record (EHR) certification. The Drummond Group was certified by the ONC on September 3, 2010 and is authorized to certify complete EHR and EHR modules. Visit The Drummond Group website – www.drummondgroup.com.
eCQM (Electronic Clinical Quality Measures)
(United States) Electronic clinical quality measures (eCQMs) measure and track the quality of healthcare services that eligible hospitals and critical access hospitals (CAHs) provide, as generated by a provider’s electronic health record (EHR). Measuring and reporting eCQMs helps to ensure that our health care system is delivering effective, safe, efficient, patient-centered, equitable, and timely care. eCQMs measure many aspects of patient care, including:
- Patient and Family Engagement
- Patient Safety
- Care Coordination
- Population/Public Health
- Efficient Use of Healthcare Resources
- Clinical Process/Effectiveness
EPS (Electronic Prescription Service)
(United Kingdom) The electronic prescription service (EPS) allows prescriptions to be sent electronically to the pharmacy of a patient’s choice.
An encryption algorithm is a mathematical procedure for converting plaintext into ciphertext, which can be decoded back into the original message.
EMPI (Enterprise Master Patient Index)
An enterprise master patient index (EMPI) is a system that is used to maintain consistent and accurate information about each patient registered by a healthcare organization. Healthcare organizations use an EMPI to identify, reconcile, and cleanse patient records to create a master index that may be used to obtain a complete and single view of a patient.
An EMPI helps to ensure that every patient is represented only once, and with constant demographic identification across all systems of hospital data. By keeping this data well-organized, hospitals can provide more efficient and accurate care for their patients. An EMPI can also aggregate patient data contained in separate systems within one facility.
An EMPI uses algorithms to look for duplicate records across the systems connected to it on a continuous basis. These algorithms compare data elements within the patient’s record, such as their name, address, Social Security number, or birth date.
To ensure data integrity, an EMPI must contain only one complete, and accurate record for each patient registered within the healthcare organization.
(United Kingdom) The NHS e-Referral Service (e-RS) is a national digital platform used to refer patients from primary care into elective care services. e-RS allows patients to choose their first outpatient hospital or clinic appointment and book it in the GP surgery, online or on the phone.
Failover is the practice of using standby computer equipment (usually a separate, dedicated server) to protect computer systems from failure. In the event of an outage, the standby equipment automatically takes over computer operations to ensure persistency
Fee for service
Fee for service is a healthcare business payment model where services are paid for separately. Critics of this business model claim that it gives incentive to providers to offer more treatments because payment is dependent on the quantity of care, rather than quality of care.
Federally Qualified Health Center
(United States) A Federally Qualified Health Center (FQHC) provides medical care to underserved communities regardless of a patient’s ability to pay.
FHIR is an HL7 standard that is short for Fast Healthcare Interoperability Resources and pronounced “Fire”. The standard defines a set of “Resources” that represent granular clinical concepts. The resources provide flexibility for a range of healthcare interoperability problems, and they are based on simple XML with an HTTP-based RESTful protocol where each resource has a predictable URL.
The design of FHIR is based on RESTful web services. With RESTful web services, the basic HTTP operations are incorporated including Create, Read, Update and Delete. FHIR is based on modular components called “resources,” and these resources can be combined together to solve clinical and administrative problems in a practical way. The resources can be extended and adapted to provide a more manageable solution to the healthcare demand for optionality and customization. Systems can easily read the extensions using the same framework as other resources.
Firewall refers to a hardware- or software-based method for controlling incoming and outgoing network traffic, based upon a predetermined rule set, to ensure that only trusted content is passed.
(United Kingdom) NHS Foundation Trusts provide over half of all NHS hospital, mental health and ambulance services and have more flexibility and autonomy than NHS Trusts. This “foundation” status is received by proving a commitment to the most excellent of clinical standards, leadership, and level of patient care and responsiveness.
GDPR (General Data Protection Regulation)
(European Union) The General Data Protection Regulation (GDPR) is a legal framework in EU law that has set guidelines on personal health data protection and privacy in the EU and European Economic Area. The GDPR went into full effect in May of 2018 as a means of standardizing data privacy laws across all members countries, therefore providing stronger protection and rights to individuals. Penalties include the potential for large fines and reputational damage for those found in breach of the GDPR. Within GDPR, there are special categories of sensitive personal data that are given greater protection, including racial or ethnic origin, political opinions, religious beliefs, membership of trade unions, genetic information, and health information. The GDPR also increases individual rights around automated processing, erasure, and data portability.
