Glossary

You are sometimes confused about the used terminology and wonder about the meaning of some abbreviations and words? iIn this case, this glossary might be the right source to get yourself educated about some basic concepts that build the foundation for the teamplay digital health platform.

A

Affiliated teamplay user

A registered user with a teamplay account that has been connected to a respective institution.

Azure Kubernetes Service (AKS)

The fully managed Azure Kubernetes Service (AKS) makes deploying and managing containerized applications easy. It offers server-less Kubernetes, an integrated continuous integration and continuous delivery (CI/CD) experience, and enterprise-grade security and governance. Unite your development and operations teams on a single platform to rapidly build, deliver, and scale applications with confidence.

Anonymization

Anonymization is the alteration of personal data. Information concerning personal or material circumstances can´t be attributed to an identified or an identifiable natural person at all or the attribution would require a disproportionate amount of time, expense and effort.

API

An application programming interface (API) is a standardized interface between an application and a service that consists of software procedures and functions. Thus, APIs enable networking between different applications and services. With web APIs, a service is provided over the Intranet.
For example, APIs can be made available by a company to export parts of their data. As an API consumer, you can ask the API service to provide you with the data. If you are an authorized application, the API provider will send you a response with the requested data, for example, in JSON format.

API gateway

An API gateway is programming that is located in front of an application programming interface (API) and acts as a central entry point for a defined group of micro-services. Because a gateway processes protocol translations, this type of front-end programming is particularly useful when client applications that are built with micro-services use several different APIs.

API Management (APIM)

A way to create and manage API gateways for back-end services using products such as Azure API Management.

Application Programming Interface (API)

A set of functions and procedures allowing a program to access functions, features, or data of another program like an operating system, application, or another service.

Auth0

Auth0 is an organization, who manages Universal Identity Platform services. For the teamplay digital health platform, we strongly rely on Auth0 as the primarily identity provider (IdP) along with the OpenID Connect standard for our offered customer and patient-oriented applications and services.

Authentication

Authentication is a security process in the world of identity and access management (IAM). The authentication process confirms that users are who they say they are.

The teamplay digital health platform services follows a "claims-based authentication" approach by applying the OAuth 2.0 protocol along with the OpenID Connect standard. OpenID Connect allows clients to verify the identity of the end user based on the authentication performed through an authorization server as well as to obtain basic profile information about the end user in an interoperable and REST-like manner.

Authorization

Authorization is a security process in the world of identity and access management (IAM). Authorization gives users or machines permissions to access resources, for example through our APIs on the teamplay digital health platform.

B

n.a.

Currently no term defined.

C

Computerized Maintenance Management System (CMMS)

A CMMS is a software solution of a clinical institution that can be utilized by clinical institutions to manage their assets and medical equipment as well as all related processes. The software could be either developed by the clinical institutions themselves or by a by a third party and offered as a commercialized product to the clinical institution.

Cookie-based authentication

A cookie is a small piece of data stored on the user's computer by the web browser while browsing a website. Cookies are sent as http headers, but the browser handles them differently than the other headers.

To authenticate you as a valid user with the cookie-based authentication approach, you need to enter user name and password in the browser on a Login page for your application. After the server of the identity provider validated your entered user credentials, the server randomly generates a session ID, stores the session information in a database and sends it as part of a cookie via the http header to the browser. The browser stores the cookie in the file system of your computer. The content of the cookie is secret and other websites cannot read it.

The content of the local cookie file such as the session ID or the last page visited is managed by the authorization server. But the authorization server prefers to trust the data that is stored in its database.

The next time when you request another page, your browser will automatically send the content of the cookie back to the authorization server. The server checks if the session is still active and if the user is valid. This time, the user name and password are not required anymore in order to identify you.

But if you visit a new page after some time of inactivity, this server will recognize this period of inactivity and prompt you to enter your user name and password again as a security measure.
If you click the logout button, the server deletes the session from its database and will instruct your browser to also delete the cookie.

