So many new terms are being used in discussions of health information technology. Here, we help sort out what the terms actually mean.


A process or set of rules to follow in calculations or other problem solving, typically in computing.


Algorithmovigilance refers to scientific methods and activities relating to the evaluation, monitoring, understanding and prevention of adverse effects of algorithms in health care. It is a term coined by physician Peter Embi, president and CEO of the Regenstrief Institute and associate dean for informatics and health services research at the Indiana University School of Medicine.

Artificial intelligence has the potential to help transform medical decision-making and treatment, but its algorithms must be thoroughly tested and continuously monitored to avoid unintended consequences or harms to patients, Embi wrote in a recent commentary in JAMA Network Open

Algorithmic performance changes as it is deployed with different data, settings, and times, Embi wrote. How algorithms are used also involves human-computer interactions that add another level of variation and complexity that can change an algorithm’s performance or how its outputs are interpreted by different users, he said. 

Application Programming Interfaces (APIs)

APIs are systems of tools and resources in an operating system that enable developers to create software applications. So-called “open APIs“ – where specifications are available for outside programmers to build upon – are considered important for the growth of interoperable health information technology and new innovations.

APIs are important in health IT because they allow programmers to access key data from other sources and integrate that data into their own applications. Think of an API as a conduit that allows program creators to “grab“ data sources. A good example of consumer API use is a smartphone weather app, which takes data from other sources and organizes it so you know whether you'll need sunscreen or a snow shovel.

APIs have the potential to improve interoperability and patient access to their own data. APIs can also help create more useful resources on patient care.

Artificial Intelligence (AI)

AI is the ability of a computer or robot controlled by a computer to perform tasks usually done by intelligent beings. Sophisticated machine learning is already being applied to health care and this trend is expected to accelerate in the coming years.

Augmented reality

Augmented reality (AR) is an interactive experience of an immersive, simulated real-world environment in which objects that reside in the real world are enhanced by computer-generated information to impact the senses of sight, hearing, touch, or smell. AR requires technology components such as a processor, display, and sensors. AR can be accessed using a smartphone, tablet computer, special headset or other technologies.

This differs slightly from virtual reality. In virtual reality, a user’s perception of reality is based completely on virtual information. But in augmented reality, a user is provided with additional computer-generated information to enhance their perception of reality.

Uses of AR in medicine include: smart glasses that allow surgeons to see high-resolution, 3D representations of their patients’ anatomy (akin to X-ray vision); enhanced viewing of a fetus inside a mother’s womb; and a near-infrared vein finder that films veins under the skin and projects the image onto the skin to help with blood draws or placement of intravenous catheters, etc.

Augmented video analysis

The application of artificial intelligence to video recordings made in hospital patient rooms to help health care staff better understand alarms related to movement in those rooms. This can detect elopement (wandering) or fall risk, missed meals or medication, as well as any equipment tampering by patients or their visitors.

Automatic speech recognition (ASR)

Also known as voice recognition technology, ASR allows a person to converse with computers using normal speech and be reasonably understood and receive a response. That response might be an answer to a question, a correct prompt or by transcribing the user’s speech into readable text in real time.

ASR is made possible through natural language processing (the capability of computers to understand human language) and is used every day in the form of Google's Siri and Amazon's Alexa, for example. ASR is also used in simpler formats called directed dialogue, the best example being automated phone trees for customer service needs of banking, airlines, health care and other sectors.  

ASR has a lot of potential in health care. It could be used for remote patient monitoring, for instance, or to conduct pre-appointment information gathering.

Best practice alert (BPA)

A programmed notification in an electronic health record (EHR) that occurs at a specific point in patient charting or documentation. BPAs remind clinicians of best practices they should follow in clinical decision-making. Some BPAs have a “hard stop,” meaning that the clinician must adhere to the alert before closing the patient’s EHR or moving onto the next task.

Big data

Big data is a massive volume of data – both structured and unstructured – that is too large to be processed using traditional software and database techniques. Big data is important to health care because huge amounts of data are being generated through electronic health records, wearables, public health departments, clinical studies and other sources. Collectively, this information could be used to improve disease prevention and treatment. Tech companies are developing platforms to harness this data and make it actionable to health care providers and health officials.


Unique physical characteristics such as fingerprints, voice recognition or iris scans that can be used for automated recognition of people. This is typically for the purposes of security.


Most commonly associated with digital currency such as Bitcoin, blockchain is a data structure that can be timed-stamped and signed using a private key to prevent tampering. Some view blockchain as an important development in health IT to combat cybersecurity threats and advance the free and secure exchange of health information.

