We use cookies to understand how this site is used and to improve the site to make use easier. We also share details with Google for analytic purposes. For more information, and to understand the limited use we have for your data, see our privacy page.

If you do not want us to handle your data in this way you can eitherstop using this site or set your browser to request that we do not track you. Continued use of this site without setting do not track explicitly provides your authority to make limited use your data.

 A

accompanying document
see accompanying information
accompanying documentation
see accompanying information
accompanying information

information accompanying or marked on a health IT product or accessory for the user or those accountable for the installation, use, processing, maintenance, decommissioning and disposal of the medical device or accessory, particularly regarding safe use

administrator

role responsible for the ongoing operation of the implemented health IT system and ensuring it is safeguarded and maintained on an ongoing basis

asset

physical or digital entity that has value to an individual, an organization or a government

assurance case

reasoned, auditable artefact created that supports the contention that its top-level claim (or set of claims), is satisfied, including systematic argumentation and its underlying evidence and explicit assumptions that support the claim(s)

 C

change management

process for recording, coordination, approval and monitoring of all changes

change-release management

process that ensures that all changes to the health IT infrastructure (and its components) are assessed, approved, implemented and reviewed in a controlled manner and that changes are delivered, distributed, and tracked, leading to release of the change in a controlled manner with appropriate input and output with configuration management

client
see subject of care
clinical change management

strategic and systematic approach that supports people and their organizations in the successful transition and adoption of electronic health solutions, with a focus on outcomes including solution adoption by users and the realization of benefits

cloud computing

paradigm for enabling network access to a scalable and elastic pool of shareable physical or virtual resources with self-service provisioning and administration on-demand

cloud service

one or more capabilities offered via cloud computing invoked using a defined interface

component

collection of system resources that (a) forms a physical or logical part of the system, (b) has specified functions and interfaces, and (c) is treated (e.g., by policies or specifications) as existing independently of other parts of the system.

customer

person or organization that could or does receive a product or a service that is intended for or required by this person or organization

cybersecurity
see security

 D

developer

role responsible for execution of the design and development phase (from concept to release and maintenance) of a health software or health IT system

 E

effectiveness

ability to produce the intended result

event

occurrence or change of a particular set of circumstances

exploit

defined way to breach the security of information systems through vulnerability

exposure

extent to which an organization and/or stakeholder is subject to an event

 H

harm

injury or damage to the health of people, or damage to property or the environment

hazard

potential source of harm

hazardous situation

circumstance in which people, property or the environment is/are exposed to one or more hazards

HDO
see healthcare delivery organization
health information technology

documented and intended application of information technology that is intended to be applied for the collection, storage, processing, retrieval, and communication of information relevant to health, patient care, and well-being

health IT
see health information technology
health IT infrastructure

combined set of IT assets available to the individual or organization for developing, configuring, integrating, maintaining, and using IT services and supporting health, patient care and other organizational objectives

health IT system

combination of interacting health IT elements that is configured and implemented to support and enable an individual or organization’s specific health objectives

health software

software intended to be used specifically for managing, maintaining, or improving health of individual persons, or the delivery of care, or which has been developed for the purpose of being incorporated into a medical device

health software product

healthcare delivery organization

facility or enterprise such as a clinic or hospital that provides healthcare services

 I

implementation

life cycle phase at the end of which the hardware, software and procedures of the system considered become operational

implementer

role responsible for the clinical installation, workflow optimization, and training of health software and health IT systems in the clinical setting

integrator

role responsible for the incorporation of components into the health IT infrastructure used by the healthcare delivery organization, including technical installation, configuration, and data migration

intended purpose
see intended use
intended use

use for which a product, process or service is intended according to the specifications, instructions and information provided by the manufacturer

interoperability

ability of two or more systems or components to exchange information and to use the information that has been exchanged

IT-network

a system or systems composed of communicating nodes and transmission links to provide physically linked or wireless transmission between two or more specified communication nodes

