We’ve outlined some key terms and frequently referenced acronyms for your reference below.
An actor is something with behavior. Actors can include people, organizations, software processes or services.
Authentication Level of Assurance 2 as outlined in NIST Guideline 800-63-3
American National Standard
American National Standards Institute – private non-profit organization that oversees the development of voluntary consensus standards for products, services, processes, systems, and personnel in the United States. More information at www.ansi.org
Accredited Trust Anchor Bundle of DirectTrust
Business Associate Agreement
Certificate Authority – authority in a network that issues and manages security credentials and public keys for message encryption
Continuity of Care Document
Consolidated Clinical Document Architecture
Clinical Document Architecture – XML-based markup standard intended to specify the encoding, structure and semantics of clinical documents for exchange – part of HL7 version 3 standard
Certified Electronic Health Record Technology
Certified Information Systems Security Professional – independent information security certification governed by International Information Systems Security Certification Consortium also known as (ISC)
Centers for Medicare & Medicaid Services
Cross-vendor, live, supervised, and structured testing event with vendors, engineers and IT architects conducting interoperability testing and problem resolution.
Certificate Policy – specialized form of administrative policy tuned to electronic transactions performed during certificate management
Certificate Practice Statement – public statement that describes the practices that a Certification Authority employs for issuing, renewing, revoking and validating Digital Certificates and for supporting reliance on Certificates
Digital Imaging and Communications in Medicine
A reference to the activities of a group of healthcare industry technologists and policy people that worked to develop a simple and secure standards-based mechanism to allow senders to push health information securely to known receivers, now known as the Direct Standard™ under the custodianship of DirectTrust
Domain Name Server or Service
Electronic Health Record
Electronic Healthcare Network Accreditation Commission – More information at www.ehnac.org
Federal Bridge Certification Authority
Federal Identity, Credential, and Access Management
Health and Human Services
Health Information Exchange
Healthcare Information and Management Systems Society – more information at www.himss.org
Health Information Organization
Health Insurance Portability and Accountability Act
Health Informatics Service Architecture – standard aimed at enabling the development of modular open systems to support healthcare
Health Information Service Provider
Health Information Technology for Economic and Clinical Health
Health Information Trust Alliance – more information at hitrustalliance.net
Healthcare Information Technology Standards Panel
A standards body and membership organization that develops standards for exchanging information between medical applications. The standards themselves also carry the name HL7 – more information at www.hl7.org
International Classification of Diseases
Integrating the Healthcare Enterprise – develops “profiles” that provide guidance for how standards can be implemented. more information at www.ihe.net
Identity Assurance Level 2 as outlined in NIST Guideline 800-63-3.
International Organization for Standardization – more information at www.iso.org
Lightweight Directory Access Protocol – application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network
Level of Assurance
Level of Assurance 3 as outlined in NIST Guidelines for Identity Proofing and Authentication 800-63-2. “LOA” levels has been replaced by IAL levels in 800-63-3. LOA3 is a similar, but not idenitical standard as IAL2 for identity proofing. Authentication now has its own scale – AAL for Authentication Assurance Level.
Logical Observation Identifiers Names and Codes – universal code system for identifying laboratory and clinical observations
To receive an EHR incentive payment from the government, providers have to show that they are “meaningfully using” their EHRs by meeting thresholds for a number of objectives determined by CMS
National Institute of Standards and Technology – more information at www.nist.gov
National Institute of Standards and Technology’s technical requirements for remote authentication over an open network in response to OMB 04-04
Notice of Proposed Rulemaking
National Voluntary Laboratory Accreditation Program- provides third-party accreditation to testing and calibration laboratories
Operational Data Model
Oracle Internet Directory – LDAP v3-compliant, hierarchical data repository or Object Identifier
Office of Management and Budget describes 4 assurance levels, with qualitative degrees of confidence in the asserted identityÍs validity: Level 1 is little to no confidence; Level 2 is some confidence; Level 3 is high confidence; Level 4 is very high confidence
Office of the National Coordinator – more information at www.healthit.gov
Any program whose source code is made available for use or modification as users or other developers see fit
Open Systems Interconnection
Protected Health Information
Personal Health Record
Public Key Infrastructure – set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates
Post Office Protocol (Internet email protocol)
The primary actor is one whose goal the use case is supposed to satisfy.
Registration Authority – a authority in a network that verifies user requests for a digital certificate and tells the certificate authority to issue it
Reference document for writing a certificate policy that describes the general architecture of the related PKI, presents the different actors of the PKI and any exchanges based on certificates issued by this very same PKI.
Serial-attached SCSI is a method used in accessing computer peripheral devices that employs a serial (one bit at a time) means of digital data transfer over thin cables
Security & Trust Compliance
A scenario is a sequence of interactions that happens under certain conditions, with the intent to achieve the primary actor’s goal, and having a particular result with respect to that goal. Typically, a scenario is phrased in generic terms, using placeholders for the identity of the primary actor and the actual values passed around.
Standards Development Organization
Study Data Tabulation Model – standard structure for human clinical trial (study) data tabulations that are to be submitted as part of a product application to a regulatory authority
A secondary actor is an external actor against which the system under design has a goal. There can be more than one secondary actor.
Service Level Agreement
Secure Sockets Layer – commonly-used protocol for managing the security of a message transmission on the Internet
A step is a unit of writing in a use case. Typically one sentence, usually describes behavior of only one actor.
Transport Layer Security – protocol that ensures privacy between communicating applications and their users on the Internet
A use case is the statement of the goal the primary actor has toward the system’s declared responsibilities, and the collection of possible scenarios between the system under discussion and various actors, showing how the primary actor’s goal might be delivered or might fail.
Digital certificate standard format used for secure management and distribution of digitally signed certificates across secure Internet networks. Describes two different levels of Authentication: Simple authentication, which is based on the use of a password to verify user identity; and strong authentication, which uses credentials that are created by cryptographic means
IHE Profile for Cross-enterprise Document Media Interchange
IHE Profile for Cross-enterprise Document Reliable Interchange