Brain-computer interface (BCI)

BCI is a technology system that collects and interprets brain signals, and transmits them to a connected machine—such as a computer or robotic limb—that outputs the commands. BCIs can be directed at researching, augmenting or repairing human cognitive or sensory-motor functions. There are several types of BCIs, ranging from noninvasive (such as using MRI or electroencephalogram) to invasive (such as when a microelectrode array is implanted in the brain to transmit signals wirelessly or through a transmitter worn at the top of head).

Researchers spoke at Health Journalism 2022 about BCI projects to restore communication, mobility and independence for people with neurologic disease, injury or limb loss. Examples are using BCIs to operate a prosthetic limb, move a computer cursor, type messages, or select music or videos via a computer. Brain-controlled robots that attach a laptop or computer monitor to a base on wheels could enable homebound individuals to virtually visit other locations.

Certified Health IT

Certified health IT includes products, programs or systems that meet standards set by the federal government on their security, privacy, usability and interoperability. The Office of the National Coordinator for Health Information Technology (ONC), a division of the U.S. Health and Human Services Department (HHS), oversees health IT certification. Certified health IT participation is voluntary but providers are required to use certified health IT products and systems to participate in Meaningful Use and other federal electronic health record adoption programs.


A computer program that conducts a conversation via text or auditory program. Chatbots are often used in customer service, and increasingly in health care. Chatbots are also known as virtual assistants or virtual agents.

Clinical decision support (CDS)

Computer programs and tools to assist physicians and other health professionals with care decisions. CDS uses databases of signs and symptoms as well as best practices and current research findings to advise clinicians in care choices, with the goal of improving patient safety and quality, and, therefore, outcomes. Some aspects of CDS have gotten a bad rap, most notably alerts and notifications that are too frequent and create clinician “alert fatigue.”

There is not a one-size-fits-all approach to CDS systems. They can include order sets, drug interactions, care plans and protocols, critiques, alerts and other warnings, predictive analytics and relevant data summaries for patients.

Clinical documentation improvement (CDI)

A specialty that involves creating and administering accurate, timely health care records to ensure improved patient outcomes, data quality and accurate reimbursement. Some health care facilities employ CDI specialists to ensure each patient’s clinical documentation is comprehensive and up to date.

Cloud platform

Many hospitals have health IT systems, including electronic health records (EHRs), that are on the premises or client server, meaning that these are maintained by the health system. But increasingly, health care is following other sectors of the economy into the cloud.

A cloud platform provides an on-demand computer system environment for software applications that is administered by a vendor offsite. Ideally, this platform is unified to deliver seamless functionality and more streamlined and efficient processes and data management. A cloud platform means that users don’t need to switch between applications – and systems and passwords – for greater usability. It also means data from various functions can be more easily organized and integrated for analytical purposes.

Cognitive computing

Cognitive computing is the simulation of human thought process in a computerized model. Cognitive computing is used in artificial intelligence (AI) applications such as robotics and virtual reality. It essentially harnesses big data, cloud computing, pattern recognition and natural language processing to mimic how the human brain processes information.

IBM Watson is probably the most well-known example of cognitive computing (it famously won the game show “Jeopardy“ in 2011). Cognitive computing in health care is expected to take off in the next few years. One example is IBM Watson for Oncology, which was created with Memorial Sloan Kettering Cancer Center in New York to help cancer specialists make more informed treatment decisions. The program analyzes a patient’s personal medical data against huge data troves and expertise to offer evidence-based treatment options to individual patients. Some see promise in cognitive computing as a way to solve entrenched problems in health care, from health disparities to physician burnout.

Comprehensive health record (CHR)

As the thinking and research around the social determinants of health evolves, some powerful people in health care think the terminology around electronic data should too. A CHR could include information about a patient's housing status, transportation access and food security, for instance. It could also bring in data gathered from wearable devices such as heart rate, exercise patterns and sleep.

Connected devices/smart devices

Any physical device that is embedded with sensors or network connectivity, enabling that device to “talk“ to other devices.


A cyberattack is an attempt by hackers to gain illegal access to a computer or computer network for the purpose of causing damage or harm. Hospitals, health care systems, and others in the industry are increasingly concerned about the potential of cyberattacks due to the increase in employees working at home as well as an increased use of health care devices that are connected to hospital records systems.

There are several types of cyberattacks. Malware is malicious software such as spyware, ransomware, viruses and worms. These look for vulnerabilities to breach networks, like if a user clicks on a dangerous link or email attachment that then installs risky software. Once installed, malware can block access to component of the network, render certain components inoperable, or secretly transmit data from the hard drive.

Phishing is the practice of sending fraudulent communications, usually through email, that appear to come from a legitimate source. The goal is to steal data like credit card or login information and install malware on a victim’s machine. Man-in-the-middle attacks are when attackers insert themselves into a two-party transaction to filter and steal data. For more information, see

Data lake

A term for storage of data information by hospitals, health systems and other organizations.