 K

key properties

three risk management characteristics of safety, effectiveness, and security

 L

life cycle

series of all phases in the life of a product or system, from the initial conception to final decommissioning and disposal

 M

manufacturer

organization with responsibility for design or manufacture of a product

medical device

instrument, apparatus, implement, machine, appliance, implant, reagent for in vitro use, software, material or other similar or related article, intended by the manufacturer to be used, alone or in combination, for human beings, for one of more of the specific medical purpose(s) of

— diagnosis, prevention, monitoring, treatment or alleviation of disease,

— diagnosis, monitoring, treatment, alleviation of or compensation for an injury,

— investigation, replacement, modification, or support of the anatomy or of a physiological process, — supporting or sustaining life,

— control of conception,

— cleaning, disinfection, or sterilization of medical devices,

— providing information by means of in vitro examination of specimens derived from the human body,

and which does not achieve its primary intended action by pharmacological, immunological or metabolic means, in or on the human body, but which may be assisted in its function by such means

 O

organization

person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives

 P

patient
see subject of care
personal health information

information about an identifiable person that relates to the physical or mental health of the individual

privacy

freedom from intrusion into the private life or affairs of an individual when that intrusion results from undue or illegal gathering and use of data about that individual

process

set of interrelated or interacting activities that use inputs to deliver an intended result

product

output of an organization that can be produced without any transaction taking place between the organization and the customer

 Q

quality

degree to which all the properties and characteristics of a product, process, or service satisfy the requirements which ensue from the purpose for which that product, process, or service is to be used

 R

reasonably foreseeable misuse

use of a product or system in a way not intended by the manufacturer, but which can result from readily predictable human behaviour

residual risk

risk remaining after risk control measures have been implemented

responsibility agreement

document that fully defines the responsibilities of all relevant stakeholders

risk

combination of the probability of occurrence of harm and the severity of that harm

risk analysis

systematic use of available information to identify hazards and to estimate the risk

risk assessment

overall process comprising a risk analysis and a risk evaluation

risk control

process in which decisions are made and measures implemented by which risks are reduced to, or maintained within, specified levels

risk estimation

process used to assign values to the probability of occurrence of harm and the severity of that harm

risk evaluation

process of comparing the estimated risk against given risk criteria to determine the acceptability of the risk

risk management

systematic application of management policies, procedures and practices to the tasks of analysing, evaluating, controlling and monitoring risk

risk management file

set of records and other documents that are produced by risk management

risk tolerance

organization's or stakeholder's readiness to bear the risk after risk control in order to achieve its objectives

role

function or position

root cause

set of conditions or actions that occur at the beginning of a sequence of events that result in the initiation of a failure mode

 S

safety

freedom from unacceptable risk

security

state where information and systems are protected from unauthorized activities, such as access, use, disclosure, disruption, modification, or destruction to a degree that the related risks to confidentiality, integrity, and availability are maintained at an acceptable level throughout the lifecycle

security capability

broad category of technical, administrative or organizational controls to manage risks to confidentiality, integrity, availability and accountability of data and systems

service user
see subject of care
severity

measure of the possible consequences of a hazard

sociotechnical ecosystem

complex ‘ecosystem’ or ‘sociotechnical system’ environment where the software is tightly integrated with other systems, technologies, infrastructure, and domains (people, organizations and external environments) and where it is configured to support local clinical and business processes

subject of care

person who seeks to receive, is receiving, or has received healthcare

subject of healthcare
see subject of care
system

combination of interacting elements organized to achieve one or more stated purposes

system owner

senior executive accountable for ensuring the health IT system being acquired and implemented will meet their organization’s healthcare delivery services needs for its intended use

 T

threat

potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm

top management

Group of people who direct and control an organization and have overall accountability in an organization.

 U

usability

characteristic of the user interface that facilitates use and thereby establishes effectiveness, efficiency and user satisfaction in the intended use environment

user

person using the system for a health-related purpose

 V

verification

confirmation, through the provision of objective evidence, that specified requirements have been fulfilled

vulnerability

flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy

 W

weakness

kind of deficiency.