This document was prepared in an effort to provide the Standard Development Organisation (SDO) membership, work group participants, as well as the public at large with a consistent set of definitions for terms related to the security of healthcare information. As many of the terms are integrally related, an introduction has been prepared to provide context to the terms in the glossary, to demonstrate the interrelationships among certain key terms, and to guide the user in interpreting terms used in the definitions. As in all language, which is contextually rich and complex, there may be several terms, which technically may carry variations in meanings but which are often used synonymously. Every effort has also been made to being sensitive to the politically correct usage of terms.
While there are annotations provided for all terms in the glossary, the actual definitions provided are not necessarily reported verbatim from the references annotated, but rather some have been interpreted for the context of health information. Experts involved in the project performed the editing based on personal experience and usage of the terms. In this way, the definitions of the terms both "fit" the purpose intended and are readable by both technically knowledgeable as well as lay individuals who may chose to refer to this work. Where several references differed on the semantic meaning of terms, both references have been included for completeness and clarity.
Security mechanisms are important in any environment where confidential health information is maintained. Security becomes even more important as electronic systems are implemented and components of Clinical Patient Records and Clinical Data Repository and Warehouses become connected for exchanging information across locations and contribute to continuity of patient care.
For example, a patient may have been born in one hospital, transferred to a neonatal intensive care unit of another hospital, returned home with home care and telemedicine consultations, and later moved to a new location and another provider who needs to understand the nature of the patient's chronic condition. A CPR system would contain the functionality to identify the various locations of health information, and, with the patient's consent, permit access to specific information to authorised users. The locations and nature of information contained in the respective CPRs must never be accessible to anyone without patient authorisation and legitimate need for the information.
In order for specific health information to be available when needed, there must be both provisions for access and security measures to control that only authorised individuals or entities obtain the information. A primary function of a CPR system is to provide the security, which ensures confidentiality of private health information that has been disclosed to a caregiver. Security systems also protect the integrity of that data.
Privacy, confidentiality, and security are integrally related concepts. Privacy refers to the right of individuals to keep information about themselves from being disclosed to anyone. However, once information is disclosed, such as for the purpose of obtaining healthcare, the obligation of the second party not to permit access to the information without proper authorisation and authentication is referred to as confidentiality. When private information is maintained in files (computer or paper), security is the means to control access and protect information from accidental or intentional disclosure to unauthorised persons and from alteration, destruction, or loss.
Some comments regarding terms used in context of glossary are made in the following:
Many terms are associated with health information (e.g., data, information, and knowledge) and their compilation and use in an electronic environment (e.g., computer-based patient record, automated record of care). Many terms are also associated with those who both receive healthcare (e.g., consumer, patient, client, and person) and provide healthcare (e.g., provider, caregiver, clinician, doctor, nurse, and hospital). While there are differences among these terms, some terms are used synonymously and some terms have more politically correct usage. Finally, there are many new concepts associated with computer-based patient records for which terms may not have been agreed upon. This is especially true in discussing data which can be identified with a patient ("personally identified data") and data which have been stripped of information which can provide information about a patient's identity ("reidentifyable data") but may still identify a patient for linkage purposes.
Data, information, and knowledge form a continuum. Technically, "data" refers to a sequence of symbols to which meaning may be assigned. Data are raw facts. When data are processed to provide greater meaning or usefulness, the processed data are referred to as "information." An individual data element (such as results of a blood test) may not provide information because it is not associated with other data that makes the data useful (e.g., the results of the blood test combined with other data may yield the interpretation that the patient has hyponatremia). Practically, the term data is often used synonymously with the term information. Though defined separately, data and information will be used as synonyms in defining other terms in this glossary. "Knowledge" generally means the understanding imparted from a sum of information. (The conclusion that the patient has hyponatremia results from knowledge gleaned from textbooks and experts' summary of findings that hyponatremia is associated with a worsening prognosis in patients with small cell lung cancer.)
Every person has an associated health status at all times, but information about such health status is generally not recorded continuously except for the purpose of providing care. The nature of the computer-based patient record described in this document refers to information about a person's health status and healthcare as related to specific services designed to diagnose and treat illness and injury as well as maintain health and promote wellness. When a person receives such healthcare services they may be considered "patients" (of hospitals or doctors), "clients" (of healthcare programs), "residents" (of long term care facilities), etc. While every effort is made in this glossary to refer to "healthcare recipient," individual receiving healthcare, or person, the more familiar term "patient" may also be used to refer to all who may be receiving any healthcare services.
Healthcare services are provided collectively by organisations and individually by physicians, nurses, therapists and others. Sometimes the term "provider" is used in a restricted sense to refer to an organisation or individual receiving direct reimbursement for healthcare services. As this is generally limited to hospitals, other healthcare organisations, and physicians, it does not include an entire cadre of others who provide healthcare services such as nurses and therapists. "Caregiver" is a term that may be more encompassing when referring to people who provide healthcare services and may have access to confidential health information about an individual. Healthcare services associated with diagnosing and treating illness and injury, maintaining health, and promoting wellness may collectively be referred to as "healthcare" or "clinical" services; the term "medical" generally considered to be restricted to care provided by physicians.
Finally, "identity" and "identification" are important concepts when considering the many uses of health information. Standard dictionaries define identification as evidence of identity, and define identity as the distinguishing characteristics of an individual. There is a subtle but very important difference between these two concepts. When direct patient care is provided, the caregiver generally knows the identity of the individual and identifying information such as name, address, birth date, etc. serve to identify the identity of the individual. (If the individual assumes a disguise, an alias will identify the person without revealing the identity of the person.) In healthcare research, it is often important to know that disparate information belongs to the same individual without needing to know the identity of the individual. A common identifier may be assigned to information to ensure that one set of information can be linked with another set of information, but neither set of information can necessarily be linked to the individual.