Generative AI is a subset of AI that focuses on generating, or creating, new content.
GDE (Global Digital Exemplar)
(United Kingdom) A global digital exemplar is an NHS provider that has demonstrated relatively advanced digital maturity within the NHS and receive a share of the NHS Digital Transformation budget to bring their digital maturity up to international level. As digital pioneers, ambassadors and role models, they are to share best practice and experience with other providers, such as the “Fast Follower” organizations also created and funded by the GDE Programme.
A hackathon is a software-centered design event held over a short period of time where computer programmers and others collaborate intensively on software projects.
Health IT Policy Committee
(United States) Under the American Recovery and Reinvestment Act of 2009, The Health IT Policy Committee will make recommendations to the National Coordinator for Health Information Technology – ONC – on a policy framework for the development and adoption of a nationwide health information infrastructure, including standards for the exchange of patient medical information.
Health IT Standards Committee
(United States) The Health IT Standards Committee makes recommendations to the National Coordinator for Health Information Technology (HIT) on standards, implementation specifications, and certification criteria for the electronic exchange and use of health information. In developing, harmonizing, or recognizing standards and implementation specifications, the HIT Standards Committee will also provide for the testing of the same by the National Institute for Standards and Technology (NIST).
HCC (Hierarchical Condition Category)
(United States) Hierarchical Condition Category (HCC) coding are sets of medical codes that are linked to specific clinical diagnoses. In 2004, The CMS implemented HCC coding to help estimate the healthcare costs of Medicare enrollees in the coming year. Today, Medicare Advantage plans, the Medicare Shared Savings Program, Medicaid, and private health plans use the CMS-HCC risk adjustment model to determine the health mix of their member enrollment and the reimbursements they can expect from CMS.
HCPCS (Healthcare Common Procedure Coding System)
(United States) The Healthcare Common Procedure Coding System (HCPCS, often pronounced by its acronym as “hick picks”) is a set of healthcare procedure codes based on the American Medical Association’s Current Procedural Terminology.
HIE (Health Information Exchange)
Health Information Exchange (HIE) focuses on the mobilization of healthcare information electronically across organizations within a region or community. HIE provides the capability to electronically move clinical information between disparate health care information systems while maintaining the meaning of the information being exchanged. The goal of HIE is to facilitate access to and retrieval of clinical data to provide safe, and efficient patient-centered care.
HIMSS (Healthcare Information and Management Systems Society)
HIMSS is a not-for-profit organization dedicated to improving health care in quality, safety, cost effectiveness, and access through the best use of information technology and management systems. The HIMSS Annual Conference attracts tens of thousands of health IT professionals and health IT vendors.
HISP (Health Information Service Provider)
(United States) HISP or Health Information Service Provider, is an email service provider that follows Direct Project standards and provides a mechanism to grant users a Direct email address. The HISP provides the framework to secure messages and define a circle of trust for secure communications.
HITECH (Health Information Technology for Economic and Clinical Health)
As a part of the America Recovery and Reinvestment Act of 2009, Health Information Technology for Economic and Clinical Health (HITECH) refers to the portion of the ARRA that is used to increase the use of Electronic Health Records (EHR) by physicians and hospitals. This legislation provides immediate funding for health information technology infrastructure, training, dissemination of best practices, telemedicine, inclusion of health information technology in clinical education, and State grants to promote health information technology.
HITRUST Common Security Framework
In an effort to normalize the security requirements of healthcare organizations, the HITRUST organization developed the Common Security Framework (CSF)which combines standards and regulations from 17 authoritative sources. The CSF is not a new standard, but rather a comprehensive tool that provides clarity and consistency among all the authoritative sources.
The CSF provides an online tool that can be used by a healthcare organization to help determine compliance of a system or the organization against the appropriate standards and regulations. The baseline assessment of the CSF provides a HIPAA scorecard and can scale for organizations large or small. The assessment can be a self-assessment, or one conducted by an authorized HITRUST assessor.
HL7 is a Standards Developing Organization accredited by the American National Standards Institute (ANSI) to author consensus-based standards representing a board view from healthcare system stakeholders. HL7 has compiled a collection of message formats and related clinical standards that define an ideal presentation of clinical information, and together the standards provide a framework in which data may be exchanged. Visit the HL7 organization website for more HL7 information.
