Archive:
Duplicate copy of entire data storage such as disk to another medium or device.
Access ControlMechanism used to restrict access to data.
Account:
An account (also referred to as a log-in) allows a specific computer user to connect to specific computing resources and may allow access to specific data.
Account Requestor:
Administrative staff or supervisor who requests that an account be provided to a staff member who needs it to access data.
Audit Log:
Record of changes that affect access to data (see Audit Controls Policy)
Authentication:
Mechanism such as password or ID tag used to confirm identity of user.
Backup:
Process used to copy data to another medium or location for purposes of duplication. May be incremental storing only changes since last full archive or backup.
Dataset custodian:
The individual or entity accountable for the research uses of a dataset
Dataset administrator:
Department IT person or group responsible for maintaining a PHI dataset including access controls
Departmental IT:
Each clinical department or unit receives computer services from a specified Information Technology group either in their own department or by contract from another department. This term is used to refer to that IT group.
Encryption:
Process used to convert data into an unreadable form. Only authorized user may convert data back to readable form.
HIPAA:
Health Insurance Portability and Accountability Act
Health Care Component:
Component of the Covered Entity (UW_Madison) that handles EPHI and consequently must comply with HIPAA
PHI Database:
A collection of data containing EPHI from several individuals such as those used in a clinical study
Remote access:
Mechanism used to access resources on the SMPH network from outside that network.
Security Rule:
The portion of HIPAA specifically applying to Protected Health Information in electronic form.
Server:
A computer is a server if it meets either of the following criteria:
- Contains registered multi-user database of EPHI
- Is accessible from outside the SMPH network.
User:
Any person who has been authorized to access SMPH computer systems.
VPN (Virtual Private Network):
Method for accessing a remote network via an encrypted tunnel through the Internet.
Workstation:
A computer, used to access or process data, which is not accessible from outside the Affiliated Covered Entity (ACE) and does not contain a repository of EPHI.