Healthcare IT glossary

FHIR (Fast Healthcare Interoperability Resources)

Also: FHIR R4, FHIR R5, HL7 FHIR

FHIR is a healthcare-data interchange standard published by HL7 International. FHIR R4 is the version most U.S. health systems deploy today; R5 began limited adoption in 2024. FHIR defines clinical, administrative, and financial resources as RESTful API entities, enabling modern, web-friendly data exchange.

FHIR is mandated by the 21st Century Cures Act for patient access, USCDI v3 data sharing, and TEFCA QHIN exchange. BytePad implements FHIR R4 for both ingest (legacy-system retirement) and export (downstream analytics, AI retrieval).

HL7 v2

Also: HL7 2.x, pipe-and-hat

HL7 v2 is the messaging standard that has carried 95% of clinical messages between hospital systems since the 1990s — ADT (admit/discharge/transfer), ORM (orders), ORU (results), and SIU (scheduling). Still the dominant real-time integration format inside hospitals.

Most legacy EHR retirement programs require HL7 v2 ingest plus translation to FHIR R4 for downstream consumers. BIIG (BytePad Integration & Interoperability Gateway) handles both.

USCDI v3

Also: United States Core Data for Interoperability

USCDI v3 is the federally mandated dataset of clinical data classes and elements every U.S. EHR must be able to share via FHIR APIs under the 21st Century Cures Act information-blocking rule. Published by ONC; required for ONC-certified EHRs.

TEFCA

Also: Trusted Exchange Framework and Common Agreement

TEFCA is the U.S. federal framework for nationwide health information exchange, administered by the Sequoia Project on behalf of ONC. It governs how Qualified Health Information Networks (QHINs) exchange data across the country.

QHIN (Qualified Health Information Network)

A QHIN is a TEFCA-designated network operator authorized to exchange clinical and administrative data nationwide. As of 2026, designated QHINs include eHealth Exchange, Health Gorilla, Epic Nexus, MedAllies, KONZA, CommonWell, and others.

C-CDA

Also: CCDA, Consolidated Clinical Document Architecture

C-CDA is the XML-based clinical-document format defined by HL7 for structured summary documents — Continuity of Care Document (CCD), Discharge Summary, Progress Note, and more. Required by ONC certification.

X12 837 Claims

Also: 837P, 837I

X12 837 is the HIPAA-mandated electronic claims transaction format — 837P (Professional) for physician services, 837I (Institutional) for hospital services. Defined by the ASC X12 standards body.

IHE XDS / XDR

Also: Integrating the Healthcare Enterprise XDS

IHE XDS (Cross-Enterprise Document Sharing) and XDR (Cross-Enterprise Document Reliable Interchange) are the IHE profiles for sharing clinical documents across organizational boundaries — the historical foundation for health information exchanges and a continuing pattern in federal deployments.

Epic Hyperdrive

Hyperdrive is Epic's replacement for the legacy Hyperspace client. It is a Chromium-based desktop application that brings Epic's clinical workflows into a modern, web-rendered runtime. Most Epic shops have either deployed Hyperdrive or are in active cutover.

Epic MyChart

MyChart is Epic's patient portal — web and mobile clients that give patients access to their clinical records, messaging, scheduling, billing, and health-maintenance reminders. Mandatory for any Epic-shop patient-experience program.

Epic Bridges

Bridges is Epic's integration engine — the HL7 v2, FHIR, and X12 interface platform that connects Epic to laboratory, radiology, pharmacy, EDI, and other systems.

Oracle Health (Cerner) Millennium

Also: Cerner Millennium, PowerChart

Oracle Health Millennium is the flagship EHR formerly known as Cerner Millennium. Components include PowerChart (clinical), FirstNet (ED), SurgiNet (OR), and Bedrock (configuration). Deployed across many U.S. health systems and the basis of the VA EHRM and DHA MHS GENESIS programs.

Meditech Expanse

Expanse is Meditech's modern, web-based EHR — the successor to Meditech 6.x and Meditech Magic. Used by community hospitals, critical-access facilities, and some larger IDNs.

Meditech Magic

Magic is Meditech's legacy MUMPS-based EHR, predominantly deployed in community and critical-access hospitals during the 1990s and 2000s. End-of-support; commonly retired into archival platforms like BytePad.

Workday HCM / Financials / Supply Chain

Workday provides HCM, Financials, Supply Chain, and Adaptive Planning modules used by U.S. health systems for human capital, ERP, and procurement workloads — often deployed alongside Epic and Cerner.

HITRUST r2 / CSF v11

HITRUST r2 is the highest assurance certification level under the HITRUST Common Security Framework (CSF), currently at version v11. Required by many U.S. health-system business associate agreements. InterScripts and BytePad are HITRUST r2 certified.

SOC 2 Type II

SOC 2 Type II is an AICPA attestation reporting on a service organization's controls over Security, Availability, Confidentiality, Processing Integrity, and Privacy — measured over a period (typically 6–12 months). InterScripts maintains an active SOC 2 Type II attestation.

ISO 27001:2022

ISO 27001:2022 is the international standard for information security management systems (ISMS). InterScripts is ISO 27001:2022 certified, alongside ISO 9001:2015 for quality management.