HL7 Batch Protocol
The HL7 Batch Protocol transmits a batch of HL7 messages using FHS, BHS, BTS, and FTS segments to delineate the batch.
Hospital Future Act
(Germany) To counteract the insufficient digitization for hospitals in Germany, the Hospital Future Act (KHZG) was enacted to provide modern equipment and digitized processes in hospitals. The Electronic Medical Records Adoption Model (EMRAM) measures the level of digitization of hospitals worldwide and scores them from a scale from 0-7, 0 being no digitization to 7 being a paperless hospital. Germany scores 2.3 in comparison to the EU average of 3.6 (as of 2019). The Hospital Future Act aims to prioritize the digitization of hospitals, and many hospitals are pleased at the funding opportunity to create sustainable digitization. Three billion euros have been committed to investing in digitization efforts, distributed to federal states based on account tax revenue and population size. Applications for the grant must be submitted promptly, as funds will be awarded on a “first come, first serve” principle. In attempts to strengthen IT security, at least 15 percent of each grant must be related to such efforts.
HSCN (Health and Social Care Network)
(United Kingdom) The Health and Social Care Network (HSCN) is a data network for health and care organizations that replaced the N3 Network in the NHS. NHSD and NHSE no longer recommend the use of HSCN; the approach is now web-first with correct level security.
HTTP (Hypertext Transfer Protocol) is the foundation for application-level communication on the internet.
HTTPS (Hypertext Transfer Protocol Secure) is the product of layering HTTP on top of the SSL/TLS encryption protocol with the goal of preventing “man in the middle” eavesdropping during network transport.
(Global) The concept of integrated care refers to a system or partnership of organizations that collaborate and communicate to strive towards a common set of goals, typically better health outcomes for a community or group of people.
(United Kingdom) In the United Kingdom, an NHS Integrated Care System (ICS) is a partnership of organizations that are united in providing a joined-up approach to health and social care in their area. They work together to help improve health and reduce inequalities, enable efficiencies and level-up population health. There are 42 ICSs across England, each covering populations of around 500,000 to 3 million people. An ICS is comprised of an integrated care partnership (ICP), integrated care board (ICB), local authorities, place-based partnerships, and provider collaboratives.
ICD (International Classification of Diseases)
The International Classification of Diseases (ICD) is a globally used diagnostic tool for epidemiology, health management and clinical purposes. The ICD is revised periodically and is currently in its 11th revision. The ICD-11, as it is therefore known, was accepted by WHO’s World Health Assembly (WHA) on 25 May 2019 and officially came into effect on 1 January 2022.
IDN (Integrated Delivery Network)
An integrated delivery network (IDN) is an organization that owns and operates a network of multiple healthcare facilities. Examples of IDNs include Kaiser Permanente, Mayo Clinic, Cleveland Clinic, Geisinger Health System, and Intermountain Healthcare.
IHE (Integrating the Healthcare Enterprise)
(United States) Integrating the Healthcare Enterprise (IHE) is an initiative by healthcare professionals and industry to improve the way computer systems in healthcare share information. IHE promotes the coordinated use of established standards such as DICOM and HL7 to address specific clinical needs in support of optimal patient care Visit the IHE website.
An interface engine can transform or map the data to the receiving application’s requirements while the message is in transit so that it can be accepted by the receiving application. The application interface is built with one-to-many concepts in mind. These import/export modules then are connected to an interface engine so that the mapping, routing, and monitoring are managed by this system.
IoT (Internet of Things)
The IoT is the networking of connected devices, smart devices, buildings, and other items embedded with electronics, software, sensors, and network connectivity that enable these objects to smartly exchange data. The IoT allows objects to be sensed or controlled remotely across an existing network or infrastructure, allowing a more direct integration of the physical world with computer-based systems
Interoperability refers to the ability of two or more systems or components to exchange information and to use the information that has been exchanged.
See also: semantic interoperability
(United Kingdom) ITK3 FHIR covers transfer of care which is a FHIR version of an electronic discharge summary. This is required of all Trusts by NHSD.
KLAS is a research firm with a mission to improve healthcare delivery by enabling providers to be heard and counted. Working with thousands of healthcare professionals and clinicians, KLAS gathers data on software, services, and medical equipment to deliver timely reports, trends and statistical overviews. The research directly represents the provider voice and acts as a catalyst for improving vendor performance. The annual Best in KLAS®: Software & Services report is widely considered the equivalent of Consumer Reports for enterprise-level healthcare technology.
