overview (1K)

Glossary

Authentication and Authorization
Authentication is the operation of determining if the user has entered the verify code or password that matches the access code or username. Authorization is the further step of determining what permissions an authenticated user has.

Context
VistA-speak for authorization. First the user is authenticated using access and verify codes, then the user is authorized to perform certain operations, such as use CPRS, depending on what contexts are in the user's account in VistA.

CPRS
The standard user interface tool into VistA. CPRS is a Windows program, written in Delphi and uses the RPC Broker to communicate with VistA.

DICOM
The standard protocol in the medical domain for exchanging image data.

Information Security Officer (ISO)
The person at each site responsible for the security of patient information.

Master Patient Index (MPI)
Each patient in any VistA has a unique numeric identifier called patient IEN or DFN. DFNs are not unique, however, across sites. One DFN may exist in many sites and identify many different patients. Also a single patient may have many DFNs by virtue of having received care in many sites. The MPI has been created to alleviate this problem. In the MPI each patient in VHA has a single unique numeric identifier called the ICN. Also, sometimes the RPC to fetch a patient's "other" sites is referred to as the MPI call, which is inaccurate since no ICN is involved in this call.

Site Moniker
A 3 character abbreviation for a VHA site, usually obtained from the VHA web sites.

Multi-threaded
Every piece of software runs on at least one thread, which is a single sequential flow of control. It is sometimes advantageous, however, to operate more than one thread. In VistaWeb, for example, we perform the same data request against several sites. With a single thread these requests would proceed serially, one after another, so the total time would be the sum of all their times. With multi-threading, however, the requests could be issued in parallel, all at the same time, and the total time would be the time of the request that took the longest.

New Person File (NPF)
A complete misnomer, this is actually the user table in a VistA site.

Patient Sensitivity
Some patients are marked "sensitive", meaning their data is sensitive. This may happen if the patient is also an employee or if the patient has certain medical conditions. Such data may not be shown to users until the user has been notified that the data is sensitive and that a bulletin will be issued to the site's ISO. The bulletin provides an audit trail inside VistA that enables an ISO to determine which users have accessed which sensitive patient data. A special case of patient sensitivity is when the user is the patient. When this happens, the user interface must refuse to proceed.

Remote Data Views (RDV)
The built-in functionality that enables CPRS to get data from sites other than the site at which the user logged in.

Remote Procedure Call (RPC)
A programming interface that allows one program to use the services of another program in a remote machine. The calling programming sends a message and data to the remote program, which is executed, and results are passed back to the calling program. RPCs are the primary mechanism for networking, underlying protocols such as email, ftp, http, telnet, etc. CPRS and MDO communicate with VistA via RPCs.

Secondary Menu Option
For an authenticated user to have permission to, say run CPRS, that user must have the CPRS context as a menu option. Software such as CAPRI and MDO operate with the CAPRI or CPRS context as a secondary menu option in a visitor account, i.e., an account that lacks access and verify codes.

Swing GUI
A Java application that uses the Swing Toolkit of user interface controls.

VistA
The HIS at every VHA site.

WebTop
A web-based application that uses Java servlets to get data from remote sites. Typically run from the CPRS Tools menu, but can also be run from a URL.