CUT environment

The so called "CUT" (customer use test) environment is intended for testing the upcoming release. With this environment, you can perform user acceptance tests together with your collaborating customers.

D

Data minimization

Less strict than anonymization, but still removing most of personally identifiable information and other critical information from data.

DICOM

DICOM® is the international standard to transmit, store, retrieve, print, process, and display medical imaging information.

E

End-to-end encryption

Encryption of transferred data with a secret key that is only known by the owner of the data.

F

Fast Healthcare Interoperability Resources (FHIR)

A standard describing data formats and elements (alias resources) and an application programming interface (API) for exchanging electronic health records (EHR). The standard was created by the Health Level Seven International (HL7) health-care standards organization.

G

Graphical user interface (GUI)

A visual interface to interact with a computer using items such as windows, icons, and menus, as used by most modern operating systems.

H

HIPAA & HITECH Acts

Health Insurance Portability and Accountability Act (HIPAA) & Health Information Technology for Economic and Clinical Health (HITECH) Act - US laws.

I

n. a.

currently no entries

J

JavaScript Object Notation (JSON)

A lightweight data-interchange format that is easy for humans to read and write. For machines, the format is easy to parse and generate.

JSON Web Token (JWT)

A JSON-based open standard (RFC 7519) for creating access tokens that assert some number of claims, for example, the identity of a user.

Tokens in general have a limited life time. A new token needs to be generated once it expires. A token can also grant access to only a subset of data a particular user entity has. Most of the time, tokens are sent using http headers and not cookies. The reason for that is that nowadays many interactions happen outside of browsers, for example from your application backend.

K

n. a.

currently no entries

L

n. a.

currently no entry

M

Malware Scan Service (MSS)

This platform service scans files from the network drive that are mapped to a virtual machine (VM) for malware. spyware, viruses, and worms. The service will detect if there is any harmful file.

N

n. a.

currently no entry

O

OAuth 2.0

OAuth is an open standard framework for authorization. It handles the authorization of applications, devices and servers with access tokens. The teamplay digital health platform relies on OAuth to support a secure delegated access without exposing credentials to all parties. OAuth also defines roles, flows, end points and of course tokens.

OpenID Connect

OpenID Connect (OIDC) is an identity layer built on top of the OAuth 2.0 framework. It allows your applications to verify the identity of the end user and to obtain basic user profile information. OIDC uses JSON web tokens (JWTs), which you can obtain by using our services.

P

Platform as a Service (PaaS)

A category of cloud computing services. The service allows partners of a platform - like you as a partner of our teamplay digital health platform - to develop, run and manage your own applications or even platforms. For our internal and external business partners. this universal platform reduces the complexity by building and maintaining an universal infrastructure that is associated when developing and launching monolithic applications or platforms.

Q

QIDO-RS

Query based on ID for DICOM objects (QIDO-RS): A REST-based interface from the DICOM standard.

R

Regular web application

A web application is application software that runs on a web server, unlike computer-based software programs that are run locally on the operating system (OS) of the device. Web applications are programmed using a client–server modeled structure. Users can access the front-end of a web application through their web browser. For regular web applications, single pages with user controls are sent to the browser via dedicated URLs. For major user interactions, the graphical user interface (GUI) is generated in the back-end and is sent on demand of the front-end back to the browser.

We distinguish between regular web applications that are programmed using a client–server modeled structure and a singe-page application where the user interaction is handled via Java script within a single page through the web browser.

A regular web application in the context of 0Auth 2.0, is a web application that communicates with the Siemens Healthineers identity provider from its application back-end. To apply the Siemens Healthineers authentication service by using single sign-on and integrating OIDC, you need to register your application and apply the regular authorization flow.

Web frameworks such as ASP.NET Core, Django, PHP, Python, Ruby on Rails, etc. are usually used for developing regular web applications.

Representational State Transfer (REST)

REST-compliant services allow requesting systems to access and manipulate textual representations of web resources using a uniform and predefined set of stateless operations.