Deeper dive: Data lakes are distributed storage and processing in mostly cloud-based systems. Data lakes use flat architecture to store data while data warehouses use hierarchical files and folders. Think of data pouring into a lake in unstructured format, stored there, and then only structured or sorted when the information is retrieved.

Data stewardship

The responsibilities of collecting, managing, viewing, storing, sharing and otherwise using patient health information. Hospitals, health systems, payers, government entities and others are trusted with data stewardship of patient information.

Deeper dive: Data stewardship includes all aspects of data: creating it, storing it, archiving it, etc. It encompasses knowing what data an organization possesses, understanding where it is located, ensuring it’s accessible and safe, enforcing rules and regulations on how it can be used, and helping the organization make the most of its data for research, patient care, etc.

Deep learning

A subset of Artificial Intelligence (AI) where computer networks are able to learn from data that is unstructured. Deep learning happens when a computer system uses mathematical algorithms to analyze data independently to achieve results.

Deeper dive: Deep learning computer systems look for patterns in the data and learn to recognize these patterns to draw certain conclusions. Deep learning is being studied for practical health care applications, such as interpreting medical imaging scans to detect cancer. Also important are the ethical implications and potential downsides to using machines to conduct analysis traditionally done by humans. Deep learning is an exciting field right now, and holds enormous potential to alter health care diagnosis, treatment and workflows. A Health Journalism 2018 panel explored the implications of deep learning on health care.

Digital health equity

Using digital health tools to help make health care more accessible and affordable for everyone.

Deeper dive: With digital health equity, everyone, regardless of social, economic, demographic or geographic differences, should have equal access to digital health resources and should achieve equal health outcomes through the use of these tools.

The term emerged from a renewed focus on health equity occurring during a time of rapid digital transformation of the health care system, which provides an opportunity to address many core health equity challenges, according to an October 2021 commentary in the Journal of the American Medical Association. Digital health tools to augment in-person care such as telehealth and remote care management have the potential to address structural challenges for marginalized populations, authors wrote, including lowering access barriers of time and distance, and providing tailored communication through appropriate language and literacy.

Digital redlining

The practice of creating and perpetuating inequities between already marginalized groups, specifically through the use of digital technologies and content, and the internet.

Deeper dive: The Robert Wood Johnson Foundation defines this as “major network providers systematically excluding low-income neighborhoods from broadband service, deploying only sub-standard, low-speed home internet.” Privacy scholar Chris Gilliard, a professor at Macomb Community College in Michigan, defines this as “the creation and maintenance of tech practices, policies, pedagogies, and investment decisions that enforce class boundaries and discriminate against specific groups.”

The concept can be considered a modern extension of the practice of redlining in housing discrimination, in which red lines were drawn on maps to indicate poor, primarily underserved neighborhoods often due to race or ethnicity deemed unsuitable for loans or further development. The digital divide is seen as one impact of digital redlining.

Digital therapeutics

An emerging, rapidly evolving sector of the digital health market that uses data analytics, machine learning and artificial intelligence to help patients with behavior change.

Deeper dive: Digital therapeutics is considered by some to be promising as a complement – or even replacement - to drug and medical device therapeutics in patient care. The idea is for machines to support physicians, nurses, care coordinators, health coaches and physical therapists to practice at the top of their licenses by conducting routine and remote monitoring and coordination of a patient's prescribed treatment. Some in Silicon Valley are betting that digital therapeutics can be just as or more effective than some medicines in treating common conditions. For instance, a digital therapeutic application could help a patient with insomnia develop better sleep habits and behavior modifications instead of relying on sleeping pills.

In September 2017, Pear Therapeutics gained Food and Drug Administration approval for the marketing of its mobile application called Reset to help treat substance abuse disorder. Reset is one of the first FDA-approved digital therapeutic applications. Its approval was based on the results of a 12-week clinical trial of nearly 400 patients.

Digital twin

A digital twin is a virtual representation of an object or system that spans its lifecycle. It is updated from real-time data and uses simulation, machine learning and reasoning to aid in decision-making.

Deeper dive: In health care, digital twins are able to provide a secure environment for testing the impact of changes on the performance of a system. For example, digital twin technology can be used to model an individual’s genomic makeup, physiological characteristics and lifestyle to create personalized medicine. It also can be used to create a replica of a hospital, to study operational strategies, capacities, staffing and care models to determine what actions to take. Virtual models could assist in bed shortages, for example, or spreading of germs or staff or operating room schedules. This can help optimize patient care, cost and performance.

For more information and a video example, see


Medical devices that use electrical impulses to provide therapy such as pain control.

