Iowa e-Health is dedicated to promoting the use of electronic health information via the IHIN. This glossary will provide some basic definitions and if you have additional questions, please feel free to reach out. We are here to help.
Acceptable Use Policy
Set of rules and guidelines that specify appropriate use of computer systems or networks.
Preventing the unauthorized use of health information resources.
Makes sure that the actions of a person or agency may be traced to that individual or agency.
Personal information which has been processed to make it impossible to know whose information it is.
A software program that checks a computer or network to find all major types of harmful software that can damage a computer system.
A record showing specific individuals who have accessed a computer and what they have done while they were in that computer.
Verifying the identity of a user, process, or device, before allowing access to resources in an information system.
A copy of my files made to help regain any lost information in my record if necessary.
A complete examination of an information system to be sure that the system can perform at the level required to support the intended results and meet the national standards for health information technology.
Obligation of a person or agency that receives information about an individual, as part of providing a service to that individual, to protect that information from unauthorized persons or unauthorized uses. Confidentiality also includes respecting the privacy interest of the individuals who are associated with that information.
Consent is the permission granted by an authorized person that allows the provider, agency, or organization to release information about a person. The authorized person may be the subject of the information or they may be a designated representative such as a parent or guardian. Law, policy and procedures, and business agreements guide the use of consent.
Continuity of Care Document (CCD)
A summary of a patient's health information for each visit to a health care provider to be delivered through the health information exchange.
Data Use Agreement
An agreement between a health provider, agency, or organization and a designated receiver of information to allow for the use of limited health information for the purpose of research, public health, or health care operations. The agreement assures that the information will be used only for specific purposes.
De-identified Health Information
Name, address, and other personal information are removed when sharing health information so that it cannot be used to determine who a person is.
The process used to "unscramble" information so that a "scrambled" or jumbled message becomes understandable.
Like a driver's license, it proves electronically that the person is who he or she says they are.
Uniquely identifies one person electronically and is used like a written signature. For example, a doctor or nurse may use a digital signature at the end of an e-mail to a patient just as he or she would sign a letter.
The release or, transfer, of information to someone else.
Electronic Health Record (EHR)
A longitudinal electronic record of patient health information generated by one or more encounters in any care delivery setting. Included in this information are patient demographics, progress notes, problems, medications, vital signs, past medical history, immunizations, laboratory data and radiology reports.
The translation of information to a code to keep it secret.
Any observable occurrence in a network or system.
Health Information Exchange (HIE)
The electronic sharing of health information across organizations within a community, region, or state.
Health Information Privacy
An individual's right to control the acquiring, use or release of his or her personal health information.
Health Information Security
The protection of a person's personal health information from being shared without the owner's permission.
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
The law Congress passed in 1996 to make sure that health insurance would not stop when he or she changed employer. It also requires that health information be kept private and secure.
A unique characteristic of an individual person. For example, a driver's license proves that this person is who he or she says they are.
Using personal information without that person's permission.
Incident Response Plan
The instructions or procedures that an organization can use to detect, respond to, and limit the effect of computer system attacks.
Information exchange between a clinical investigator and research subjects. This exchange may include question/answer sessions, verbal instructions, measures of understanding, and reading and signing informed consent documents and recruitment materials.
Data or information that has not been changed or destroyed in an unauthorized way.
The ability of systems or components to exchange health information and to use the information that has been exchanged accurately, securely, and verifiably, when and where needed.
Limited Data Set
Health information that does not contain identifiers. It is protected but may be used for certain purposes without the owner's consent.
Log In, Logging Into
The action a person must take to confirm his or her identity before being allowed to use a computer system.
Master Patient Index (MPI)
A list of all known patients in an area, activity, or organization.
National Provider Identifier (NPI)
A system for classifying all providers of health care services, supplies, and equipment covered under HIPAA.
Nationwide Health Information Network (NHIN)
An interoperable network based on standards that is across the nation and enables the secure exchange of heath information.
The process of confirming proof of information delivery to the sender and proof of sender identity to the recipient.
Notice of Privacy Practices or Privacy Notice
HIPAA requires that all covered health plans, health care clearinghouses, or health care providers give patients a document that explains their privacy practices and how information about the patients' medical records may be shared.
Patients or consumers adding or removing themselves from participation in health information technology systems (e.g., HIE).
An authorized provider, payer, patient, health care organization, local board of health or the Iowa Department of Public Health that has agreed to authorize, submit, access and/or disclose health information through the health information exchange in accordance with all applicable laws, rules, agreements, policies and procedures.
The consent or authorization that patients provide regarding their health care or the use of their health information.
An insurance company, self-insured employer, government program, individual or other purchaser, that makes payments for health services.
Protected Health Information
Health information transmitted or maintained in any form that can reasonably be used to identify an individual.
A person, hospital, physician clinic, pharmacy, laboratory or other health service provider that is licensed, certified, or otherwise authorized by law to administer health care in the ordinary course of business or in the practice of a profession, or any other person or organization that furnishes, bills or is paid for health care in the normal course of business.
Any individual, employer or organization that purchases health insurance and includes intermediaries.
Measures that protect the security of health information.
Processes, practices, and software that secure health information from unauthorized access, ensuring that the information is not altered and that it is accessible when needed by those authorized.
Health information with greater privacy and security protections established by law, including substance abuse, family planning, mental health, HIV/AIDS, and genetic disorders.
This is the act of gaining access to a network, system, application, health information, or other resource without permission.
An act that involves exposing, releasing, or displaying health information to those not authorized to have access to the information.
Sharing, employing, applying, utilizing, examining, or analyzing health information.