Glossary of Common eHealth Terms
The following glossary of eHealth terms was created based on a project by the Multi-State Consumer Education and Engagement Collaborative of the Health Information Security and Privacy Collaboration (HISPC/CEEC).
Makes sure that the actions of a person or agency may be traced to that individual or agency.
A software program that checks a computer or network to find all major types of harmful software that can damage a computer system.
A record showing specific individuals who have accessed a computer and what they have done while they were in that computer.
Verifying the identity of a user, process, or device, before allowing access to resources in an information system.
A copy of files made to help regain any lost information in a record if necessary.
Obligation of a person or agency that receives information about an individual, as part of providing a service to that individual, to protect that information from unauthorized persons or unauthorized uses. Confidentiality also includes respecting the privacy interest of the individuals who are associated with that information.
Consent is the permission granted by an authorized person that allows the provider, agency, or organization to release information about a person. The authorized person may be the subject of the information or they may be a designated representative such as a parent or guardian. Law, policy and procedures, and business agreements guide the use of consent.
The process used to “unscramble” information so that a “scrambled” or jumbled message becomes understandable.
De-identified Health Information
Name, address, and other personal information are removed when sharing health information so that it cannot be used to determine who a person is.
Uniquely identifies one person electronically and is used like a written signature. For example, a doctor or nurse may use a digital signature at the end of an e-mail to a patient just as he or she would sign a letter.
The release, transfer of information to someone else.
The translation of information to a code to keep it secret.
Any observable occurrence in a network or system.
Health Information Exchange
The secure sharing of patient health information by authorized health care professionals.
Health Information Organization or HIO
An organization that oversees and governs the exchange of individually identifiable health information among organizations according to nationally recognized standards. Health information organization does not include:
(a) A health care provider or an electronic health record maintained by or on behalf of a health care provider.
(b) Entities that are subject to title 20 or that are health plans as defined in 45 Code of Federal Regulations section 160.103.
(c) The exchange of individually identifiable health information directly between health care providers without a separate organization governing that exchange.
An HIO must be an organization that is independent and separate from a health care provider or health care provider organization such as a hospital system, and the definition of an HIO does not apply to health plans.
HIPAA Notice or Health Insurance Portability and Accountability Notice of Privacy Practices
The law Congress passed in 1996 that requires that health information be kept private and secure. It also makes sure that health insurance would not stop when a person changed employers.
A unique characteristic of an individual person. For example, a driver’s license proves that this person is who he or she says they are.
Using personal information without that person’s permission.
Data or information that has not been changed or destroyed in an unauthorized way.
Log In, Logging Into
The action a person must take to confirm his or her identity before being allowed to use a computer system.
Notice of Privacy Practices or Privacy Notice
HIPAA requires that all covered health plans, health care clearinghouses, or health care providers give patients a document that explains their privacy practices and how information about the patients’ medical records may be shared.
An individual’s written decision that his/her identifiable health information cannot be shared through a health information organization. This means that individual’s health/medical records are not available for sharing among authorized health care providers even during an emergency. Arizona residents who would like their doctors and other health care providers to electronically and securely share their health information DO NOT NEED TO DO ANYTHING.
The consent or authorization that patients provide regarding their health care or the use of their health information.
Privacy & Security
Processes, practices, and software that secure health information from unauthorized access, ensuring that the information is not altered and that it is accessible when needed by those authorized.
Protected Health Information
Health information transmitted or maintained in any form that can reasonably be used to identify an individual.
Measures that protect the security of health information.
Health information such as details on substance abuse, family planning, mental health, and others.
This is the act of gaining access to a network, system, application, health information, or other resource without permission.
An act that involves exposing, releasing, or displaying health information to those not authorized to have access to the information.
Sharing, employing, applying, utilizing, examining, or analyzing health information.