Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.
Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Devices that typically support SNMP include cable modems, routers, switches, servers, workstations, printers, and more.
Digital Imaging and Communications in Medicine (DICOM) is a technical standard for the digital storage and transmission of medical images and related information. It includes a file format definition, which specifies the structure of a DICOM file, as well as a network communication protocol that uses TCP/IP to communicate between systems. The primary purpose of the standard is to facilitate communication between the software and hardware entities involved in medical imaging, especially those that are created by different manufacturers. Entities that utilize DICOM files include components of picture archiving and communication systems (PACS), such as imaging machines (modalities), radiological information systems (RIS), scanners, printers, computing servers, and networking hardware.
Traceability is the capability to trace something. In some cases, it is interpreted as the ability to verify the history, location, or application of an item by means of documented recorded identification.
A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email. It is required for activities where simple passwords are an inadequate authentication method and more rigorous proof is required to confirm the identity of the parties involved in the communication and to validate the information being transferred.
The Health Insurance Portability and Accountability Act of 1996 is a United States Act of Congress enacted by the 104th United States Congress and signed into law by President Bill Clinton on August 21, 1996. It aimed to alter the transfer of healthcare information, stipulated the guidelines by which personally identifiable information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and addressed some limitations on healthcare insurance coverage. It generally prohibits healthcare providers and businesses called covered entities from disclosing protected information to anyone other than a patient and the patient's authorized representatives without their consent. The bill does not restrict patients from receiving information about themselves. Furthermore, it does not prohibit patients from voluntarily sharing their health information however they choose, nor does it require confidentiality where a patient discloses medical information to family members, friends or other individuals not employees of a covered entity.
An information security audit is an audit of the level of information security in an organization. It is an independent review and examination of system records, activities, and related documents. These audits are intended to improve the level of information security, avoid improper information security designs, and optimize the efficiency of the security safeguards and security processes. Within the broad scope of auditing information security there are multiple types of audits, multiple objectives for different audits, etc. Most commonly the controls being audited can be categorized as technical, physical and administrative. Auditing information security covers topics from auditing the physical security of data centers to auditing the logical security of databases, and highlights key components to look for and different methods for auditing these areas.
Clinical audit is a process that has been defined as a quality improvement process that seeks to improve patient care and outcomes through systematic review of care against explicit criteria and the implementation of change
Continuity of Care Record (CCR) is a health record standard specification developed jointly by ASTM International, the Massachusetts Medical Society (MMS), the Healthcare Information and Management Systems Society (HIMSS), the American Academy of Family Physicians (AAFP), the American Academy of Pediatrics (AAP), and other health informatics vendors.
A hardware security module (HSM) is a physical computing device that safeguards and manages secrets, performs encryption and decryption functions for digital signatures, strong authentication and other cryptographic functions. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server. A hardware security module contains one or more secure cryptoprocessor chips.
The European Institute for Health Records or EuroRec Institute is a non-profit organization founded in 2002 as part of the ProRec initiative. On 13 May 2003, the institute was established as a non-profit organization under French law. Current President of EuroRec is Prof. Dipak Kalra. The institute is involved in the promotion of high quality Electronic Health Record systems in the European Union. One of the main missions of the institute is to support, as the European authorised certification body, EHRs certification development, testing and assessment by defining functional and other criteria.
A payment card number, primary account number (PAN), or simply a card number, is the card identifier found on payment cards, such as credit cards and debit cards, as well as stored-value cards, gift cards and other similar cards. In some situations the card number is referred to as a bank card number. The card number is primarily a card identifier and may not directly identify the bank account number/s to which the card is/are linked by the issuing entity. The card number prefix identifies the issuer of the card, and the digits that follow are used by the issuing entity to identify the cardholder as a customer and which is then associated by the issuing entity with the customer's designated bank accounts. In the case of stored-value type cards, the association with a particular customer is only made if the prepaid card is reloadable. Card numbers are allocated in accordance with ISO/IEC 7812. The card number is typically embossed on the front of a payment card, and is encoded on the magnetic stripe and chip, but may also be imprinted on the back of the card.
The Continuity of Care Document (CCD) specification is an XML-based markup standard intended to specify the encoding, structure, and semantics of a patient summary clinical document for exchange.
Cloud computing security or, more simply, cloud security, refers to a broad set of policies, technologies, applications, and controls utilized to protect virtualized IP, data, applications, services, and the associated infrastructure of cloud computing. It is a sub-domain of computer security, network security, and, more broadly, information security.
ISO 9564 is an international standard for personal identification number (PIN) management and security in financial services.
Barcode technology in healthcare is the use of optical machine-readable representation of data in a hospital or healthcare setting.
Medical device connectivity is the establishment and maintenance of a connection through which data is transferred between a medical device, such as a patient monitor, and an information system. The term is used interchangeably with biomedical device connectivity or biomedical device integration. By eliminating the need for manual data entry, potential benefits include faster and more frequent data updates, diminished human error, and improved workflow efficiency.
Cross-domain interoperability exists when organizations or systems from different domains interact in information exchange, services, and/or goods to achieve their own or common goals. Interoperability is the method of systems working together (inter-operate). A domain in this instance is a community with its related infrastructure, bound by common purpose and interests, with consistent mutual interactions or rules of engagement that is separable from other communities by social, technical, linguistic, professional, legal or sovereignty related boundaries. The capability of cross-domain interoperability is becoming increasingly important as business and government operations become more global and interdependent. Cross-domain interoperability enables synergy, extends product utility and enables users to be more effective and successful within their own domains and the combined effort.
DNA encryption is the process of hiding or perplexing genetic information by a computational method in order to improve genetic privacy in DNA sequencing processes. The human genome is complex and long, but it is very possible to interpret important, and identifying, information from smaller variabilities, rather than reading the entire genome. A whole human genome is a string of 3.2 billion base paired nucleotides, the building blocks of life, but between individuals the genetic variation differs only by 0.5%, an important 0.5% that accounts for all of human diversity, the pathology of different diseases, and ancestral story. Emerging strategies incorporate different methods, such as randomization algorithms and cryptographic approaches, to de-identify the genetic sequence from the individual, and fundamentally, isolate only the necessary information while protecting the rest of the genome from unnecessary inquiry. The priority now is to ascertain which methods are robust, and how policy should ensure the ongoing protection of genetic privacy.
My Health Record (MHR) is the national digital health record platform for Australia, and is managed by the Australian Digital Health Agency. It was originally established as the Personally Controlled Electronic Health Record (PCEHR), a shared electronic health summary set up by the Australian government with implementation overseen by the National Electronic Health Transition Authority (NEHTA). The purpose of the MHR is to provide a secure electronic summary of people's medical history which will eventually include information such as current medications, adverse drug reactions, allergies and immunisation history in an easily accessible format. This MHR is stored in a network of connected systems with the ability to improve the sharing of information amongst health care providers to improve patient outcomes no matter where in Australia a patient presents for treatment. PCEHR was an opt-in system with a unique individual healthcare identifier (IHI) being assigned to participants and the option of masking and limiting information available for viewing controlled by the patient or a nominated representative; MHR uses an opt-out system.
