- Information governance (IG)
- An organization-wide framework of accountability, policies, and decision rights for managing information as a strategic asset across its lifecycle.
- Data governance
- A subset of information governance focused specifically on the management, quality, and integrity of the organization's data.
- Data integrity
- The accuracy, completeness, consistency, and reliability of data throughout its lifecycle — data is unchanged from source and fit for its purpose.
- Data dictionary
- A documented set of standard definitions for every data element — name, format, allowable values, and meaning — that enforces consistency across systems.
- Data standardization
- Applying uniform definitions, formats, and value sets (a data dictionary) so the same element means the same thing everywhere it is collected or reported.
- Master Patient Index (MPI)
- The permanent database that links every medical record number a patient has across an organization to one unique enterprise identifier.
- Enterprise Master Patient Index (EMPI)
- An MPI that links a patient's identifiers across multiple facilities or systems within a health system or HIE.
- AHIMA IG Adoption Model (IGAM)
- AHIMA's maturity model describing how an organization advances information governance across competency areas over staged levels.
- Information lifecycle
- The stages information passes through — creation/capture, use, storage/maintenance, archival, and destruction — each governed by IG policy.
- Data quality (AHIMA DQM)
- AHIMA's data-quality model: data should be accurate, complete, consistent, timely, relevant, and accessible (among other characteristics).
- Data steward
- A person accountable for the quality, definition, and appropriate use of a specific set of data elements under the IG framework.
- Structured data
- Data captured in discrete, defined fields (e.g., coded values, lab results) that can be queried and analyzed directly.
- Unstructured data
- Free-text or narrative data (e.g., dictated notes) that is not in defined fields and is harder to query without processing.
- Metadata
- Data about data — descriptive details (author, date, source, format) that give context and support retrieval, audit, and governance.
- Health record content
- The clinical and administrative documentation an organization must capture and maintain, governed by regulatory, accreditation, and organizational policy.
- Legal health record (LHR)
- The formally defined subset of records an organization will disclose as its official business record in response to a legal request.
- Designated record set (DRS)
- Under HIPAA, the records a covered entity uses to make decisions about an individual — what a patient has a right to access and amend.
- Data mapping
- Linking data elements from one system or code set to another (e.g., a crosswalk) so information moves accurately between systems.
- Data governance committee
- A cross-functional body that sets data policies, resolves data-definition conflicts, and oversees data quality enterprise-wide.
- Quality reporting data
- Required clinical data elements abstracted and submitted for quality programs and to facility committees and payers.
- Data normalization
- Mapping local terms and values to a common standard or terminology so data from different sources can be aggregated and compared.
- Single source of truth
- The principle that one authoritative, governed copy of a data element exists, so reports and decisions rely on consistent data.
- Information governance vs records management
- Records management handles documents/retention; IG is the broader strategic framework governing all information, including data and analytics.
- Data dictionary standardization policy
- An organizational policy requiring all systems to use approved element definitions and value sets to prevent inconsistent or duplicate data.
- Health Information Management (HIM)
- The discipline of acquiring, analyzing, protecting, and governing digital and traditional health information to support quality care and operations.
- Charge description master (CDM) — IG view
- A governed master file of billable items, codes, and prices; its integrity is an information-governance and revenue concern.
- Trustworthy data
- Data that stakeholders can rely on for decisions because its quality and integrity are governed, documented, and auditable.
- Policy and procedure (P&P)
- A documented organizational rule (policy) and the step-by-step method to carry it out (procedure) — the backbone of IG and compliance.
- Data analysis to inform management
- Using governed, quality data to produce insights that guide operational and strategic management decisions.
- Forms/template control
- Governing the design and approval of documentation forms and EHR templates so captured data is complete, consistent, and compliant.
- Information asset
- Any body of information (a database, record set, report) the organization manages and protects for its value.
- Data definition
- The documented, agreed meaning and allowable values of a data element, recorded in the data dictionary.
- Authorship/attribution
- Documentation must identify who created each entry; governance ensures every entry is attributable and signed.
- Amendment vs correction
- An amendment adds new information; a correction fixes an error — both must preserve the original entry (no deletion).