Large Language Models
Large language models (LLM) are a subset of advanced AI that analyzes and generates text-based content by training vast amounts of text data and utilizing deep learning techniques.
LOINC (Logical Observation Identifiers Names and Codes)
LOINC applies universal code names and identifiers to medical terminology related to the EHR and assists in the electronic exchange and gathering of clinical results (such as laboratory tests, clinical observations, outcomes management and research).
Machine learning (ML) is a subset of AI that develops algorithms and models that enable systems to learn from data and make predictions or decisions without explicit programming.
MACRA (Medicare Access and CHIP Reauthorization Act of 2015)
(United States) MACRA or the Medicare Access and CHIP Reauthorization Act of 2015 is a bipartisan federal legislation signed into law on April 16, 2015. The law establishes new ways to pay physicians for caring for Medicare beneficiaries. The law also includes new funding for technical assistance to providers, funding for measure development and testing. MACRA enables new programs and requirements for data sharing to include the use of APIs and establishes new federal advisory groups. It is comprehensive legislation that has the potential to significantly restructure healthcare.
A match engine is a component of an EMPI. It is the method by which different records can be identified as being for the same patient. A match engine may be deterministic, probabilistic, or naturalistic. The match engine must be configured and tuned for each implementation to minimize false matches. The accuracy and performance of the match engine are a big factor in determining the value and ROI for an EMPI solution.
The attributes a match engine is configured to use typically includes name, date of birth, sex, social security number, and address. The match engine must be able to give consideration to data challenges such as typos, misspellings, transpositions, and aliases.
MESH (Message Exchange for Social Care and Health)
(United Kingdom) MESH is the nationally recognized way to share data between health and social care organizations in the UK. MESH can be used to securely share files of any type.
MIPS (Merit-based Incentive Payment System)
(United States) MIPS is a Medicare payment track created under MACRA; the other track is the Advanced Alternative Payment Model (AAPM). MIPS adjusts payment based on performance in four performance categories:
- Quality Based on the Physician Quality Reporting System (PQRS)
- Cost Based on the Value-based Payment Modifier (VBPM)
- Advancing Care Information (ACI) Based on the Medicare EHR Incentive Program (Meaningful Use)
- Improvement Activities (IA)
Medical Record Number
The medical record number is a unique ID, typically found within a hospital network. It can also be called a Local ID, and is use to link patient records to within the Enterprise Master Patient Index (EMPI).
NLP (Natural Language Processing)
Natural language processing (NLP) is a subset of AI that focuses on enabling systems to understand, interpret, and generate human language.
NCPDP (National Council for Prescription Drug Programs)
(United States) The National Council for Prescription Drug Programs (NCPDP) creates and promotes the transfer of data related to medications, supplies, and services within the healthcare system through the development of standards and industry guidance. Visit the NCPDP website at www.ncpdp.org.
NDC (National Drug Code)
(United States) The National Drug Code (NDC) is a unique product identifier used in the United States for drugs intended for human use. Drug products are identified and reported using a unique, three-segment number.
NDF-RT (National Drug File-Reference Terminology)
(United States) NDF-RT was a terminology maintained by the Veterans Health Administration (VHA). It groups drug concepts into classes. It was part of RxNorm until March 2018.
The final version of the National Drug File Reference Terminology was released in February 2018. The Medication Reference Terminology (MED-RT) is the evolutionary successor to NDF-RT.
NHS (National Health Service)
(United Kingdom) The National Health Service (NHS) is the umbrella term for the publicly funded healthcare systems of the United Kingdom, covering medical and health care services that everyone residing in the UK can utilize without having to pay for the full cost of the service(s). Additional government funded healthcare extends beyond the UK, as NHS Scotland, NHS Whales and Health and Social Care in Northern Ireland also hold the responsibility of providing healthcare.
NHS Digital Health & Social Care Plan
(United Kingdom) Digital transformation is underway within the NHS. The NHS Digital Health & Social Care Plan focuses on delivering health and social care more effectively and personalized through investment in electronic patient records and digital tools. The NHS App will become the front door to NHS services, increasing functionality and value for patients. The NHS recognizes the opportunities digital transformation provides, with long term growth, benefitting efficiencies, economic growth, and private investment.