Deeper dive: Tiny electrode devices implanted into the body can alter the typical impulses that travel along the nerves and spinal cord that send messages to the brain. Some uses of the devices include for headaches, abdominal pain and cervical and back pain. Such electrical stimulation therapy has been gaining momentum as some researchers believe that it could prove to be more efficient than medication therapy.

Electronic health record (EHR)

Also known as an electronic medical records (EMR), this is a digital record of a patient’s medical information and health history, often now integrated with doctor’s notes, test results, etc.

Deeper dive: EHRs can include information from inpatient stays, outpatient visits, operations, diagnoses, allergies, radiology images, prescribed medications and immunizations. They are supposed to be instantly available in a secure format to all providers authorized to access it, and increasingly, to patients. EHRs also allow access to evidence-based databases and other tools to help providers make care decisions. Some concerns about EHRs include providers having a large documentation burden, the potential for hacking and privacy breaches, and in some cases, a lack of interoperability of EHR systems, so experts may not be easily able to review information for a patient moving from one hospital to another.


The process of converting information or data into a code, particularly to prevent unauthorized access.

Encryption is an important privacy tool for sending sensitive, confidential or personal information via the internet. It scrambles readable text into an unreadable format. When the intended recipient accesses the message, the information is translated back to its original form, a process called decryption. Encryption is becoming increasingly important to protect health information in a world where hackers are going after hospitals.


Software, diagnostics or products and services that use technology to support women’s health. This could include mobile applications for tracking fertility or menstrual periods, for example.

With the overturn of Roe v. Wade, some people have become concerned about the safety or privacy of using femtech. Period-tracking apps do not fall under federal privacy protections like the Health Insurance Portability and Accountability Act of 1996 (HIPAA), noted in an article by the Rewire News Group. These apps can share any data they collect, provided they state this in their privacy disclosures. Law enforcement also could get access to data from data brokers downstream. Some apps allow users to store data on their phones rather than in the cloud, which could be safer, but won’t necessarily protect them in the face of a search warrant, Wired magazine reported.

Nearly half of 20 popular period-tracking apps used or shared data for third-party advertising, according to an analysis by cybersecurity and virtual private network company Surfshark, reported in Mobihealthnews. Deleting tracking apps alone does not necessarily remove the information recorded. Users also must contact the companies and request that their already-recorded data be deleted.


An interdisciplinary field of scientific research combining gerontology (the study of aging) with technology. Gerontechnologists create technology to transform the lives of older people. This includes assistive technologies to support independent living and social participation.

Deeper dive: Many older adults and their caregivers rely on technology to help them age in place. From Alexa-type devices to online grocery delivery to artificially intelligent sensors that monitor frailty, there’s no doubt that the right devices used correctly can increase safety and peace of mind for both elders and their caregivers. With the population of people over age 60 growing and the number of caregivers shrinking, age tech—digital technology built around the needs and wants of older adults—is becoming a booming industry. The age tech market is supposed to reach $2 trillion, according to The Gerontologist’s 2021 Age Tech Market Map.

Health Information Exchange (HIE) 

Health information exchange is the action of sharing relevant health information electronically among trusted clinical partners regardless of physical location. The information sharing can be about a single patient to enhance the care of that patient. Or, the information can be about a group of patients for the purposes of public health tracking and improvement.

For providers who have already adopted electronic health records, HIE enables them to share EHRs and “talk” to one another over a secure network that protects patient privacy and data integrity. However, HIE can happen with paper records as well. HIE can help with a broad array of care quality and provider workflow concerns, including referrals and discharges; lab and radiology orders and results; redundant testing; medication management; analytics and reporting to health agencies; chronic disease management; and paperwork. HIE can also help patient engagement and patient satisfaction.

The federal meaningful use program incorporates HIE, requiring providers to engage in some HIE as part of Stage 2 certification. Stage 3 of meaningful use requires even more robust HIE capabilities. A list of HIEs that have received federal funding can be found on an AHCJ HIE tipsheet.


The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a law intended to make it easier for people to keep their health insurance when they change jobs. The law set standards for the electronic exchange of patient information, including protecting the privacy of such records. The U.S. Department of Health and Human Services issued a Privacy Rule to implement that aspect of the law, and its Office of Civil Rights is in charge of enforcing it. Essentially, HIPAA requires covered entities to keep private protected health information, or PHI.

For more information on HIPAA, see this AHCJ tipsheet.


ICD, the International Classification of Diseases, 10th revision, is a set of codes used by providers in clinical settings to classify procedures, diseases, injuries and encounters in health care settings for billing purposes. They determine how much providers get paid for each patient encounter, and they also help track the incidence of conditions (such as cancer and sepsis) at health facilities.