- Version control
- Tracking changes to documents, forms, and policies so the current authoritative version is always identifiable.
- Data ownership vs stewardship
- Ownership is organizational accountability for data; stewardship is the operational responsibility to maintain its quality.
- Information governance program office
- The function that coordinates IG strategy, policies, and metrics across departments.
- Record completeness
- Ensuring every required documentation element is present and authenticated before a record is considered complete.
- Deficiency analysis
- Reviewing records to identify missing or unauthenticated documentation (e.g., unsigned reports) for provider completion.
- Forms committee
- A governance body that approves the design and data elements of paper forms and EHR templates.
- Data classification
- Categorizing data by sensitivity (e.g., public, internal, confidential, PHI) to apply appropriate controls.
- Data lineage
- Documentation of where data originated and how it moved/transformed across systems — supports trust and audit.
- Information governance metrics
- Measures (data-quality rates, duplicate rates, policy adoption) that show IG program maturity and value.
- HIPAA
- The Health Insurance Portability and Accountability Act — federal law setting national standards to protect health information (Privacy, Security, and Breach Notification Rules).
- Protected Health Information (PHI)
- Individually identifiable health information held or transmitted by a covered entity or business associate, in any form.
- HIPAA Privacy Rule
- Sets national standards for how PHI may be used and disclosed and gives patients rights over their information.
- HIPAA Security Rule
- Requires administrative, physical, and technical safeguards to protect electronic PHI (ePHI).
- Breach Notification Rule
- Requires covered entities to notify affected individuals, HHS, and sometimes the media when unsecured PHI is breached.
- Minimum necessary
- The HIPAA principle of using, disclosing, or requesting only the least PHI needed to accomplish the intended purpose.
- Covered entity
- Under HIPAA, a health plan, health-care clearinghouse, or provider that transmits health information electronically.
- Business associate
- A person or entity that performs functions involving PHI on behalf of a covered entity; bound by a business associate agreement (BAA).
- TPO (treatment, payment, operations)
- The three purposes for which a covered entity may use or disclose PHI without patient authorization.
- Patient right of access
- A patient's HIPAA right to inspect and obtain a copy of their PHI in a designated record set, generally within 30 days.
- Right to amend
- A patient's HIPAA right to request correction of inaccurate or incomplete PHI in their designated record set.
- Accounting of disclosures
- A patient's HIPAA right to receive a list of certain disclosures of their PHI made by the covered entity.
- Authorization
- A patient's signed permission required to use or disclose PHI for purposes other than treatment, payment, or operations.
- Release of information (ROI)
- The HIM process of validating, fulfilling, and tracking requests for copies of a patient's health information.
- Valid authorization elements
- A HIPAA authorization must specify the information, who may disclose and receive it, the purpose, an expiration, and the patient's signature/date.
- Notice of Privacy Practices (NPP)
- The document a covered entity must give patients describing how their PHI may be used and disclosed and their rights.
- Record retention
- The period an organization must keep records, set by the strictest of state law, federal rule, accreditation, and policy.
- Record destruction
- Disposing of records past retention using a method that renders PHI unreadable/unrecoverable, with a destruction log.
- Retention schedule
- A policy specifying how long each record type is kept and how it is destroyed when retention ends.
- Breach (HIPAA)
- An impermissible use or disclosure of unsecured PHI that compromises its security or privacy, unless a risk assessment shows low probability of compromise.
- Four-factor risk assessment
- The breach analysis of: nature/extent of PHI, who received it, whether PHI was actually acquired/viewed, and the extent of risk mitigation.
- Breach notification timeline
- Individuals must be notified without unreasonable delay and no later than 60 days from discovery of a breach.
- Subpoena vs court order
- A court order compels disclosure of PHI; a subpoena generally requires additional assurances (e.g., notice or a qualified protective order) before disclosure.
- Psychotherapy notes
- Separately kept notes that receive heightened HIPAA protection and generally require specific authorization to disclose.
- 42 CFR Part 2
- Federal rule giving stricter confidentiality protection to substance-use disorder treatment records than HIPAA alone.
