44 terms defined

Healthcare Glossary

Every term you need to know about patient engagement, scheduling, intake, payments, reviews, compliance, and practice automation.

AI (2)Communications (3)Compliance (10)Forms (11)Healthcare (10)Payments (3)Scheduling (5)

A B C D E F H I M N O P Q R S V W

AI Form Builder: A tool that generates complete intake forms from a plain-language description. Describe your form in a sentence and AI produces the fields, pages, conditional logic, and consent sections automatically. Useful for practices that need to launch new forms quickly without manual configuration.
Appointment Reminder: An automated SMS or email sent to a patient before their scheduled appointment, typically 24 or 48 hours in advance. Reminders reduce no-show rates by keeping the appointment top of mind and giving patients a chance to confirm or reschedule. Most platforms allow customizable timing and message templates.
Audit Trail: A chronological record of all actions performed on patient data: who accessed it, what they did, when, and from where. HIPAA requires covered entities to maintain audit trails for all systems containing PHI. In Formisoft, every view, create, update, delete, and export event is automatically logged.
Availability Calendar: A provider's schedule showing open time slots that patients can book. Availability is configured per provider with working hours, break times, and blocked dates. When a patient books online, the calendar updates in real time to prevent double-booking.
BAA (Business Associate Agreement): A legally binding contract between a HIPAA covered entity (like a healthcare provider) and a business associate (like a software vendor) that establishes permitted uses and disclosures of protected health information (PHI). A BAA is required before any vendor can handle PHI on behalf of a covered entity.
Conditional Logic: Rules that dynamically show, hide, or modify form fields based on a patient's previous answers. For example, if a patient selects "Yes" for "Do you take medications?", a follow-up field for medication details appears automatically. Conditional logic reduces form length for patients while capturing complete data when needed.
Copay Collection: The process of collecting a patient's insurance copayment before or during their visit. Digital copay collection embeds a payment field directly in the intake form so patients pay online before they arrive. This eliminates front-desk payment processing and reduces outstanding balances.
Covered Entity: Under HIPAA, a health plan, healthcare clearinghouse, or healthcare provider that transmits health information electronically. Covered entities must comply with all HIPAA regulations including the Privacy Rule, Security Rule, and Breach Notification Rule. Most healthcare practices using digital intake forms are covered entities.
Draft Auto-Save: A feature that automatically saves a patient's form progress at regular intervals without requiring manual action. If a patient closes their browser, loses connectivity, or needs to take a break, they can resume exactly where they left off. Especially important for lengthy intake forms completed on mobile devices.
E-Signature: An electronic signature captured on a digital form, legally equivalent to a handwritten signature for most healthcare purposes. Used for consent agreements, treatment authorizations, HIPAA acknowledgments, and financial responsibility forms. Typically captured with timestamp, IP address, and device metadata for legal validity.
EHR / EMR: Electronic Health Record (EHR) and Electronic Medical Record (EMR) are digital versions of a patient's medical chart. An EMR is typically used within a single practice, while an EHR is designed to be shared across organizations. Patient engagement platforms integrate with EHR/EMR systems via webhooks, API, and FHIR to automatically route intake data into patient records.
Encryption (AES-256 / TLS 1.3): The process of converting data into a coded format that can only be read with the correct decryption key. AES-256 (Advanced Encryption Standard with 256-bit keys) is used for data at rest. TLS 1.3 (Transport Layer Security) encrypts data in transit between the patient's device and the server. Both are required for HIPAA compliance.
FHIR: Fast Healthcare Interoperability Resources, a modern standard for exchanging healthcare information electronically, maintained by HL7 International. FHIR uses RESTful APIs and common web formats (JSON, XML) to enable different healthcare systems to communicate. It is becoming the primary standard for healthcare data exchange in the US.
HIPAA: Health Insurance Portability and Accountability Act, a US federal law enacted in 1996 that establishes national standards for protecting sensitive patient health information. HIPAA includes the Privacy Rule (who can access PHI), the Security Rule (technical safeguards required), and the Breach Notification Rule (what to do if data is compromised). Any healthcare provider or vendor handling patient data must comply.
