![]() |
![]() |
Glossary
Authentication and Authorization
Authentication is the operation of determining if the user has entered the
verify code or password that matches the access code or username. Authorization
is the further step of determining what permissions an authenticated user has.
Context
VistA-speak for authorization. First the user is authenticated using access and
verify codes, then the user is authorized to perform certain operations, such as
use CPRS, depending on what contexts are in the user's account in VistA.
CPRS
The standard user interface tool into VistA. CPRS is a Windows program, written
in Delphi and uses the RPC Broker to communicate with VistA.
DICOM
The standard protocol in the medical domain for exchanging image data.
Information Security Officer (ISO)
The person at each site responsible for the security of patient information.
Master Patient Index (MPI)
Each patient in any VistA has a unique numeric identifier called patient IEN or
DFN. DFNs are not unique, however, across sites. One DFN may exist in many
sites and identify many different patients. Also a single patient may have
many DFNs by virtue of having received care in many sites. The MPI has been
created to alleviate this problem. In the MPI each patient in VHA has a single
unique numeric identifier called the ICN. Also, sometimes the RPC to fetch a
patient's "other" sites is referred to as the MPI call, which is inaccurate since
no ICN is involved in this call.
Site Moniker
A 3 character abbreviation for a VHA site, usually obtained from the VHA web
sites.
Multi-threaded
Every piece of software runs on at least one thread, which is a single
sequential flow of control. It is sometimes advantageous, however, to operate
more than one thread. In VistaWeb, for example, we perform the same data
request against several sites. With a single thread these requests would proceed
serially, one after another, so the total time would be the sum of all their
times. With multi-threading, however, the requests could be issued in parallel,
all at the same time, and the total time would be the time of the request that
took the longest.
New Person File (NPF)
A complete misnomer, this is actually the user table in a VistA site.
Patient Sensitivity
Some patients are marked "sensitive", meaning their data is sensitive. This may
happen if the patient is also an employee or if the patient has certain medical
conditions. Such data may not be shown to users until the user has been notified
that the data is sensitive and that a bulletin will be issued to the site's ISO.
The bulletin provides an audit trail inside VistA that enables an ISO to
determine which users have accessed which sensitive patient data. A special case
of patient sensitivity is when the user is the patient. When this happens,
the user interface must refuse to proceed.
Remote Data Views (RDV)
The built-in functionality that enables CPRS to get data from sites other than
the site at which the user logged in.
Remote Procedure Call (RPC)
A programming interface that allows one program to use the services of another
program in a remote machine. The calling programming sends a message and data
to the remote program, which is executed, and results are passed back to the
calling program. RPCs are the primary mechanism for networking, underlying
protocols such as email, ftp, http, telnet, etc. CPRS and MDO communicate with
VistA via RPCs.
Secondary Menu Option
For an authenticated user to have permission to, say run CPRS, that user
must have the CPRS context as a menu option. Software such as CAPRI and MDO
operate with the CAPRI or CPRS context as a secondary menu option in a visitor
account, i.e., an account that lacks access and verify codes.
Swing GUI
A Java application that uses the Swing Toolkit of user interface controls.
VistA
The HIS at every VHA site.
WebTop
A web-based application that uses Java servlets to get data from remote sites.
Typically run from the CPRS Tools menu, but can also be run from a URL.