Glossary

Ad Hoc Evaluations - Ad hoc evaluations are rapid investigational assessments meant to gauge the initial viability of the Mini-Sentinel Distributed Database (MSDD) to support planned evaluations or to generate information about exposure and outcome rates and overall patterns of use of FDA-regulated medical products.

Code of Federal Regulations - The Code of Federal Regulations (CFR) is the codification of the general and permanent rules published in the Federal Register by the executive departments and agencies of the federal government.

The Common Rule - The Common Rule is a federal policy that governs the protection of human subjects in research projects (45 CFR Part 46). The principal components are: 1) requirements for assuring compliance with the Rule by institutions that conduct research involving human subjects; 2) requirements for researchers' obtaining and documenting informed consent from human subjects; and 3) requirements for Institutional Review Boards (IRBs) to oversee and document adherence to the Common Rule.

Covered Entity - Covered entities are those entities subject to HIPAA regulations (see below). This includes: 1) healthcare providers that conduct certain transactions in electronic form; 2) healthcare clearinghouses; and 3) health plans.

De-Identified Health Information - De-identified health information neither identifies nor provides a reasonable basis to identify an individual. There are two ways to de-identify information, either: (1) a formal determination by a qualified statistician; or (2) the removal of specified identifiers of the individual and of the individual's relatives, household members, and employers is required, and is adequate only if the covered entity has no actual knowledge that the remaining information could be used to identify the individual. There are no restrictions on the use or disclosure of de-identified health information (45 CFR 164.514(a)-(c)).

Federal Information Security Management Act - The Federal Information Security Management Act (FISMA) was passed in 2002 as Title III of the E-Government Act (Public Law No. 107-347). FISMA requires each federal agency to develop, document, and implement agency-wide programs to provide information security for the operations and assets of the agency, including those provided or managed by other agencies or outside contractors.

Freedom of Information Act - The Freedom of Information Act (FOIA), enacted in 1966 (5 U.S.C. § 552), provides that all people have the right to obtain access to federal agency records, unless those records are protected from disclosure by one of nine exemptions or by one of three law enforcement exclusions.

Health Insurance Portability and Accountability Act - The Health Insurance Portability and Accountability Act (HIPAA) of 1996 (Public Law No. 104-191) is a federal law that governs: 1) health insurance coverage for workers and their families when they change or lose their jobs; and 2) the establishment of national standards for electronic health care data transactions.

HIPAA Privacy Rule - The HIPAA Privacy Rule (45 CFR Part 160 and Subparts A and E of Part 164) establishes national standards to protect individuals' medical records and other individual health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of individual health information and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.

Limited Data Set - As an alternative to using fully de-identified information, HIPAA makes provisions for the creation of a limited data set which requires the removal of 16 direct identifiers (see list below under Protected Health Information) but allows for the inclusion of dates, geographic location (not as specific as street address), and any other code or characteristic not explicitly excluded.

National Institute of Standards - The National Institute of Standards (NIST) is a non-regulatory federal agency within the U.S. Department of Commerce. NIST's purpose is to promote innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve quality of life. NIST oversees implementation and adherence to non-national security information systems standards, such as FISMA.

Office for Human Research Protections - The Office for Human Research Protections (OHRP) oversees all research involving human subjects. It resides within the U.S. Department of Health and Human Services (HHS).

Personally Identifiable Information - Personally Identifiable Information (PII) refers to information that can be used to uniquely identify an individual, either independently or in combination with other personal or identifying information that can be linked to a specific individual.

Planned Evaluations - Planned evaluations are longer term evaluations based on carefully developed scientific protocols. Development of these protocols requires the collaborative efforts of many individuals who possess expertise in relevant medical areas.

Privacy Act of 1974 - The Privacy Act of 1974 (5 U.S.C. § 552a, Public Law No. 93-579) establishes a Code of Fair Information Practice that governs the collection, maintenance, use, and dissemination of Personally Identifiable Information (PII) about individuals that is maintained in systems of records by federal agencies. A system of records is a group of records under the control of an agency from which information is retrieved by the name of the individual or by some identifier assigned to the individual.

Protected Health Information (PHI) - The HIPAA Privacy Rule protects all individually identifiable health information held or transmitted by a covered entity or its business associate, whether electronic, paper, or oral. Individually identifiable health information includes a specific list of 18 common identifiers (see list below). Under the Privacy Rule, information that directly identifies individuals, as well as information for which there is a reasonable basis to believe it could be used to identify individuals (such as small cell counts and dates of service) is considered protected health information (PHI).

  • names
  • geographic subdivisions smaller than a state, including street address, city, county, precinct, ZIP code, and their equivalent geocodes, except for the initial three digits of a ZIP code
  • all elements of dates (except year) for dates directly related to an individual (e.g., date of birth, admission)
  • telephone numbers
  • fax numbers
  • electronic mail addresses
  • social security numbers
  • medical record numbers
  • health plan beneficiary numbers
  • account numbers
  • certificate/license numbers
  • vehicle identifiers and serial numbers, including license plate numbers
  • device identifiers and serial numbers
  • web universal locators (URL's)
  • internet protocol (IP) address numbers
  • biometric identifiers, including finger and voiceprints
  • full-face photographic image and any comparable images
  • other unique identifying number, characteristic, or code

Protocols - See Planned Evaluations.

Query - A query is a request by the FDA for information on a particular topic of interest.

Query Tool Evaluations - Query tool evaluations are based on previously prepared summary tables that enable rapid assessment of cohort sizes often needed for feasibility purposes. The summary tables are maintained locally by Mini-Sentinel Data Partners and do not contain individually identifiable health information. These tables are created using distributed code which runs against data, maintained by individual Data Partners, which have been transformed into Mini-Sentinel Common Data Model (MSCDM) format.

Trade Secret Exemption - Exemption number four of FOIA protects information that is considered confidential commercial from disclosure under the Act (5 U.S.C. § 552(b)(4)(2006)).