Definitions

Health data/sensitive data: Broadly defined as information relating to an identified or identifiable person. Example data elements include identification numbers, location data, genetic information, cultural and social attributes, and identifiable health records. Specific regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) or the General Data Protection Regulation (GDPR), may impose definitions and requirements. For example, HIPAA includes a definition of Protected Health Information (PHI), which defines identifiable data that is covered under the regulatory standard.

Healthcare payor: Organizations who develop healthcare policy, manage risk, or provide healthcare networks, payment, and adjudication services for citizens, employers, or private individuals (for example, health plans, intermediaries, claims processing entities, and policy or regulatory entities at the state and federal level).

Healthcare provider: Organizations (such as clinics, hospitals, and care networks) providing acute, ambulatory, ancillary, and retail healthcare services.

Healthcare ISV: Technology providers who develop, maintain, and market technology solutions addressing the needs of healthcare organizations (for example, payors and providers).

Consumer health and wellness: Technology provider companies who develop, maintain, and market health and wellness solutions targeting consumers.

Standards setting organizations: Organizations responsible for establishing industry standards that are common across healthcare. Examples include Health Level 7 (HL7) for healthcare interoperability and the Health Information Trust (HITRUST) Alliance for data protection.

Regulatory bodies: Organizations, often geography specific (FDA, ONC, EMA), that define regulations for controls that healthcare organizations must adopt in order to operate within that geography.