The 4 goals of system reform set forth by the Secretary of State are:
- Prevent people’s health and social care needs from escalating
- Personalize health and social care and reduce health disparities
- Improve the experience and impact of people providing services
- Transform performance
(United Kingdom) NHS frameworks are agreements used by buyers in the NHS to procure digital products and services from accredited vendors with the aim of avoiding duplication and lowering spend. They also enable buyers to avoid comprehensive tendering processes when engaging approved vendors listed on a framework.
(United Kingdom) An NHS number is the unique number assigned to an individual to help healthcare professionals accurately identify you. Everyone registered with the NHS in England, Wales, and the Isle of Man has their own number.
NZ Privacy Act 2020
(New Zealand) New Zealand’s Privacy Act began in December 2020, modernizing previous privacy laws to align with international standards and technology. Significant changes to note are mandatory breach notifications, increased investigative and regulatory powers for the New Zealand Privacy Commissioner, and new criminal penalties including fines up to $10,000. The Privacy Act also applies to international business, any actions taken by companies working with a business in New Zealand that collects or holds personal information must comply.
ODS (Organisation Data Service)
(United Kingdom) The ODS publishes codes that identify organizations and individuals across health and social care.
OEM (original equipment manufacturer)
An OEM is generally perceived as a company that produces parts and equipment that may be marketed by another manufacturer.
ONC-ATCB (ONC-Authorized Testing and Certification Bodies)
Following the Meaningful Use stage one final rule in July of 2010, the Office of the National Coordinator selected six organizations to assume responsibility for the certification of complete EHR and EHR modules. These ONC-ATCB are required to certify based upon the certification requirements outlined in the Standards and Certification Criteria Final Rule. According to the ONC, “Certification by an ATCB will signify to eligible professionals, hospitals, and critical access hospitals that an EHR technology has the capabilities necessary to support their efforts to meet the goals and objectives of Meaningful Use.”
Open source is software for which the original source code is made freely available and may be redistributed and modified.
PACS (Picture Archiving Communication Systems)
PACS are devoted to the storage, retrieval, distribution, and presentation of images. The medical images are stored in an independent format, most commonly DICOM.
Parse means to break a data block into smaller chunks by following a set of rules or standards so that it can be more easily interpreted, managed, or transmitted by a computer. HL7 messages are typically parsed using an integration engine.
PAS (Patient Administration System)
(Europe, Asia) In some countries, the term Patient Administration System (PAS) is used interchangeably with or as a subset of Electric Health Record (EHR). Patient administration systems are software systems used in healthcare organizations to manage and maintain patient-related administrative tasks and information. It serves as a central hub for various functions to help streamline manual administrative work. A PAS keeps a record of all demographic information on a patient such as name, date of birth, or address, as well as patient appointments, admission and discharge management, and more.
A patient portal is a secure online website that gives patients convenient 24-hour access to personal health information from anywhere with an internet connection. Using a secure username and password, patients can view health information such as recent doctor visits, discharge summaries, medications, immunizations, allergies, and lab results.
Some patient portals also allow patients to exchange secure e-mail with their health care teams, request prescription refills, schedule non-urgent appointments, make payments, and more.
Payload refers to the content of the message being sent (i.e., the message body). A payload, for example, could be JSON, HL7, CSV, PDF, or other file or message type. Corepoint and Rhapsody engines have the capability to do all payloads including custom payloads.
PDS (Personal Demographic Service)
(United Kingdom) The Personal Demographic Service (PDS) is the national electronic database of NHS patient demographic details such as name, address, date of birth and NHS Number. The PDS also allows healthcare professionals to contact and communicate with patients through text or email.
Personal Health Record
Personal health record is an electronic application used by patients to maintain and manage their health information in a private, secure, and confidential environment.
PII (Personal Identifying Information)
PII is any data that could potentially identify a specific individual, including any piece of information or combination of information that, together, can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records; and any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.
A computer platform is a system consisting of a hardware device and an operating system that an application, program, device or process runs on.
A point-to-point interface is one in which the receiving vendor provides a specification on what data it can receive and in what format it needs to be in. The sending application then builds an interface to that specification for that application. It is a one-to-one relationship. For each application requiring an interface, there is a new request and point-to- point interface developed.