S

SAS tokens

A shared access signature (SAS) provides secure delegated access to resources in your storage account without compromising the security of your data. With a SAS, you have granular control over how a client can access your data. You can control what resources the client may access, what permissions they have on those resources, and how long the SAS is valid, among other parameters. This signature is used by Azure Storage to authorize access to the storage resource.
SAS tokens grant specific, time-limited access to storage objects by signing an authorization statement using the storage account access key, which is controlled by account administrators. The SAS token is a string that you generate on the client side, for example by using one of the Azure Storage client libraries. The SAS token is not tracked by Azure Storage in any way. You can create an unlimited number of SAS tokens on the client side. After you create a SAS, you can distribute it to client applications that require access to resources in your storage account.

Single sign-on (SSO)

Single sign-on (SSO) occurs when a user logs on to your application and is then signed in to other applications of the teamplay digital health platform automatically. Thus, your user only needs to sign one time to be be signed in for all your applications and other applications of the teamplay digital health platform.

The Siemens Healthineers authentication service using single sign-on bases on Auth0 and allows application users to sign in with their single Healthineers ID and password to any of several related, yet independent, software systems.

Single-page application (SPA)

A single-page application is a web application or website that dynamically updates the displayed data on the current web page with new data from the web server, instead of loading entire new pages. The goal of the SPA approach is to achieve faster transitions that make the website feel more like a native app.

In a SPA, all necessary HTML, JavaScript, and CSS code is either retrieved by the browser with a single page load, or the appropriate resources are dynamically loaded and added to the page as necessary.

The page doesn´t reload at any point in the process, nor does it transfer control to another page, although the location hash or the HTML5 History API can be used to provide the perception and navigability of separate logical pages in the application.

Web frameworks such as Angular, Vue, JavaScript, React, etc. are usually used for developing SPAs.

T

teamplay

Collective name for all the software products and services offered as part of the teamplay family.

teamplay Base

A teamplay appliance that is installed on the customer infrastructure and is responsible for the receiving and uploading the data to teamplay cloud.

teamplay Data Storage

A service of the teamplay digital health platform that manages the central long-term storage for the connected applications.

teamplay deployment

Region-specific deployment of teamplay world-wide.

teamplay digital health platform

The teamplay digital health platform is an infrastructure in the cloud that is based on Microsoft Azure. The platform allows applications to securely process data within and outside a hospital's network.

teamplay Fleet

teamplay Fleet brings transparency to the imaging fleet of clinical institutions. With its built-in multi-vendor support, it grants instant access to fleet statistics. And more crucially, it empowers healthcare professionals to identify improvement potential on all levels of execution.
Imaging fleet management is an essential aspect of the teamplay digital health platform. Via the teamplay portal, teamplay Fleet offers an array of applications for both stakeholders and the professionals working directly with the imaging fleet itself.

teamplay Home

teamplay Home (alias teamplay Dashboard) is the name of the home page of the teamplay portal that you access after logging in. Form follows function with a clear focus on transparency and efficiency. Clean and tidy grids make interacting with your key metrics fast and convenient.

teamplay Images

teamplay Images is a core teamplay application. With teamplay Images, for example, you can share and discuss DICOM images in a secured environment.

teamplay Insights

A teamplay appliance to get deep insights, for example, in your clinical performance, workflows, resource utilization. teamplay Insights also assist you in achieving your individual performance targets.

teamplay portal

The teamplay portal represents a cloud-based network that is developed to help you get the most out of your imaging data in a minimum of time.
With its graphical user interface (GUI), it brings together healthcare professionals in order to advance medicine and human health as a team effort. Be it an institution, hospital chain, or integrated delivery network, transparency of performance is key to its success.
The teamplay portal offers you several core and partner applications such as teamplay Fleet, teamplay Dose and teamplay Images to clinical institutions world-wide.

From devices and protocols to participating team��members, teamplay provides precise starting points for enhancing efficiency, competitiveness, and quality of care. teamplay gives an easy-to-grasp overview of an institution’s imaging workflow.

teamplay Receiver

teamplay Receiver is a certified gateway between the local clinical institution and the teamplay digital health platform in the cloud. A software package is installed on devices in the customer infrastructure. The software manages receiving data at the institution and uploading it to the teamplay digital health platform.