- State preemption
- Where state privacy law is more stringent than HIPAA, the state law controls (HIPAA is a federal floor, not a ceiling).
- Privacy Officer
- The individual a covered entity must designate to develop and implement privacy policies and handle complaints.
- Security Officer
- The individual responsible for developing and implementing the organization's ePHI security policies under the Security Rule.
- Administrative safeguards
- Security Rule policies and procedures — risk analysis, workforce training, access management — that manage ePHI protection.
- Physical safeguards
- Security Rule controls protecting facilities and devices — facility access, workstation use, and device/media controls.
- Technical safeguards
- Security Rule technology controls — access control, audit controls, integrity, and transmission security for ePHI.
- Access control (security)
- Granting ePHI access by role and need-to-know via unique user IDs, authentication, and authorization.
- Role-based access control (RBAC)
- Assigning system permissions based on a user's job role so each user sees only the PHI their role requires.
- Audit controls / audit trail
- Hardware, software, and procedures that record and examine activity in systems containing ePHI.
- Risk analysis (Security Rule)
- The required, ongoing assessment of risks and vulnerabilities to ePHI confidentiality, integrity, and availability.
- Encryption
- Converting ePHI into unreadable form; encrypted data that is breached is 'secured' and may not trigger breach notification.
- HITECH Act
- The law that strengthened HIPAA enforcement, added breach notification, increased penalties, and extended rules to business associates.
- Privacy initiative monitoring
- Ongoing auditing of PHI access and ROI workflows to ensure the organization complies with privacy policies and law.
- Patient advocacy in ROI
- Helping patients and families understand and exercise their rights to obtain their health information appropriately.
- De-identification
- Removing identifiers from PHI (Safe Harbor's 18 identifiers or expert determination) so it is no longer protected under HIPAA.
- Consent vs authorization
- Consent is general permission to use PHI for TPO; authorization is specific written permission for other uses/disclosures.
- Accreditation standards (privacy)
- Joint Commission and similar bodies impose documentation and confidentiality standards beyond regulation that HIM must monitor.
- Confidentiality, integrity, availability (CIA)
- The three security objectives the Security Rule protects for ePHI.
- Workforce clearance/termination
- Administrative safeguards ensuring access is appropriate at hire and revoked promptly at termination.
- Contingency plan (Security Rule)
- Required data backup, disaster recovery, and emergency-mode operation plans to keep ePHI available.
- Sanction policy
- A required policy applying consequences to workforce members who violate security policies.
- Information access management
- Policies that authorize access to ePHI based on role and need, a required administrative safeguard.
- Transmission security
- Technical safeguards (e.g., encryption) protecting ePHI as it travels over a network.
- Integrity controls
- Measures ensuring ePHI is not improperly altered or destroyed.
- Two-factor authentication
- Verifying identity with two independent factors (something you know/have/are) to strengthen access control.
- Audit log review
- Routinely examining system access logs to detect inappropriate PHI access (snooping).
- Snooping
- Accessing PHI without a legitimate business need — a privacy violation even if no data leaves the organization.
- Mitigation
- Steps a covered entity takes to lessen harm after an impermissible use or disclosure of PHI.
- Substitute notice
- Public/media breach notice used when a breach affects 500+ residents of a state or contact information is insufficient.
- HHS Office for Civil Rights (OCR)
- The agency that enforces the HIPAA Privacy, Security, and Breach Notification Rules and investigates complaints.
- Civil monetary penalties (HIPAA)
- Tiered fines for HIPAA violations based on culpability, up to an annual maximum per provision.
- Business associate agreement (BAA)
- The contract that binds a business associate to safeguard PHI and comply with applicable HIPAA rules.
- Marketing/sale of PHI
- Uses generally requiring specific authorization, with HITECH restrictions on remuneration for PHI.
- Incidental disclosure
- A permitted secondary disclosure that cannot reasonably be prevented when reasonable safeguards are in place.
- Verification of identity
- HIPAA requires verifying the identity and authority of a person requesting PHI before disclosure.
- Restriction request
- A patient's right to request limits on uses/disclosures; must be honored for out-of-pocket-paid services to a health plan.