The update to ICD-10 was made Oct. 1, 2015, by the federal government. The previous ICD-9 codes were more than 30 years old and had become outdated. There are 68,000 ICD-10 codes (vs. 14,000 ICD-9 codes), and the code format has been extended, providing more specific information on the patient’s diagnosis. The switch to ICD-10 aims to provide better data on health care utilization and patient care quality. For more information, see the CMS website.


Health informatics is the interdisciplinary study of the design, development, adoption and application of information technology-based innovations in health care services delivery, management and planning.

Informatics can include human interface design, data mining, cognitive sciences, decision support, databases and algorithms. Health informatics professionals typically have backgrounds in both computer and biomedical sciences.

Information blocking

Information blocking is a practice by a health provider or IT vendor, for example, willingly or knowingly interferes or “blocks" the access, exchange or use of electronic health information.

Although patients have always had the right to see their medical records under the Health Insurance Portability and Accountability Act (HIPAA), providers had 60 days to get to them, and could delay for another 30 days. A federal information blocking rule that went into effect April 5, 2021, allows anyone who provides health care to release electronic health records in various forms including consultation notes, discharge summary notes, medical history and physical information, imaging narratives, laboratory and pathology reports, and procedure and progress notes.

There are eight allowable exceptions, including cases where health information can be temporarily taken offline while computer systems are updated. Clinicians also can safeguard health information related to specific security risks. Psychotherapy notes as recorded by mental health professionals, and information compiled in anticipation of a civil, criminal or administrative action or proceeding, can be separated from the rest of an individual’s medical record.

For more information, see these AHCJ blog posts: Federal information blocking rule: What health care journalists need to know, and New federal mandate should allow freer flow of medical information. The Open Notes website also has good resources.

Internet of Things (IoT)

The internetworking of physical devices, including household appliances, cars and buildings that are embedded with sensors and network connectivity. These devices are also known as “connected devices“ or “smart devices." In health care, the Internet of Things can include implanted medical devices and home monitoring systems, for instance.

The expansion of networked devices is expected to generate data collection from previously unavailable sources on people's health and habits. IoT health has the potential to create a pervasive environment for monitoring patient health and safety, as well as improving how physicians deliver care, according to the National Institute of Standards and Technology (NIST). It also can boost patient engagement by allowing people to spend more time in the comfort of their own homes and interact with care centers when needed.


Interoperability describes the extent to which systems and devices can exchange data, and interpret that shared data. For systems to be interoperable, they must be able to exchange data and subsequently present that data so it is understood by users.

Interoperability is important because without it, health information would be “siloed” or potentially walled off from being usable and meaningful to providers and patients. In an era where improved coordinated care is becoming more important, interoperability will play a leading role. For more on interoperability, see the Office of the National Coordinator for Health IT’s website.

Machine learning

The science of teaching computers to learn on their own without being programmed to perform specific tasks. Machine learning incorporates artificial intelligence and big data so computers can synthesize information and draw informed conclusions.

Machine learning in health care is becoming used more widely, helping clinicians make diagnoses. For example, machine learning programs can review imaging scans or electronic record data to identify patterns or help identify abnormalities that need addressing. It also can be used to help personalize treatment for patients, using a person’s characteristics and accumulated data from other similar patients to suggest methods of treatment for cancer or other conditions.


The metaverse is a shared virtual environment that people can access through the Internet. It combines aspects of social media, online gaming, augmented and virtual reality, cryptocurrencies and more to allow users to interact virtually but feel more engaged than a typical video meeting. People would be able to try on clothing from stores, for example, or attend concerts with friends in the metaverse just as in person.

Awareness of the term surged in the fall of 2021, when Facebook rebranded itself as “Meta” and founder/CEO Mark Zuckerberg said he believed the metaverse is the next chapter for the Internet, according to Merriam-Webster.

While still in its infancy, the metaverse has several potential applications in health care. This includes items like simulation training, where medical trainees could get an up-close view of a surgeon’s procedure, enhanced with tactile controls that would give them a sense of touch, or interactive training modules where learners could go within the human body to study a patient’s medical problem. An article by the Acceleration Economy Network has more information.

Mobile health (mhealth)

This refers to health services supported by mobile devices. The emergence of low-cost smartphones and tablets and the proliferation of health-related apps (over 318,000 to date, according to IQVIA) caused the explosion of the mhealth sector in just the past few years.

Mhealth is based on the premise of 'care anywhere' and can include consumer health information, diagnostics, fitness support, remote patient monitoring, video services and text messaging. Over 3 million people in the U.S. reported using a health or fitness app monthly in 2020. Nearly three in 10 adults ages 50-80 said they currently use at least one mobile health app, according to the University of Michigan’s 2021 National Poll on Healthy Aging.