HL7: Health Level Seven International, a set of standards for the exchange, integration, sharing, and retrieval of electronic health information. HL7 v2 is the most widely adopted healthcare messaging standard. HL7 FHIR is the newest standard designed for modern web applications.
ICD-10: International Classification of Diseases, 10th Revision, a medical coding system maintained by the WHO and used worldwide to classify diseases, symptoms, injuries, and procedures. Contains over 70,000 codes. Used in intake forms for conditions checklists and medical history fields to standardize patient-reported data.
Intake Form: A form completed by patients before a healthcare visit to provide demographic information (name, address, phone), insurance details, medical history (conditions, medications, allergies), and consent signatures. Digital intake forms replace paper clipboards and enable pre-visit data collection via email or text message links.
Magic Link: A secure, single-use URL sent to a patient via email or SMS that allows them to access and complete their intake forms without creating an account or remembering a password. Magic links expire after a set period and can only be used once, maintaining security while eliminating friction for patients.
Minimum Necessary Standard: A HIPAA principle requiring that covered entities limit PHI access to the minimum amount necessary to accomplish the intended purpose. In practice, this means staff should only see the patient data they need for their role, not all patient records. Enforced through role-based access control and organization-scoped data.
Multi-Page Form: A form divided into multiple pages or sections (e.g., Demographics, Insurance, Medical History, Consent) for easier completion. Multi-page forms reduce cognitive load, show progress indicators, and allow patients to complete intake in manageable steps. Progress is saved automatically between pages.
No-Show: When a patient misses a scheduled appointment without canceling or rescheduling in advance. No-shows cost practices revenue and waste provider time. Automated reminders, pre-visit intake, and no-show follow-up workflows significantly reduce no-show rates by keeping patients engaged before their visit.
No-Show Follow-Up: An automated message sent to patients who missed their appointment, encouraging them to reschedule. Typically sent within hours of the missed visit via SMS or email. Follow-ups re-engage patients who forgot rather than letting them fall off the schedule entirely.
NPI: National Provider Identifier, a unique 10-digit identification number required for all healthcare providers in the United States. Assigned by CMS (Centers for Medicare & Medicaid Services), the NPI is used in all HIPAA-regulated transactions including electronic billing, referrals, and prescriptions.
Online Booking: A system that allows patients to schedule appointments directly from a practice's website or booking page without calling the office. Patients see real-time provider availability, select a time slot, and receive instant confirmation. Online booking reduces phone volume and lets patients schedule outside business hours.
Opt-Out: A patient's right to stop receiving automated messages (SMS or email) from a practice. Healthcare messaging platforms must honor opt-out requests immediately. Patients typically opt out by replying STOP to a text message. Practices are legally required to maintain opt-out lists and suppress future messages to those numbers.
Patient Engagement: The strategies and tools used to keep patients actively involved in their healthcare experience, from booking through follow-up. Includes appointment scheduling, pre-visit intake, reminders, post-visit review requests, and ongoing communication. Higher patient engagement correlates with better health outcomes, lower no-show rates, and stronger practice revenue.
Patient Journey: The complete sequence of touchpoints a patient experiences with a practice: discovering the practice, booking an appointment, receiving reminders, completing intake, arriving for the visit, paying, and leaving a review. Modern platforms automate each step so the journey feels seamless to the patient and effortless for the practice.
Patient Portal: A secure online platform where patients can access their health information, complete intake forms, view appointment history, and communicate with their healthcare provider. Can be branded to match the practice for a seamless patient experience.
Payment Link: A URL sent to a patient via SMS or email that directs them to a secure payment page to pay an outstanding balance, copay, or invoice. Payment links eliminate the need for in-office payment processing and allow patients to pay at their convenience from any device.