- Court-ordered disclosure
- PHI may be disclosed as expressly authorized by a court order without patient authorization.
- Health informatics
- The interdisciplinary use of information technology and data to acquire, store, analyze, and present health data for better care and decisions.
- Healthcare statistics
- Quantitative measures (census, rates, length of stay) computed from health data to describe and monitor organizational performance.
- Length of stay (LOS)
- The number of days between a patient's admission and discharge; average LOS (ALOS) is total discharge days divided by discharges.
- Census
- The number of inpatients present in a facility at a point in time, used to compute occupancy and staffing measures.
- Average daily census
- Total inpatient service days for a period divided by the number of days in the period.
- Occupancy rate
- The percentage of available beds occupied — inpatient service days divided by available bed days, times 100.
- Mortality rate
- The proportion of inpatient deaths to discharges (including deaths) in a period, often expressed as a percentage.
- Morbidity
- The rate or incidence of disease within a defined population.
- Incidence rate
- The number of NEW cases of a condition in a population over a period.
- Prevalence rate
- The number of EXISTING cases (new and old) of a condition in a population at a point in time.
- Mean, median, mode
- Measures of central tendency: mean is the average, median is the middle value, mode is the most frequent value.
- Data mining
- Using database and statistical techniques to discover patterns, trends, and relationships in large data sets.
- Master patient index integrity
- Maintaining one accurate enterprise identifier per patient by preventing and resolving duplicates, overlays, and overlaps.
- Duplicate (MPI)
- Two or more records/identifiers created for the SAME patient — must be merged to preserve a single record.
- Overlay (MPI)
- One patient's information recorded under ANOTHER patient's identifier — a serious patient-safety error to resolve immediately.
- Overlap (MPI)
- The same patient has different enterprise identifiers across facilities in a system — reconciled in an EMPI.
- Data visualization
- Presenting data graphically (charts, dashboards) so trends and outliers are clear for decision-making.
- Dashboard
- A visual display of key performance indicators and metrics, updated for managers to monitor performance at a glance.
- Bar chart
- A graph using bars to compare values across discrete categories.
- Line graph
- A graph showing how a value changes over time — ideal for trends.
- Histogram
- A graph showing the frequency distribution of a continuous variable using adjacent bars.
- Pie chart
- A circular graph showing parts of a whole as proportional slices.
- Scatter plot
- A graph plotting two variables as points to reveal correlation or relationship.
- Key performance indicator (KPI)
- A quantifiable measure used to evaluate success against an objective (e.g., coding accuracy, DNFB days).
- Database management system (DBMS)
- Software (e.g., relational) for creating, querying, and maintaining structured data.
- Relational database
- Data organized into tables (relations) of rows and columns, linked by keys, and queried with SQL.
- Primary key
- A field (or set) that uniquely identifies each row in a database table.
- Foreign key
- A field in one table that references the primary key of another, linking related data.
- Structured Query Language (SQL)
- The standard language for querying and manipulating data in a relational database.
- Electronic Health Record (EHR)
- A longitudinal digital record of a patient's health information shared across providers and settings.
- EHR end-user support
- Helping clinicians and staff use EHR applications correctly — training, troubleshooting, and optimization.
- Health Information Exchange (HIE)
- The electronic sharing of health information among organizations to improve coordination of care.
- Interoperability
- The ability of different information systems and devices to exchange and use data — often via HL7 or FHIR standards.
- HL7
- Health Level Seven — a family of standards for exchanging clinical and administrative health data between systems.
- FHIR
- Fast Healthcare Interoperability Resources — a modern HL7 standard using web technologies for exchanging health data.
- Clinical decision support (CDS)
- EHR tools (alerts, reminders, order sets) that give clinicians knowledge and patient-specific information at the point of care.
- Audit (focused tool)
- Using a targeted tool/checklist to review documentation for CDI, quality, or safety against criteria.
- Productivity report
- A report measuring staff or department output (e.g., charts coded per hour) used to manage performance.
- Trend analysis
- Examining data over time to identify direction and patterns that inform summary reports for leadership.