Most mobile health apps are not subject to U.S. Food and Drug Administration (FDA) regulations, per guidance issued by the agency in 2015. The Federal Trade Commission (FTC) has an interactive tool to guide health app developers on regulations that might apply to their products. These include federal consumer and patient privacy laws.

Natural language processing (NLP)

Natural language processing is the capability of computers to understand human language. If you've ever gotten into an automated phone tree and heard, “I'm sorry, I didn't get that“ in response to something you said into the phone, then you've come up against the limits of natural language processing. Alexa and Siri are popular consumer voice-activated NLPs on the market today. NLP is being applied to health care with limited success so far but this sector is expected to grow. It could, for instance, reduce clerical duties associated with inputting information into electronic health records.

Net neutrality

Net neutrality protects equal treatment of all data that travels over internet networks fairly, with no discrimination and no blocking of any legal material. These networks over which information travels are controlled by internet service providers (ISPs) such as Comcast and Verizon.

Net neutrality is considered vital to protect an open internet. It has faced many threats over the years. Any weakening of net neutrality has implications for health care and for journalists, according to a 2017 AHCJ blog post. As health care becomes more connected, an open, neutral internet ensures that there's no surcharges or slow lanes for telehealth, home monitoring devices or even inpatient connected devices. For journalists, net neutrality ensures that all internet users have access to all content equally, whether they come from tiny blogs or from media or industry giants.

Note bloat

Patient progress notes have become long and overwrought due to cut-and-paste functions and expandable templates in electronic health records (EHRs), leading to “note bloat." The effort needed to read and sift through long progress notes in the EHR has been cited as a cause of stress and burnout among clinicians in multiple studies.

Some organizations are attempting to reduce note bloat. The American Medical Informatics Association (AMIA), in a letter to federal health regulators in January 2019, recommended decoupling clinical documentation from billing to reduce IT-related clinician burdens.


OpenNotes is an international movement that advocates for transparent communication in health care and studies the effects of shared notes in patients’ records, otherwise known as open notes.

OpenNotes started back in 2010 as a year-long pilot program with over 100 primary care physicians and more than 13,500 patients at three health centers. Providers invited patients to read their medical visit notes through a secure online patient portal. Findings of that demonstration indicated that patient access to provider notes improves communication, patient safety and engagement and strengthens the doctor-patient relationship. The movement grew from there.

Federal law that went into effect in April 2021 requires health care providers to give patients access to all of the health information in their electronic medical records without delay or fees. Starting on October 6, 2022, the definition of electronic health information in the 21st Century Cures Act will expand to include all electronic protected health information (ePHI) that a patient has a right to access under the Health Insurance Portability and Accountability Act (HIPAA). This includes medical and billing records; payment and claims adjudication; and case or medical management record systems.

For more information, see the OpenNotes website.

Patient matching

An umbrella term used to describe the processes involved in correctly identifying a patient and linking that patient’s electronic medical records within and across systems.

Several efforts have been made to improve patient matching. One launched in 2021 called Project US@, led by the Office of the National Coordinator for Health Information Technology (ONC), is aiming to streamline collection of patient mailing addresses as a means to improve patient matching. The first technical specifications for this and a companion guide for health care professionals, were released in January 2022. A second version with enhancements accounting for patients who live in very rural areas, and members of the military, is expected to be released in 2023.

Patient registry

A computer database of confidential patient information, usually on a specific disease or condition, used to conduct population health management. Many hospitals have patient registries, also known as disease registries, for depression, hypertension and diabetes, for instance.

Population health management

This is the aggregation of patient data across multiple health IT resources, analyzing that data, and using that data to improve outcomes and better track the health of communities and specific populations. Population health management is mainstream thanks to widespread adoption of electronic health records and using those records to create actionable databases and disease registries, which group patients by disease states such as diabetes, hypertension, HIV/AIDS and depression.

Population health management can help providers identify high-risk and frequent users of hospital resources, like emergency departments, who may need special outreach and management. It also can track rates and test interventions for community public health concerns including annual flu vaccines and tobacco cessation. The federal government encourages population health management through its Shared Savings Program, state Medicaid waivers and the Medicare Advantage program.

Population health management can reduce health care costs by moving interventions “upstream“ to reach patients in more individualized ways before they end up seeking care in more acute (and costly) settings. It operates in concert with patient-centered medical homes, where primary care providers use a team-based approach to improve care coordination, patient engagement and quality and safety.

Portal/patient portal

An access point to an online system. The word “portal“ is frequently used by hospitals and insurers as shorthand for their “patient portal“ – a website where patients can access their information, email their physician, check lab results, manage prescriptions and make appointments securely.


A “lure” that entices an unwitting user to grant a thief remote access to proprietary data. For instance, a victim will click on a link in an email from someone they think is a trusted source, opening an access door to their computer. Phishing is a way for criminals to infect a computer with ransomware.

