Resources
Glossary
We’ve outlined some key terms and frequently referenced acronyms for your reference below.
Actor
An actor is something with behavior. Actors can include people, organizations, software processes or services.
ALA2
Authentication Level of Assurance 2 as outlined in NIST Guideline 800-63-3
ANS
American National Standard
ANSI
American National Standards Institute – private non-profit organization that oversees the development of voluntary consensus standards for products, services, processes, systems, and personnel in the United States. More information at www.ansi.org
ATAB
Accredited Trust Anchor Bundle of DirectTrust
BAA
Business Associate Agreement
CA
Certificate Authority – authority in a network that issues and manages security credentials and public keys for message encryption
CCD
Continuity of Care Document
C-CDA
Consolidated Clinical Document Architecture
CDA
Clinical Document Architecture – XML-based markup standard intended to specify the encoding, structure and semantics of clinical documents for exchange – part of HL7 version 3 standard
CEHRT
Certified Electronic Health Record Technology
CISSP
Certified Information Systems Security Professional – independent information security certification governed by International Information Systems Security Certification Consortium also known as (ISC)
CMS
Centers for Medicare & Medicaid Services
Connectathon
Cross-vendor, live, supervised, and structured testing event with vendors, engineers and IT architects conducting interoperability testing and problem resolution.
CP
Certificate Policy – specialized form of administrative policy tuned to electronic transactions performed during certificate management
CPS
Certificate Practice Statement – public statement that describes the practices that a Certification Authority employs for issuing, renewing, revoking and validating Digital Certificates and for supporting reliance on Certificates
DICOM
Digital Imaging and Communications in Medicine
Direct Project
A reference to the activities of a group of healthcare industry technologists and policy people that worked to develop a simple and secure standards-based mechanism to allow senders to push health information securely to known receivers, now known as the Direct Standard™ under the custodianship of DirectTrust
DNS
Domain Name Server or Service
E.H.R.
Electronic Health Record
EHNAC
Electronic Healthcare Network Accreditation Commission – More information at www.ehnac.org
FBCA
Federal Bridge Certification Authority
FICAM
Federal Identity, Credential, and Access Management
HHS
Health and Human Services
HIE
Health Information Exchange
HIMSS
Healthcare Information and Management Systems Society – more information at www.himss.org
HIO
Health Information Organization
HIPAA
Health Insurance Portability and Accountability Act
HISA
Health Informatics Service Architecture – standard aimed at enabling the development of modular open systems to support healthcare
HISP
Health Information Service Provider
HITECH
Health Information Technology for Economic and Clinical Health
HITRUST
Health Information Trust Alliance – more information at hitrustalliance.net
HITSP
Healthcare Information Technology Standards Panel
HL7
A standards body and membership organization that develops standards for exchanging information between medical applications. The standards themselves also carry the name HL7 – more information at www.hl7.org
ICD
International Classification of Diseases
IHE
Integrating the Healthcare Enterprise – develops “profiles” that provide guidance for how standards can be implemented. more information at www.ihe.net
IAL2
Identity Assurance Level 2 as outlined in NIST Guideline 800-63-3.
ISO
International Organization for Standardization – more information at www.iso.org
LDAP
Lightweight Directory Access Protocol – application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network
LOA
Level of Assurance
LOA3
Level of Assurance 3 as outlined in NIST Guidelines for Identity Proofing and Authentication 800-63-2. “LOA” levels has been replaced by IAL levels in 800-63-3. LOA3 is a similar, but not idenitical standard as IAL2 for identity proofing. Authentication now has its own scale – AAL for Authentication Assurance Level.
LOINC
Logical Observation Identifiers Names and Codes – universal code system for identifying laboratory and clinical observations
Meaningful Use
To receive an EHR incentive payment from the government, providers have to show that they are “meaningfully using” their EHRs by meeting thresholds for a number of objectives determined by CMS
NIST
National Institute of Standards and Technology – more information at www.nist.gov
NIST 800-63
National Institute of Standards and Technology’s technical requirements for remote authentication over an open network in response to OMB 04-04
NPRM
Notice of Proposed Rulemaking
NVLAP
National Voluntary Laboratory Accreditation Program- provides third-party accreditation to testing and calibration laboratories
ODM
Operational Data Model
OID
Oracle Internet Directory – LDAP v3-compliant, hierarchical data repository or Object Identifier
OMB 04-04
Office of Management and Budget describes 4 assurance levels, with qualitative degrees of confidence in the asserted identityÍs validity: Level 1 is little to no confidence; Level 2 is some confidence; Level 3 is high confidence; Level 4 is very high confidence
ONC
Office of the National Coordinator – more information at www.healthit.gov
Open Source
Any program whose source code is made available for use or modification as users or other developers see fit
OSI
Open Systems Interconnection
PHI
Protected Health Information
PHR
Personal Health Record
PKI
Public Key Infrastructure – set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates
POP
Post Office Protocol (Internet email protocol)
Primary Actor
The primary actor is one whose goal the use case is supposed to satisfy.
RA
Registration Authority – a authority in a network that verifies user requests for a digital certificate and tells the certificate authority to issue it
RFC 3647
Reference document for writing a certificate policy that describes the general architecture of the related PKI, presents the different actors of the PKI and any exchanges based on certificates issued by this very same PKI.
SAS
Serial-attached SCSI is a method used in accessing computer peripheral devices that employs a serial (one bit at a time) means of digital data transfer over thin cables
SATC
Security & Trust Compliance
Scenario
A scenario is a sequence of interactions that happens under certain conditions, with the intent to achieve the primary actor’s goal, and having a particular result with respect to that goal. Typically, a scenario is phrased in generic terms, using placeholders for the identity of the primary actor and the actual values passed around.
SDO
Standards Development Organization
SDTM
Study Data Tabulation Model – standard structure for human clinical trial (study) data tabulations that are to be submitted as part of a product application to a regulatory authority
Secondary Actor
A secondary actor is an external actor against which the system under design has a goal. There can be more than one secondary actor.
SLA
Service Level Agreement
SSL
Secure Sockets Layer – commonly-used protocol for managing the security of a message transmission on the Internet
Step
A step is a unit of writing in a use case. Typically one sentence, usually describes behavior of only one actor.
TLS
Transport Layer Security – protocol that ensures privacy between communicating applications and their users on the Internet
Use Case
A use case is the statement of the goal the primary actor has toward the system’s declared responsibilities, and the collection of possible scenarios between the system under discussion and various actors, showing how the primary actor’s goal might be delivered or might fail.
X.509
Digital certificate standard format used for secure management and distribution of digitally signed certificates across secure Internet networks. Describes two different levels of Authentication: Simple authentication, which is based on the use of a password to verify user identity; and strong authentication, which uses credentials that are created by cryptographic means
XDM
IHE Profile for Cross-enterprise Document Media Interchange
XDR
IHE Profile for Cross-enterprise Document Reliable Interchange