- Data warehouse
- A central repository of integrated data from multiple sources, optimized for reporting and analysis.
- Healthcare statistics validation
- Verifying that computed statistics are accurate and correctly defined before reporting them to stakeholders.
- Population health analytics
- Analyzing data across groups of patients to improve outcomes and manage cost for a defined population.
- Registry
- An organized system that collects standardized data on a defined population (e.g., a cancer or trauma registry).
- Data abstraction
- Identifying and recording the specific data elements required for a report, registry, or quality measure from the record.
- Bed turnover rate
- The number of times each bed changes occupants in a period — discharges divided by available beds.
- Autopsy rate
- The proportion of deaths that are autopsied; the gross rate uses all inpatient deaths as the denominator.
- Nosocomial infection rate
- The rate of hospital-acquired infections among patients in a period.
- Standard deviation
- A measure of how spread out values are around the mean.
- Rate
- A measure of how often an event occurs relative to a population at risk, usually times a constant (e.g., per 1,000).
- Ratio vs proportion
- A ratio compares two quantities (a:b); a proportion is a ratio where the numerator is part of the denominator.
- Aggregate data
- Data combined across individuals to describe a group, with no patient identified.
- Patient-identifiable data
- Data that can be traced to a specific patient — protected and access-controlled.
- Primary data source
- The health record itself — data collected during direct patient care.
- Secondary data source
- Data derived from the record for other uses — registries, indexes, and databases.
- Disease index
- A secondary record listing diseases (by code) treated in a facility, used for studies and reporting.
- Operation/procedure index
- A secondary record listing procedures performed, organized by code.
- Data accuracy vs precision
- Accuracy is closeness to the true value; precision is consistency/reproducibility of the measurement.
- Optical character recognition (OCR scanning)
- Technology converting scanned text images into machine-readable data for the EHR.
- Natural language processing (NLP)
- AI that interprets free-text clinical narrative to extract or suggest structured data and codes.
- System implementation lifecycle
- Stages of deploying an information system — planning, analysis, design, implementation, and maintenance.
- Go-live support
- Concentrated end-user assistance during and immediately after a new system's launch.
- Data validation
- Checking data against rules (range, format, consistency) at entry to prevent errors.
- Benchmarking
- Comparing performance metrics against internal targets or external best-in-class organizations.
- Run chart
- A line graph of a metric over time used to detect shifts and trends in process improvement.
- Control chart
- A run chart with statistical control limits used to distinguish normal variation from special-cause variation.
- Report dashboard validation
- Confirming a dashboard's underlying data and calculations are correct before stakeholders rely on it.
- Revenue cycle
- All clinical and administrative functions that capture, manage, and collect patient-service revenue — from scheduling to final payment.
- Revenue cycle management (RCM)
- Overseeing the revenue cycle to maximize appropriate, compliant reimbursement and minimize denials and lost revenue.
- Front-end revenue cycle
- Patient-access functions before/at the encounter — scheduling, registration, insurance verification, and prior authorization.
- Middle revenue cycle
- Functions during care — charge capture, coding, CDI, and documentation — that translate services into billable data.
- Back-end revenue cycle
- Functions after care — claims submission, payment posting, denials management, and collections.
- Clinical documentation improvement (CDI)
- A program that improves the accuracy and completeness of clinical documentation so it supports correct codes and reflects severity.
- Provider query
- A compliant, non-leading question to a provider to clarify ambiguous, incomplete, or conflicting documentation before coding.
- Coding accuracy validation
- Auditing assigned codes against documentation and official guidelines to confirm they are correct and complete.
- Diagnosis-Related Group (DRG)
- An inpatient classification that pays a fixed amount per admission based on diagnoses and procedures (MS-DRG under Medicare).
- Ambulatory Payment Classification (APC)
- The outpatient hospital payment unit under Medicare's Outpatient Prospective Payment System.
- Case mix index (CMI)
- The average DRG relative weight for a facility's patients — a measure of clinical complexity that drives reimbursement.
- Prospective payment system (PPS)
- A method paying a predetermined amount per case/service (e.g., IPPS, OPPS) rather than per actual cost.