Population health is the health outcome of a group of individuals and can be defined in myriad ways, such as diagnosis, disease, geography, economic, and more. These groups often include geographic populations such as nations or communities, but can also be other groups such as employees, ethnic groups, disabled persons, prisoners, or any other defined group.
A provider registry (also called a directory or index) aggregates provider information across systems and generates a single best record that can be shared and accessed by all upstream and downstream systems. The provider registry makes it easier to update and share accurate provider information across organizations.
A Qualified Health Information Network (QHIN) is a network of organizations that work together to share data. QHINs connect directly with each other as a way to promote interoperability between the networks that are a part of. A QHIN is guided by TEFCA. QHINS improve healthcare by:
- Increasing data sharing
- Increasing access to information
- Improving care coordination and patient access
- Enhancing clinical decision-making, decreasing costs, and improving patient outcomes
Referential matching, also known as third party data matching, involves taking third party patient demographic data containing unique identifiers and using it to better match patient records. Rather than compare incomplete records with each other to try to match them, the organization would compare each incomplete record with a more comprehensive referential database. This works across multiple organizations if they all use the same referential list of demographic data formatted the same way. In 2018, The PEW Charitable Trusts identified referential matching using third party patient data as a good way to improve patient matching.
REST (Representational State Transfer)
REST is a web services approach used heavily in social media sites. Uses HTTP in conjunction with GET, POST, PUT, and DELETE. The use of RESTful web services as an API has been on the rise over the last decade across all industries. RESTful web services is embraced by organizations such as Facebook, Twitter, and Amazon as their primary API. In addition, related technologies such as XML, JSON, and Oauth, are also common when dealing with encoding and authorization. These technologies have well supported tools and a large talent pool of IT resources.
RIS (Radiology Information System)
RIS is the main application in an imaging center or radiology department. RIS is used to store, manipulate and distribute patient radiological data and imagery. RIS is used for patient scheduling, tracking, and image tracking. Read the Rethinking Radiology Workflow white paper.
(United States) RxNorm provides normalized names for clinical drugs and links its names to many of the drug vocabularies commonly used in pharmacy management and drug interaction software, including those of First Databank, Micromedex, and Gold Standard Drug Database. By providing links between these vocabularies, RxNorm can mediate messages between systems not using the same software and vocabulary.
RxNorm now includes the United States Pharmacopeia (USP) Compendial Nomenclature from the United States Pharmacopeial Convention. USP is a cumulative data set of all Active Pharmaceutical Ingredients (API).
Semantic interoperability is the ability for systems to exchange and interpret data accurately and meaningfully, ensuring the intended meaning of the data is preserved and understood by all parties involved. A key element of semantic interoperability includes clinical terminology. Semantic interoperability makes healthcare data analytics possible by enriching and providing meaning to healthcare data.
See also: clinical terminology
The Sequioa Project is a non-profit organization that supports nationwide interoperability and health information exchange initiatives. Sequoia supports two health IT initiatives: eHealth Exchange, a HIE network, and Carequality, a multi-stakeholder interoperability collaborative.
SDOH (Social Determinants of Health)
Social determinants of health are the non-clinical factors that impact a person’s health outcomes. The social, economic, and physical conditions in the places where people are born and where they live, learn, work, play, and age can affect a person’s health, well-being, and quality of life. SDOH impacts health equity and contributes to health disparities. SDOH includes factors such as:
Single Best Record
The Single Best Record (SBR) contains the most current information for each patient, as well as historical information, such as previous names (aliases), addresses, or phone numbers. Each of these SBR records include an Enterprise Unique Identification number or EUID. The Single Best Record is a global record that is assembled to be the best representation of a person entity. SBRs include one or more system records for the same person. The SBR is part of a person profile and is recalculated each time a system record is added. Synonyms for SBR are Composite Record, Golden Record, and Enterprise Record.
SMSP (Spine Mini Service Provider)
(United Kingdom) The NHS Digital Spine Mini Service Provider (SMSP) allows health and social care providers access to important information held on Spine and aims to reduce complexities with integrating with the Spine. As of 14 October 2021, SMSP is now deprecated.
SNOMED CT (Systematized Nomenclature of Medicine – Clinical Terms)
SNOMED CT is a standardized, multilingual vocabulary of clinical terminology that is used by healthcare providers for the electronic exchange of clinical health information. SNOMED CT can be mapped to other coding systems, such as ICD-9 and ICD-10, which helps facilitate semantic interoperability. It is accepted as a common global language for health terms in over 50 countries.
