Improving Access to EHRs



Hover your cursor over the dotted underlined terms in this toolkit to show the glossary definition. The complete list of glossary terms and definitions also appears on this page for your reference.


Authority is defined as the executive agencies, including public health agencies and departments, authorized by the legislative branch to engage in activities. Public health is authorized by law to collect or receive health information for the purpose of preventing or controlling disease, injury, or disability. This would include, for example, the reporting of disease or injury; reporting vital events, such as births or deaths; and conducting public health surveillance, investigations, or interventions. (Office of the National Coordinator for Health Information Technology, HealthIT)

Business Case

Business case assists organizational stakeholders in making decisions regarding the viability of a proposed project effort. Use of a business case is considered standard practice throughout private and public industry. In government there are also specific laws and regulations that mandate the use of business cases for certain project types. (Health and Humans Services,

Electronic Health Records (EHRs)

EHRs are a digital version of a patient’s paper chart. EHRs are real time, patient centered records that make information available instantly and securely to authorized users. EHRs are not scanned copies of paper charts. One of the key features of an EHR is that health information can be created and managed by authorized providers in a digital format capable of being shared with other providers across more than one healthcare organization. (Office of the National Coordinator for Health Information Technology, HealthIT)

Healthcare­-associated Infection (HAI)

HAIs are infections that patients acquire during the course of receiving treatment for other conditions within a healthcare setting. Infections can be associated with the devices used in medical procedures, such as catheters or ventilators. These healthcare-­associated infections (HAIs) include central line-associated bloodstream infections, catheter­-associated urinary tract infections, and ventilator-associated pneumonia. Infections may also occur at surgery sites, known as surgical site infections. (CDC)

Healthcare Facilities

Healthcare facilities are places that provide healthcare. They include hospitals, clinics, outpatient care centers, and specialized care centers, such as birthing centers and psychiatric care centers. (National Institutes of Health)

Health Information Exchange (HIE)

HIE describes both the organization and the process which allows doctors, nurses, pharmacists, other healthcare providers and patients to appropriately access and securely share a patient’s vital medical information electronically—improving the speed, quality, safety and cost of patient care. Health information exchange provides the capability to electronically move clinical information between disparate healthcare systems while maintaining the meaning of the information being exchanged. The goal of health information exchange is to facilitate access to and retrieval of clinical data to provide safer, timelier, efficient, effective, equitable, and patient­ centered care. (

Health Information Technology (Health IT)

Health IT is the use of computer hardware and software to privately and securely store, retrieve, and share patient health and medical information. (

Health Insurance Portability and Accountability Act (HIPAA)

The HIPAA Act of 1996 includes provisions that protect health insurance coverage for workers and their families when they change or lose their jobs and that combat waste, fraud and abuse in health insurance and health care delivery. HIPAA required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information. To fulfill this requirement, HHS published what are commonly known as the HIPAA Privacy Rule and the HIPAA Security Rule.

HIPAA Breach Notification Rule

This rule requires covered entities and business associates to provide notification following a breach of unsecured protected health information. (HHS/OCR)

Infection Preventionists (IPs)

IPs are professionals who direct interventions that protect patients from healthcare­-associated infections (HAIs) in clinical and other settings around the world. They work with clinicians and administrators to improve patient and systems ­level outcomes and reduce HAIs and related adverse events. (Association for Professionals in Infection Control and Epidemiology (APIC))


Interoperability is the ability for systems to exchange and use patient information in EHRs across systems without special effort on the part of the user. The Office of the National Coordinator for Health IT is responsible for advancing connectivity and interoperability of health information technology and recently released a draft roadmap that proposes critical actions for both public and private stakeholders that will advance our nation towards interoperable health. (Office of the National Coordinator for Health Information Technology, HealthIT)

Learning Health System

A learning health systems is an ecosystem where all stakeholders can securely, effectively, and efficiently contribute, share and analyze information systems to support effective decision-making leading to improve health outcomes. (Office of the National Coordinator for Health Information Technology, HealthIT)

Meaningful Use (MU)

Meaningful use is the use of certified electronic health record (EHR) technology to improve quality, safety, efficiency, and reduce health disparities, to engage patients and family, to improve care coordination, and population and public health, to maintain privacy and security of patient health information. (Office of the National Coordinator for Health Information Technology, HealthIT)

Privacy for Individually Identifiable Health Information (HIPAA Privacy Rule) 

The HIPAA privacy rule provides federal protections for individually identifiable health information held by covered entities and their business associates and gives patients an array of rights with respect to that information. A major goal of the Privacy Rule is to assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public's health and well-being. The Rule strikes a balance that permits important uses of information, while protecting the privacy of people who seek care and healing. (HHS/OCR)

Regional Health Information Organization (RHIO)

A RHIO is an organization that brings together healthcare stakeholders within a defined geographic area and governs health information exchange among them for the purpose of improving health and care in that community. (U.S. Department of Health and Human Services)

Security Standards for the Protection of Electronic Protected Health Information (HIPAA Security Rule)

The HIPAA security rule sets national standards for the security of electronic protected health information by specifying a series of administrative, physical, and technical safeguards for covered entities and their business associates to use to assure the confidentiality, integrity, and availability of electronic protected health information. (HHS/OCR)


Toolkit refers to the resources described in this electronic document, which includes the assessment process, the methods used, and the results.


« Return to main page