- Fee-for-service
- Reimbursement that pays separately for each service provided, rewarding volume.
- Value-based care
- Reimbursement tied to quality and outcomes rather than volume, shifting financial risk toward providers.
- Value-based purchasing (VBP)
- A CMS program adjusting hospital payment up or down based on quality and outcome measures.
- Bundled payment
- A single payment covering all services for an episode of care, encouraging coordination and efficiency.
- Accountable care organization (ACO)
- A group of providers jointly accountable for the cost and quality of care for a population, sharing savings or risk.
- Claim
- The billing record submitted to a payer (e.g., UB-04 for facilities, CMS-1500 for professionals) requesting reimbursement.
- Claims management
- Verifying, submitting, tracking, and reconciling claims to ensure timely, accurate payment.
- Denial management
- Analyzing, appealing, and preventing payer denials to recover and protect revenue.
- Clean claim
- A claim with no errors that can be processed and paid without additional information.
- Charge capture
- Recording all billable services and supplies provided so they appear on the claim.
- Charge description master (CDM/chargemaster)
- The master file of all billable items, their codes, descriptions, and prices used to generate charges.
- Revenue integrity
- Ensuring charges and coding are accurate, compliant, and complete so reimbursement is correct and defensible.
- Discharged not final billed (DNFB)
- Accounts discharged but not yet billed — a key revenue-cycle metric where high values signal bottlenecks (often coding).
- Accounts receivable (A/R) days
- The average number of days to collect payment after billing — a core revenue-cycle performance metric.
- Healthcare fraud
- Knowingly submitting false claims or misrepresenting services to obtain payment — illegal under the False Claims Act.
- Abuse (healthcare)
- Practices inconsistent with sound fiscal or medical practice causing unnecessary cost — improper but not necessarily intentional.
- Upcoding
- Assigning codes for more severe or expensive conditions/services than documented — a fraud and compliance risk.
- Unbundling
- Billing components of a service separately to obtain higher payment when a single combined code applies.
- False Claims Act
- Federal law imposing liability for knowingly submitting false or fraudulent claims to the government.
- National Correct Coding Initiative (NCCI)
- CMS edits that prevent improper code pairs and unbundling to promote correct coding.
- Recovery Audit Contractor (RAC)
- A CMS contractor that audits claims to identify and recover improper Medicare payments.
- Medical necessity
- The requirement that a service be reasonable and necessary; diagnosis codes must support the procedure billed.
- Local/National Coverage Determination (LCD/NCD)
- Medicare policies defining what is covered and when, used to demonstrate medical necessity.
- Hierarchical Condition Categories (HCC)
- A risk-adjustment model grouping diagnoses to predict cost and set capitated/value-based payment.
- Hard-coding vs soft-coding
- Hard-coding assigns charges automatically via the CDM; soft-coding is HIM coders assigning codes from documentation.
- Remittance advice (RA)
- The payer's explanation of how a claim was adjudicated — paid, adjusted, or denied — used to post payments.
- Explanation of benefits (EOB)
- The statement sent to the patient describing what the payer covered and what the patient owes.
- Revenue cycle audit
- A review of revenue-cycle data and processes to find compliance gaps, errors, and improvement opportunities.
- Patient access services
- Front-end functions (scheduling, registration, eligibility) that set up accurate billing and reduce denials.
- Prior authorization
- Payer approval obtained before a service to confirm coverage and prevent denial.
- Eligibility verification
- Confirming a patient's insurance coverage and benefits before service.
- Coordination of benefits (COB)
- Rules determining which payer is primary when a patient has more than one insurance.
- UB-04 (CMS-1450)
- The standard institutional/facility claim form.
- CMS-1500
- The standard professional/physician claim form.
- Present on admission (POA) indicator
- A value reported with each inpatient diagnosis showing whether it was present at admission; drives HAC payment.
- Hospital-acquired condition (HAC)
- A reasonably preventable condition not present on admission that can reduce Medicare payment.
- MS-DRG
- Medicare Severity DRG — the inpatient payment group reflecting diagnoses, procedures, and severity (CC/MCC).
