Resources

Actor

An actor is something with behavior. Actors can include people, organizations, software processes or services.

ALA2

Authentication Level of Assurance 2 as outlined in NIST Guideline 800-63-3

ANS

American National Standard

ANSI

American National Standards Institute – private non-profit organization that oversees the development of voluntary consensus standards for products, services, processes, systems, and personnel in the United States.  More information at www.ansi.org

ATAB

Accredited Trust Anchor Bundle of DirectTrust

BAA

Business Associate Agreement

CA

Certificate Authority – authority in a network that issues and manages security credentials and public keys for message encryption

CCD

Continuity of Care Document

C-CDA

Consolidated Clinical Document Architecture

CDA

Clinical Document Architecture – XML-based markup standard intended to specify the encoding, structure and semantics of clinical documents for exchange – part of HL7 version 3 standard

CEHRT

Certified Electronic Health Record Technology

CISSP

Certified Information Systems Security Professional – independent information security certification governed by International Information Systems Security Certification Consortium also known as (ISC)

CMS

Centers for Medicare & Medicaid Services

Connectathon

Cross-vendor, live, supervised, and structured testing event with vendors, engineers and IT architects conducting interoperability testing and problem resolution.

CP

Certificate Policy – specialized form of administrative policy tuned to electronic transactions performed during certificate management

CPS

Certificate Practice Statement – public statement that describes the practices that a Certification Authority employs for issuing, renewing, revoking and validating Digital Certificates and for supporting reliance on Certificates

DICOM

Digital Imaging and Communications in Medicine

Direct Project

A reference to the activities of a group of healthcare industry technologists and policy people that worked to develop a simple and secure standards-based mechanism to allow senders to push health information securely to known receivers, now known as the Direct Standard™ under the custodianship of DirectTrust

DNS

Domain Name Server or Service

E.H.R.

Electronic Health Record

EHNAC

Electronic Healthcare Network Accreditation Commission – More information at www.ehnac.org

FBCA

Federal Bridge Certification Authority

FICAM

Federal Identity, Credential, and Access Management

HHS

Health and Human Services

HIE

Health Information Exchange

HIMSS

Healthcare Information and Management Systems Society – more information at www.himss.org

HIO

Health Information Organization

HIPAA

Health Insurance Portability and Accountability Act

HISA

Health Informatics Service Architecture – standard aimed at enabling the development of modular open systems to support healthcare

HISP

Health Information Service Provider

HITECH

Health Information Technology for Economic and Clinical Health

HITRUST

Health Information Trust Alliance – more information at hitrustalliance.net

HITSP

Healthcare Information Technology Standards Panel

HL7

A standards body and membership organization that develops standards for exchanging information between medical applications. The standards themselves also carry the name HL7 – more information at www.hl7.org

ICD

International Classification of Diseases

IHE

Integrating the Healthcare Enterprise – develops “profiles” that provide guidance for how standards can be implemented. more information at www.ihe.net

IAL2

Identity Assurance Level 2 as outlined in NIST Guideline 800-63-3.

ISO

International Organization for Standardization – more information at www.iso.org

LDAP

Lightweight Directory Access Protocol – application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network

LOA

Level of Assurance

LOA3

Level of Assurance 3 as outlined in NIST Guidelines for Identity Proofing and Authentication 800-63-2. “LOA” levels has been replaced by IAL levels in 800-63-3.  LOA3 is a similar, but not idenitical standard as IAL2 for identity proofing.  Authentication now has its own scale – AAL for Authentication Assurance Level.

LOINC

Logical Observation Identifiers Names and Codes – universal code system for identifying laboratory and clinical observations

Meaningful Use

To receive an EHR incentive payment from the government, providers have to show that they are “meaningfully using” their EHRs by meeting thresholds for a number of objectives determined by CMS

NIST

National Institute of Standards and Technology – more information at www.nist.gov

NIST 800-63

National Institute of Standards and Technology’s technical requirements for remote authentication over an open network in response to OMB 04-04

NPRM

Notice of Proposed Rulemaking

NVLAP

National Voluntary Laboratory Accreditation Program- provides third-party accreditation to testing and calibration laboratories

ODM

Operational Data Model

OID

Oracle Internet Directory – LDAP v3-compliant, hierarchical data repository or Object Identifier

OMB 04-04

Office of Management and Budget describes 4 assurance levels, with qualitative degrees of confidence in the asserted identityÍs validity: Level 1 is little to no confidence; Level 2 is some confidence; Level 3 is high confidence; Level 4 is very high confidence

ONC

Office of the National Coordinator – more information at www.healthit.gov

Open Source

Any program whose source code is made available for use or modification as users or other developers see fit

OSI

Open Systems Interconnection

PHI

Protected Health Information

PHR

Personal Health Record

PKI

Public Key Infrastructure – set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates

POP

Post Office Protocol (Internet email protocol)

Primary Actor

The primary actor is one whose goal the use case is supposed to satisfy.

RA

Registration Authority – a authority in a network that verifies user requests for a digital certificate and tells the certificate authority to issue it

RFC 3647

Reference document for writing a certificate policy that describes the general architecture of the related PKI, presents the different actors of the PKI and any exchanges based on certificates issued by this very same PKI.

SAS

Serial-attached SCSI is a method used in accessing computer peripheral devices that employs a serial (one bit at a time) means of digital data transfer over thin cables

SATC

Security & Trust Compliance

Scenario

A scenario is a sequence of interactions that happens under certain conditions, with the intent to achieve the primary actor’s goal, and having a particular result with respect to that goal. Typically, a scenario is phrased in generic terms, using placeholders for the identity of the primary actor and the actual values passed around.

SDO

Standards Development Organization

SDTM

Study Data Tabulation Model – standard structure for human clinical trial (study) data tabulations that are to be submitted as part of a product application to a regulatory authority

Secondary Actor

A secondary actor is an external actor against which the system under design has a goal. There can be more than one secondary actor.

SLA

Service Level Agreement

SSL

Secure Sockets Layer – commonly-used protocol for managing the security of a message transmission on the Internet

Step

A step is a unit of writing in a use case. Typically one sentence, usually describes behavior of only one actor.

TLS

Transport Layer Security – protocol that ensures privacy between communicating applications and their users on the Internet

Use Case

A use case is the statement of the goal the primary actor has toward the system’s declared responsibilities, and the collection of possible scenarios between the system under discussion and various actors, showing how the primary actor’s goal might be delivered or might fail.

X.509

Digital certificate standard format used for secure management and distribution of digitally signed certificates across secure Internet networks. Describes two different levels of Authentication: Simple authentication, which is based on the use of a password to verify user identity; and strong authentication, which uses credentials that are created by cryptographic means

XDM

IHE Profile for Cross-enterprise Document Media Interchange

XDR

IHE Profile for Cross-enterprise Document Reliable Interchange