Thus, teamplay Receiver aggregates health data from the connected medical devices.

teamplay User Notifications

The teamplay User Notifications APIs support the consuming applications in sending notifications to their app users. For example, by calling the teamplay User Notifications - Register and Send API, you can trigger notifications such as email messages from the back-end or front-end of your web application to your users.

Token-based authentication

With the help of a token, you can store information on the client or server side and sign it. Anyone holding the signature can quickly check if the signature was manipulated or not. One way to do this is to use JSON web tokens (JWT).

Traditionally, the cookie-based authentication approach has worked very well for years, but it is slowly becoming outdated. For the teamplay digital health platform, we use both approaches in combination, the token based and the cookie-based authentication. The authorization server sends first the cookie with the client ID to the client to increase the performance and later the server sends a teamplay user token.

Users provide their user name and password to the institution that stores and hosts your data. In case of the teamplay digital health platform this is the authorization server of Siemens Healthineers.

By logging in via the Siemens Healthineers Login page, your users grant your applications access to the data of the teamplay digital health platform according to their user permissions. Thus, your application is able to view and access the data as well as to additionally store data that has been processed by your application. For the teamplay digital health platform, we use protocols from OAuth along with OpenID Connect (OIDC), but also a JWT token in form of the teamplay user token.

There are various ways the teamplay user tokens can be deployed and used. The teamplay user token contains session information and actual information about the user - in this case the person that logged in to your application from the Siemens Healthineers Login page.

U

n.a.

currently no terms available

V

n.a.

currently no terms available

W

WADO-RS

Web Access of DICOM Objects (WADO-RS). A REST-based interface from the DICOM standard

Web API

A Web API is an application programming interface, which can be accessed using the HTTP protocol. It’s rather a concept than an actual technology and can be realized with different technology like Java, .NET, etc. Web APIs are often implemented as REST APIs that is a commonly used architectural style in software development to provide back-end APIs for interactive web application as well as for other web services.

Webhook

Webhook is a lightweight HTTP pattern with a simple publisher and subscription model for wiring together web APIs and SaaS services.
Webhooks are also known as web callbacks. If you have registered your application for web callbacks via our notification APIs, a service can send real-time information to your applications' callback URI.
For example, when an event happened such as a TriggerStudyUploadedEvent, a notification is sent in the form of an http POST request to the notification subscriber. The POST request contains details about the event, which makes it possible for the notification receiver to act accordingly.

Web service

Mechanism for executing scheduled or manually triggered tasks in Azure Web Site with HTTP-API without a graphical user interface (GUI).

X

n. a.

currently no terms available

Y

n. a.

currently no terms available

Z

n. a.

currently no terms available

See also

Glossary

A

Affiliated teamplay user

See also

Azure Kubernetes Service (AKS)

See also

Anonymization

See also

API

See also

API gateway

See also

API Management (APIM)

Application Programming Interface (API)

See also

Auth0

See also

Authentication

See also

Authorization

B

n.a.

C

See also

Computerized Maintenance Management System (CMMS)

See also

Cookie-based authentication

CUT environment

D

See also

Data minimization

See also

DICOM

E

End-to-end encryption

F

See also

Fast Healthcare Interoperability Resources (FHIR)

G

Graphical user interface (GUI)

H

See also

HIPAA & HITECH Acts

I

n. a.

J

See also

JavaScript Object Notation (JSON)

See also

JSON Web Token (JWT)

K

n. a.

L

n. a.

M

See also

Malware Scan Service (MSS)

N

n. a.

O

See also

OAuth 2.0

See also

OpenID Connect

P

Platform as a Service (PaaS)

Q

See also

QIDO-RS

R

See also

Regular web application

Representational State Transfer (REST)

S

See also

SAS tokens

See also

Single sign-on (SSO)

See also