HIPAA Privacy & Security Rules

The Health Insurance Portability and Accountability Act (HIPAA) governs the privacy (Privacy Rule) and security (Security Rule) of Protected Health Information (PHI). The Security Rule's Administrative, Physical, and Technical Safeguards map to NIST SP 800-66.

CMMC Level 2

Also: Cybersecurity Maturity Model Certification

CMMC Level 2 is the Cybersecurity Maturity Model Certification level required of Department of Defense contractors handling Controlled Unclassified Information (CUI). Maps to NIST SP 800-171 controls.

FedRAMP

Also: Federal Risk and Authorization Management Program

FedRAMP is the U.S. federal program that standardizes security assessment, authorization, and continuous monitoring for cloud products and services. Tiers: Low, Moderate, High. Required for most federal SaaS deployments.

NIST SP 800-53

NIST Special Publication 800-53 (Rev 5) is the federal catalog of security and privacy controls for U.S. information systems. Foundation for federal RMF, FedRAMP, and CMMC.

DoD RMF

Also: Risk Management Framework

The DoD Risk Management Framework (RMF) is the Department of Defense's adoption of the NIST RMF (SP 800-37) for authorizing and continuously monitoring information systems on DoD networks.

Zero Trust Architecture

Also: ZTA, NIST SP 800-207

Zero Trust is the architecture defined by NIST SP 800-207 and the DoD Zero Trust Reference Architecture — never trust, always verify across identity, device, network, application, data, and visibility pillars.

42 CFR Part 2

42 CFR Part 2 is the federal regulation governing the confidentiality of substance-use disorder (SUD) treatment records. Adds stricter consent and disclosure rules than HIPAA. Required handling for behavioral-health archival programs.

VAULTIS

VAULTIS is the U.S. Department of Defense data strategy framework: Visible, Accessible, Understandable, Linked, Trustworthy, Interoperable, Secure. It is the reference architecture for federal data-governance programs, including BytePad for Government.

VA EHRM

Also: VA Electronic Health Record Modernization

The Department of Veterans Affairs Electronic Health Record Modernization (VA EHRM) program is replacing the VistA legacy EHR with Oracle Health (Cerner) Millennium across Veterans Health Administration facilities.

MHS GENESIS

Also: Military Health System EHR

MHS GENESIS is the U.S. Military Health System electronic health record, deployed by the Defense Health Agency (DHA) on Oracle Health (Cerner) Millennium. Replacing legacy AHLTA, CHCS, and Essentris systems across the Military Health System.

AHLTA

Also: Armed Forces Health Longitudinal Technology Application

AHLTA was the U.S. Department of Defense ambulatory EHR replaced by MHS GENESIS. Long-tail archival, FOIA, and chain-of-custody requirements remain after retirement.

VistA

Also: Veterans Health Information Systems and Technology Architecture

VistA is the U.S. Department of Veterans Affairs legacy EHR, in production for 40+ years and being replaced under the VA EHRM program by Oracle Health (Cerner) Millennium. VistA data archival is a frequent BytePad federal use case.

GSA Schedule (MAS)

Also: Multiple Award Schedule

The GSA Multiple Award Schedule (MAS) is the U.S. General Services Administration's long-term, government-wide contract vehicle used by federal buyers to procure commercial products and services. InterScripts is a GSA MAS holder.

Defensible Disposition

Defensible disposition is the audited, policy-aligned deletion of records that have passed their retention period. It requires a documented retention schedule, an immutable archive up to the cut-off date, and a tamper-evident audit log of every disposition decision — capabilities BytePad provides out of the box.

ROI (Release of Information)

Release of Information is the regulated process by which patient records are disclosed to authorized requestors — patients, attorneys, insurers, government agencies. Workflows must capture consent, scope, audit, and timeliness, and align to HIPAA Privacy Rule.

FOIA / Public Records

Also: Freedom of Information Act

The Freedom of Information Act (FOIA) and state public-records laws govern disclosure of records held by federal and state agencies. FOIA-ready archival is a common requirement for federal customers using BytePad for Government.

Pediatric Record Retention

Pediatric medical-record retention is set at the state level. Most states require retention until the age of majority plus a multiplier (commonly 2–7 years) — substantially longer than adult retention. State-by-state mapping is part of every BytePad implementation playbook.

BytePad

BytePad is the AI-native intelligent data archival and document management platform from InterScripts. KLAS-recognized 2026. Securely manages structured and unstructured records across healthcare, government, education, finance, and supply chains.

BIIG (BytePad Integration & Interoperability Gateway)

BIIG is the integration spine inside BytePad that connects legacy and modern systems through HL7 v2, FHIR R4, C-CDA, REST, IHE XDS/XDR, X12, Kafka, NiFi, Airflow, and dbt — real-time and batch ingestion on one gateway.

AI Global Search (BytePad)

AI Global Search is BytePad's semantic and natural-language retrieval layer across structured and unstructured records. Powered by domain-tuned embeddings and a federated metadata graph.

CHAI

Also: Coalition for Health AI

The Coalition for Health AI (CHAI) is a multi-stakeholder body developing responsible AI principles for U.S. healthcare. Published the CHAI Assurance Standards Guide; informs hospital AI governance programs.

RAG (Retrieval-Augmented Generation)

Retrieval-Augmented Generation is the AI pattern where a language model retrieves grounded evidence from a knowledge base before generating an answer. BytePad's AI Global Search is a RAG layer over the archived clinical and administrative corpus.