Predictive analytics

Predictive analytics is the branch of advanced analytics, and is used to make predictions about future events. Predictive analytics applies data mining, statistics, modeling, machine learning and artificial intelligence to analyze available data to make predictions about the future. Predictive analytics can be a tool in population health management to intervene in patient health to improve outcomes.

Prescription drug monitoring program (PDMP)

A state-run electronic database used to track patient prescriptions of controlled substances, especially opioids. Physicians and pharmacists (and sometimes law enforcement) can access information provided in these databases to view patient past history of prescriptions. PDMPs are a promising tool in fighting opioid abuse.

Protected Health Information (PHI)

This term, first mentioned in the Health Insurance Portability and Accountability Act (HIPAA) of 1996, refers to any identifiable information about a person that appears in medical records or conversations among health care staff regarding a patient’s treatment. It may also include billing information or any other information that could be used to identify someone in a company’s health insurance records.

Examples of PHI include patients’ names, birth dates, addresses, Social Security numbers, phone numbers, email addresses, medical record numbers, medical treatment information and billing information. HIPAA’s role is to ensure this information is kept private. “Covered entities” such as doctors’ and dentists’ offices and clinics, psychologists, nursing homes, pharmacies and hospitals or home health agencies, and even health plans, must be in compliance with HIPAA.

Under HIPAA rules, health care organizations are required to secure patient information that is stored or transferred either on paper records or digitally, to help protect PHI from data breaches or hackers.


A type of malware (malicious software) that attempts to deny access to a user’s own data by encrypting the data with a key that won’t unlock until a ransom is paid. Ransoms usually are paid in an untraceable cryptocurrency format such as Bitcoin. Ransomware attacks are becoming increasingly common against hospitals and other medical practices.

Regional Health Information Organization (RHIO)

A Regional Health Information Organization (RHIO) (pronounced “Rio“) is an entity that provides health information exchange services to participating stakeholders in a geographical region. RHIOs typically do the legwork in terms of meeting capability, security and privacy standards for secure exchange of health information among participants. Stakeholders often include providers, laboratories, payers and public health departments in the region. RHIOs must comply with HIPAA and other privacy laws. RHIOs often provide technical and advisory support services to participants as well. They have had a mixed record of success.

Remote patient monitoring

Remote patient monitoring is the use of technology to monitor the health of patients outside of conventional clinical settings. This type of monitoring most often happens at home, but can also be used in long-term care facilities or similar settings. Data collected on vitals like blood pressure, heart rate or weight can be transmitted to care providers in another location for assessment, recommendations and response, and typically is integrated into patients’ electronic health records.

Remote patient monitoring already had been gaining traction as the technology to track patients improves and as hospitals and other providers dedicated nurses and other clinicians to conduct the monitoring, but it took off more during the COVID-19 pandemic, when health care providers were trying to keep non-COVID patients out of the hospital as much as possible. The idea is that remote patient monitoring can keep people in their homes, reduce ER visits and avoidable readmissions and improve patient satisfaction and outcomes.

As of the start of September 2021, some 69 health systems and 156 hospitals in 33 states were approved by the Centers for Medicare and Medicaid Services (CMS) to offer acute hospital care at home. More information is available in a September 2021 AHCJ blog post.

Smart devices/connected devices

Any physical device that is embedded with sensors of network connectivity, enabling that device to “talk” to other devices.


Incidents where staff at hospitals access someone’s medical records without authorization or being directly involved in the patient’s care. In some cases, health system employees have accessed information such as emails, birth dates, clinical information or Social Security numbers, with the likely intention of selling the information or committing fraud.

Snooping is one of several types of data breaches that have been on the rise. Between 2009 and 2020, 3,705 health care data breaches involving 500 or more records have been reported to the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights, according to an article in HIPAA Journal. Those breaches resulted in the loss, theft, exposure or impermissible disclosure of over 268 million health care records. The average number of breaches per day in 2020 was 1.76. HHS maintains an updated list of all breaches reported in the previous 24 months, including cases of unauthorized access/disclosure.

Hospitals and health systems have been announcing larger incidents of snooping to affected patients. For example, in May 2021, the University of Florida Health Shands announced it had notified 1,562 people affected by a privacy breach in which a former employee accessed medical records “outside the scope of their duties.” More information is available in a July 2021 AHCJ blog post.

Software bill of materials (SBOM)

A list of ingredients that make up software components. This is emerging as a key building block in software security.

In a report of the top 10 health technology hazards for 2022 released by the nonprofit patient-safety organization ECRI, cybersecurity attacks against health care organizations were at the No. 1 spot. Acknowledging this concern, medical device manufacturers are more often building in security features—including SBOMs—to their design.

