Glossary
The acronyms that show up when you’re exporting patient data, signing a vendor contract, or untangling a HIPAA question. Search by term or scan by category.
42 terms
Admit/Discharge/Transfer — the HL7 v2 message that announces patient events.
Record of who accessed which chart and when.
Business Associate Agreement — required contract before a vendor can touch PHI.
Requires notice to patients (and sometimes HHS and the press) after a PHI breach.
A vendor that handles PHI for a Covered Entity.
Consolidated CDA — the document format most EHRs export today.
Continuity of Care Document — a legacy XML summary export of a patient chart.
Clinical Document Architecture — XML standard that CCD and C-CDA are built on.
Middleman that receives claims from your PMS and routes them to insurance payers.
Provider, health plan, or clearinghouse that HIPAA applies to directly.
Procedure code set owned by the AMA — what was done in the visit.
Reference doc that explains what every field in the export means.
Stripping identifiers from PHI so it's no longer subject to HIPAA.
An export of only the records that changed since the last export.
Electronic Health Record — the digital chart system a clinic uses for clinical care.
Electronic Medical Record — usually a single-practice digital chart system.
Electronic PHI — PHI stored or transmitted in digital form.
Modern HTTP/JSON API for clinical data — the direction most vendors are heading.
Health Information Exchange — a regional network that moves records between providers.
Federal law governing how health information is used, shared, and protected.
Long-running family of messaging standards for clinical data.
Pipe-delimited messages still running between most hospital systems today.
Diagnosis code set used on every claim and chart in the US.
Standard codes for lab tests and clinical observations.
Spreadsheet that lines up source fields to destination fields.
Rule that PHI access should be limited to what's needed for the task.
Medical Record Number — the EHR's internal patient ID.
National Provider Identifier — the 10-digit number every provider has.
Pulling one or many patient records out of an EHR in a usable format.
Protected Health Information — health data tied to an identifiable person.
Practice Management System — handles scheduling, claims, and billing.
HIPAA section governing who can see, use, and disclose PHI.
Revenue Cycle Management — the workflow from patient eligibility to paid claim.
Standard codes for medications across systems.
HIPAA section requiring administrative, physical, and technical safeguards for ePHI.
OAuth-based authorization framework on top of FHIR for third-party apps.
A point-in-time export of every record in the system.
Comprehensive clinical terminology used to encode diagnoses inside the chart.
Discrete fields you can query vs free-text or images that require parsing.
Replacing identifiers with reversible tokens so records can be linked but not identified.
United States Core Data for Interoperability — the federal baseline of fields.
ANSI claim format — what your clearinghouse sends to insurance payers.