- Complication/comorbidity (CC/MCC)
- Secondary conditions that raise the DRG tier; an MCC raises it more than a CC.
- Charge capture reconciliation
- Comparing services documented to charges posted to ensure all billable activity is captured.
- Late charge
- A charge posted after the claim has dropped, which can require rebilling and delay payment.
- Write-off/adjustment
- A reduction of the billed amount (contractual or bad debt) recorded on the account.
- Contractual allowance
- The difference between the charge and the payer's contracted (allowed) amount, written off.
- Days in A/R
- A revenue-cycle metric of average time to collect; lower is better cash flow.
- First-pass resolution rate
- The percentage of claims paid on first submission without rework — a clean-claim efficiency measure.
- Denial rate
- The percentage of claims denied by payers; a key RCM performance and compliance metric.
- Appeal
- A formal request to a payer to reconsider a denied or underpaid claim, supported by documentation.
- Compliance audit (coding)
- A scheduled review verifying coding meets official guidelines and payer rules to prevent fraud/abuse.
- OIG Work Plan
- The HHS Office of Inspector General's annual list of audit and enforcement priorities organizations monitor.
- Anti-Kickback Statute
- Federal law prohibiting paying for referrals of services reimbursed by federal health programs.
- Stark Law
- Federal law restricting physician self-referral for certain designated health services.
- Revenue cycle KPI dashboard
- A dashboard of metrics (DNFB, A/R days, denial rate, CMI) used to manage revenue-cycle performance.
- Outpatient code editor (OCE)
- Medicare edits applied to outpatient claims to check coding and coverage before payment.
- Strategic planning
- Defining an organization's long-term direction and allocating resources to achieve its mission, vision, and goals.
- Mission statement
- A concise statement of an organization's core purpose and what it does.
- Vision statement
- A statement describing what an organization aspires to become in the future.
- SWOT analysis
- A planning tool assessing internal Strengths and Weaknesses and external Opportunities and Threats.
- Goal vs objective
- A goal is a broad desired outcome; an objective is a specific, measurable, time-bound step toward it.
- Strategic vs operational planning
- Strategic planning sets long-term direction; operational planning manages day-to-day execution to support it.
- Change management
- A structured approach to transitioning people and the organization from a current to a desired future state.
- Human resource management (HRM)
- Recruiting, developing, evaluating, and retaining staff and managing personnel issues within legal requirements.
- Job description
- A document defining a position's duties, responsibilities, required qualifications, and reporting relationships.
- Job specification
- The qualifications, skills, and experience a person needs to perform a particular job.
- Recruitment
- The process of attracting and identifying qualified candidates to fill positions.
- Onboarding/orientation
- Integrating and training new employees so they become productive and understand policy and culture.
- Performance appraisal
- A periodic, structured evaluation of an employee's job performance against expectations.
- Progressive discipline
- A graduated approach to addressing performance/conduct problems — verbal warning, written warning, suspension, termination.
- Productivity standard
- A defined expected level of output (e.g., charts coded per hour) used to set and measure performance.
- Staffing/scheduling
- Determining the number and mix of staff needed to meet workload while controlling labor cost.
- Span of control
- The number of subordinates a manager directly supervises.
- Organizational chart
- A diagram of an organization's structure, reporting relationships, and chain of command.
- Process improvement
- Systematically analyzing and redesigning workflows to increase quality, efficiency, or value.
- Performance improvement (PI)
- Ongoing measurement and improvement of organizational processes and outcomes (e.g., PDSA cycles).
- PDSA cycle
- Plan-Do-Study-Act — an iterative method for testing and implementing a process change on a small scale first.
- Lean
- A methodology that improves processes by eliminating waste and maximizing value to the customer.
- Six Sigma
- A data-driven methodology (DMAIC) that reduces process variation and defects.
- DMAIC
- Six Sigma's improvement steps: Define, Measure, Analyze, Improve, Control.
- Workflow/work design
- Arranging tasks, people, and tools so work flows efficiently and accurately.
- Project management
- Planning, executing, and closing a defined effort within scope, time, and budget constraints.