Work ongoing at the U.S. Food and Drug Administration and the International Medical Device Regulators Forum has been focused on how to provide SBOMs for different use cases, such as helping health care delivery organizations better understand risk management for what’s on the inside of a medical device they purchase.


Although they are sometimes used interchangeably, the terms telehealth and telemedicine have slightly different meanings. Telehealth is a broad term that refers to the use of telecommunications technology and electronic information to provide remote health-related services. This can include clinical medical care, health education for patients or providers, health administration and public health. Telehealth uses technology such as the internet, video conferencing, streaming video, imaging and other electronic communications.

Telemedicine is a more narrow term that is limited to remote clinical services, such as diagnosing and monitoring patients. Therefore, if a physician uses video conferences to diagnose remote patients and monitor their progress, the physician is engaged in telemedicine. If a city uses streaming video on its website to educate the public about COVID-19, the city is engaged in telehealth but not telemedicine.

Generally, telehealth facilitates the diagnosis, treatment, education, monitoring and management of a patient's care while the patient is in one location and the provider is at another site. Telehealth can also mean collaboration between providers in different physical locations to diagnose and treat a patient.

There are several common modes of telehealth used today, including live video interaction; remote patient monitoring, where personal health information or data is collected at one site, typically at home, and that information is transmitted and stored to guide care decisions; and mobile health (mhealth), which means health care supported by mobile devices and mobile applications. The COVID-19 pandemic facilitated a more rapid adoption of these technologies, as doctors struggled to keep non-COVID patients home and out of medical facilities to reduce spread of germs.


Telestroke is a form of telemedicine that allows providers to consult with on-call neurologists in other physical locations to better diagnose and more quickly treat stroke victims. Reducing long-term disability caused by stroke requires quick diagnosis and near immediate treatment, making telestroke a very appealing option.

Telestroke uses remote sharing of brain imaging, videoconferencing and, sometimes, camera robotics to determine diagnosis. Increasingly, health systems are joining together in a “spokes and wheel” approach to telestroke, where many smaller (and often rural or suburban) hospitals join in a telestroke collaboration with a large urban medical center that provides the neurology specialists to consult on cases. These collaborations are typically all in the same state or region to comply with state medical board rules on licensure.

Unique device identification (UDI)

A unique device identification system established by the U.S. Food and Drug Administration (FDA) to adequately identify medical devices sold in the United States, from manufacturing through distribution to patient use. The system is designed to help health care providers and consumers by enabling faster recalls or discoveries of flawed devices, a better assessment of device performance, improved inventory management and more informed patient treatment.

This requires device labelers (typically the manufacturer) to include a unique device identifier on device labels and packages. Each device is to be labeled with a unique numeric or alphanumeric code including information to identify the manufacturer and model of a device, as well as the lot or batch number, serial number, expiration date, date of manufacture, and distinct identification code for products regulated as devices.

The information must be in two forms: plain text and a machine-readable form, and must be submitted to the Global Unique Device Identification Database (GUDID). This information also is available to the public at Access GUDID. Database users can search on specific devices and download information on every device entered into the database.

Unstructured data

This is information that is not easily organized and located often in disperse locations. Examples include information collected from physician notes in the electronic health record, and information collected from wearable devices, remote monitoring systems, social media, sensors, patient reports and images such as X-rays.

Virtual reality (VR)

A computer-generated simulation of a three-dimensional image or environment. People can interact with these images using electronic equipment such as a headset or gloves outfitted with sensors.

Virtual reality is being explored by some cancer experts as a means to better explain to patients the size and location of their tumors, and as a means of distraction to keep patients calm during radiation therapy treatments that require patients to remain still. Additional applications include surgical simulators that allow neurosurgeons to view and interact with dynamic brain images before operating. A 2021 meeting of the International Virtual Reality Healthcare Association featured presentations from researchers at different centers about the potential of VR to help in areas such as cognitive rehabilitations in stroke survivors, speech disorders and pain relief. For more information, see this 2021 blog post from AHCJ.

Virtual visit

An aspect of telehealth or telemedicine (insert hyperlink), a virtual visit is a medical appointment that takes place via video between at least two parties (usually patient and physician) in different physical locations.


The terms “wearables,” “wearable technology,” and “wearable devices” refer to electronic technologies that are worn on the body or clothing to perform computing tasks. Generally, wearables are able to store and transmit data such as heart rate, sleep activity, etc. to patients’ care team and electronic health records, where information can be accessed in real time.

Webside manner

The way in which a health care professional interacts with patients remotely during telehealth or virtual visits.

White hat/black hat hacker

A white hat hacker is a computer security specialist who tests the security of computer systems and exposes their vulnerabilities before so-called “black hat” (nefarious) hackers can detect them and gain unauthorized access.