PHI (Protected Health Information): Any individually identifiable health information held or transmitted by a covered entity or its business associates, in any form (electronic, paper, or oral). PHI includes 18 specific identifiers such as names, dates, phone numbers, email addresses, Social Security numbers, and medical record numbers when connected to health data.
Pre-Fill: The ability to automatically populate form fields with known patient data from URL parameters, previous visits, or patient records. Pre-filling reduces redundant data entry. Returning patients do not have to re-enter their name, address, and insurance information every visit.
Pre-Visit Payment: Collecting payment from a patient before they arrive for their appointment, typically during the intake process. A payment field is embedded in the pre-visit form so patients submit their copay or balance alongside their medical information. This eliminates checkout lines and reduces accounts receivable.
QR Code (for Forms): A scannable code that links directly to a digital intake form or booking page. Healthcare practices place QR codes in waiting rooms, on appointment reminder cards, or on their website so patients can instantly open the form on their smartphone without typing a URL.
Rate Limiting: A security mechanism that restricts the number of form submissions or API requests from a single source within a time period. Prevents spam submissions, brute-force attacks, and abuse of public-facing intake forms.
Review Request: An automated message sent to patients after their visit asking them to rate their experience. The request typically includes a link to a short satisfaction survey. Based on the patient's rating, they are either directed to leave a public review (if happy) or provide private feedback (if unhappy).
Review Routing: A strategy that directs patients to different destinations based on their satisfaction rating. Patients who rate 4 or 5 stars are sent to the practice's Google Business Profile to leave a public review. Patients who rate 1 to 3 stars are sent to a private feedback form. This grows your public rating while capturing critical feedback internally.
Role-Based Access Control (RBAC): A security model where access to data and features is determined by the user's assigned role (admin, provider, staff) within an organization. Admins can manage all settings, providers see patient data for their patients, and staff have limited access. RBAC enforces the HIPAA Minimum Necessary Standard.
Scored Assessment: A form that automatically calculates a clinical score based on patient responses, such as PHQ-9 for depression screening or GAD-7 for anxiety. Scores are computed in real time and included in the submission for provider review, eliminating manual scoring.
SMS Consent (TCPA): The Telephone Consumer Protection Act (TCPA) requires businesses to obtain prior express consent before sending automated text messages to patients. Healthcare practices must document consent, honor opt-out requests, and avoid messaging patients who have not agreed to receive texts. Non-compliance can result in significant fines.
Submission: A completed form response submitted by a patient. Each submission contains the form data, metadata (device type, browser, completion duration, IP address), timestamps, and links to the associated patient and appointment records. Submissions are stored encrypted and accessible only to authorized staff.
Virtual Receptionist: An AI-powered system that answers incoming phone calls on behalf of a practice. The virtual receptionist can greet callers, answer common questions (hours, location, insurance accepted), schedule appointments, and route urgent calls to staff. It ensures every call is answered, even outside business hours or when the front desk is busy.
Webhook: An automated HTTP callback triggered by an event, such as a form submission or appointment confirmation. When the event occurs, data is instantly sent to an external system (EHR, CRM, Slack, etc.) without manual intervention or polling. Webhooks enable real-time integrations between healthcare tools.
White-Label: The ability to remove vendor branding and replace it with your practice's own logo, colors, and domain. White-labeling creates a seamless patient experience where intake forms, booking pages, and emails look and feel like an extension of your practice rather than a third-party tool.
Workflow Automation: Predefined sequences of actions triggered by events. For example, when a patient books an appointment, the system automatically sends a confirmation, schedules a reminder for 24 hours before, emails an intake link, and queues a post-visit review request. Workflows eliminate manual follow-up and ensure no patient falls through the cracks.

Ready to put these terms into practice?

Start your 14-day free trial. No credit card required.

Get started Browse templates

Missing a term? Let us know and we'll add it.