SOAP Envelope refers to the outermost wrapper of a SOAP message, containing addressing and security information.
SSL (Secure Sockets Layer)
SSL is a cryptologic protocol for securing communications over a network. The successor to SSL is TLS.
(United Kingdom) Spine supports the IT infrastructure for health and social care in England and allows information to be shared securely through national services.
Summary care record
(United Kingdom) The summary care record (SCR) is an electronic record that contains information about a patient’s current medication, allergies, and information such as a patient’s name, address, date of birth and NHS number.
TCP/IP (Transmission Control Protocol/Internet Protocol)
TCP/IP is a low-level communications protocol used to connect hosts on the Internet or a network. TCP/IP connections are established between clients and servers via sockets. TCP/IP is stream-oriented meaning it deposits bits in one end and they show up at the other end.
- Socket is “communication endpoint”
- Server = wait for connection
- Client = initiate connection
- Sequenced, reliable transport
- Bi-directional by definition
- Sometimes/often used uni-directionally
TEFCA (Trusted Exchange Framework and Common Agreement)
The goal of the TEFCA is to establish a universal floor for interoperability across the country. TEFCA was required by the bipartisan 21st Century Cures Act, signed in 2016. TEFCA is a nationwide system that safely and easily shares healthcare information. TEFCA establishes one technical framework and one common agreement. TEFCA aims to lessen the friction at the network level by establishing a universal framework adopted by the existing network.
Telehealth is the use of electronic information and telecommunications technologies to support long-distance clinical healthcare, patient and professional health-related education, public health, and health administration.
TLS (Transport Layer Security)
TLS is a successor to SSL and offers increased security.
See also: SSL
Transition of Care
Transition of care is a process that involves the transfer of care of a patient from one physician or caregiver to another caregiver.
TIE (Trust Integration Engine)
(United Kingdom) NHS Foundation Trusts are a part of the NHS, however they have more flexibility in their ability to run a hospital and greater say in the ways services are provided. Foundation Trust is a status that only specific hospitals may acquire by proving a commitment to high clinical standards, excellent leadership, and a positive record patient care and responsiveness. NHS Trusts typically contain an integration engine (TIE) that handles messages between applications and data sources, such as sharing information to the NHS, assign hospital beds, and scheduling patients. TIE are imperative to maintain a high functioning hospital and health system. The sophisticated nature of TIE spread from patient information such as test results, to conducting administrative tasks. There is a risk that without a reputable TIE can lead to penalties and a collapse in administration, as the alternative would be resorting to paper system that is unable to adhere to NHS regulations and demands. NHS requires a variety of standards to be met, relying on automated systems that would cause an extreme backlog if an integration system could not function properly, thus incurring large fines.
USCDI (United States Core Data)
(United States) The United States Core Data for Interoperability (USCDI) is a standardized set of health data classes and constituent data elements for nationwide, interoperable health information exchange. The first version of the United States Core Data for Interoperability (USCDI v1) is adopted as a standard in the ONC Cures Act Final Rule. The USCDI sets a foundation for broader sharing of electronic health information to support patient care
UX (User experience)
UX is a practice that focuses on having a deep understanding of technology users, including what they need, what they value, and their abilities. From a vendor’s point of view, UX promotes improving the quality of the user’s interaction with and perceptions of the product
(United States) Value-based care models of healthcare reward providers with incentives for the quality of care they provide Medicare patients. These programs are part of CMS’ strategy to reform healthcare’s business model from the previous fee-for-service model of delivery. Value-based care programs support the government’s three-part aim of healthcare:
- Better care for individuals
- Better health for populations
- Lower cost
Web services are a standardized way of integrating applications. Using open standards, businesses can communicate without in-depth knowledge of one another’s systems, beyond the communication protocol. Because all communication is XML-based, web services are not restricted to a specific operating system or programming language and do not require the use of browsers or HTML.
A workflow is an organized, repeatable pattern of clinical activities that are enabled by the systematic organization of resources into processes that transform data, provide services, and/or process information. It can be described as a sequence of operations, declared as the work of a caregiver or data processes performed by technology.
21st Century Cures
(United States) The 21st Century Cures Act was signed into law December 13, 2016 and is designed to help accelerate medical product development and bring new innovations and advances to patients who need them faster and more efficiently.