- Gantt chart
- A bar chart that schedules project tasks against time to track progress and dependencies.
- Budget
- A financial plan estimating revenue and expenses for a period; HIM managers help prepare and monitor it.
- Operating budget
- A budget for day-to-day revenue and expenses (salaries, supplies) over a fiscal year.
- Capital budget
- A budget for major, long-term asset purchases (e.g., a new EHR module or scanners).
- Variance analysis
- Comparing budgeted to actual amounts and explaining the differences to control finances.
- Return on investment (ROI)
- A measure of a project's financial benefit relative to its cost.
- Cost-benefit analysis
- Comparing the expected costs and benefits of an option to support a decision.
- Full-time equivalent (FTE)
- A unit expressing staffing as the hours of one full-time employee (e.g., two half-time staff = 1.0 FTE).
- Accreditation
- Voluntary review by an external body (e.g., The Joint Commission) confirming an organization meets quality standards.
- The Joint Commission
- A major accrediting body whose standards address documentation, safety, and information management.
- Licensure
- Government permission required for a facility or individual to operate or practice.
- Certification
- Recognition by a body that a person or program meets defined standards (e.g., CMS Conditions of Participation).
- Compliance program
- An organized system of policies, training, auditing, and reporting to prevent and detect violations of law and policy.
- Contract management
- Negotiating, monitoring, and renewing agreements with vendors and outsourced services (e.g., ROI, coding).
- Vendor/outsourcing oversight
- Managing third-party performance, service levels, and PHI safeguards (via a BAA) for outsourced functions.
- Training and development
- Building staff skills and competencies through structured education to improve performance and support change.
- Leadership vs management
- Leadership sets vision and motivates change; management plans, organizes, and controls day-to-day operations.
- Conflict resolution
- Techniques for addressing and resolving interpersonal or interdepartmental disputes constructively.
- Balanced scorecard
- A strategic tool measuring performance across financial, customer, internal-process, and learning perspectives.
- Key result area
- A category of outcomes critical to organizational success, tracked with objectives and KPIs.
- Delegation
- Assigning authority and responsibility for a task to a subordinate while retaining accountability.
- Motivation theory
- Frameworks (e.g., Maslow, Herzberg) explaining what drives employee performance and engagement.
- Team building
- Activities and leadership that develop a cohesive, high-performing work group.
- Productivity monitoring
- Measuring output against standards to manage staffing and identify training needs.
- Position control
- Managing the authorized number and type of positions and FTEs within budget.
- Competency assessment
- Verifying staff have the knowledge and skills required for their role, often at hire and periodically.
- Succession planning
- Identifying and developing employees to fill key roles in the future.
- Telecommuting/remote coding policy
- Policies governing remote HIM work, including PHI safeguards and productivity standards.
- Labor cost/budget
- Salaries and benefits — typically the largest HIM operating expense to plan and control.
- Cost center
- A department to which costs are assigned for budgeting and accountability.
- Fixed vs variable cost
- Fixed costs stay constant with volume (rent); variable costs change with volume (supplies).
- Productivity vs quality balance
- Managing output standards without sacrificing accuracy/quality (e.g., coding error rate).
- Root cause analysis (RCA)
- A structured method to identify the underlying cause of a problem or adverse event.
- Failure mode and effects analysis (FMEA)
- A proactive method identifying potential process failures and their effects before they occur.
- Workflow redesign
- Reengineering how work is done to remove non-value steps and improve efficiency and accuracy.
- Project scope
- The defined boundaries of a project — what is and is not included — guarding against scope creep.
- Milestone
- A significant checkpoint or deliverable date in a project schedule.
- Stakeholder
- Any person or group with an interest in or affected by a project or decision.
- Conditions of Participation (CoP)
- CMS requirements a facility must meet to participate in Medicare/Medicaid.
- Policy development
- Creating organizational rules that align operations with law, accreditation, and strategic goals.
- Standard operating procedure (SOP)
- A documented routine method for performing a recurring task consistently.
- Capital request justification
- A business case (cost-benefit, ROI) supporting a major asset purchase in the capital budget.