You may be trying to access this site from a secured browser on the server. Please enable scripts and reload this page.
+
-
Gray Colour
Green Colour
ع
Home
Ministry
About the Minister
- Minister’s CV
- Minister's Office
- Contact the Minister
MOH Officials
- Vice Ministers
- Deputy Ministers
About the Ministry
- Overview
- Vision
- Mission
- Health Indicators
- Organizational Structure
- Strategy
- Health Policies
- Achievements
- Budget
- Tenders and Procurement
- Contact Us
- Help & Support
Share Your Opinion with Us
- Prominent E-Participations
Patient Satisfaction Survey Results
Regulations
Forms
We Care About You
Unified Health File
MOH Initiatives & Projects
Knowledge Management
National E- Health Strategy
Life Events
Partnerships
About MOH Portal
Interactive Map
Awareness
Patients’ Rights
Educational Content
- First Aid
- Chronic Diseases
- Health Tips
- Healthy lifestyle
- Oral Health
- Educational Series
- Seasonal and Festival Health
- Child’s Health
- Women's Health
- Various Topics
- Elderly’s Health
Health Tools
- BMI Calculator
- IBW Calculator
- Calorie Calculator
- Best Time To Get Pregnant
- Pregnancy Due Date Calculator
- Visual Acuity Test
- Prediabetes Risk Test
- Asthma Control Test
World Health Days
Premarital Screening
Command & Control Center
Pilgrim’s Health
E-Services
Media Center
MOH News
MOH Announcements
Events and Activities
MOH Publications
Important Links
Open Data
Sign In
Sign In
MOH Portal
The Ministry
Share Your Opinion with Us!
Saudi Health Information Exchange Policies
Saudi Health Information Exchange Policies
Listen
Policy
Page Content
Policy #
1
-
Saudi Health Information Exchange Definitions
Term
Definition
Access Control
A means of ensuring that the resources of a data processing system can be accessed only by authorized entities in authorized ways. [ISO/IEC 2382-8]
Accountability
Property ensures that the actions of an entity may be traced to that entity. [ISO 7498-2]
Anonymization
Process that removes the association between the identifying data set and the data subject. [ISO/TS 25237]
Assurance
In the context of NIST SP 800-63, assurance is defined as 1) the degree of confidence in the vetting process used to establish the identity of an individual to whom the credential was issued, and 2) the degree of confidence that the individual who uses the credential is the individual to whom the credential was issued. [NIST 800-63-1]
Audit
Systematic and independent examination of accesses, additions, or alterations to electronic health records to determine whether the activities were conducted, and the data were collected, used, retained or disclosed according to organizational standard operating procedures, policies, good clinical practice, and applicable regulatory requirement(s). [ISO 27789]
Audit Log
Chronological sequence of audit records, each of which contains data about a specific event. [ISO 27789]
Audit Record
Record of a single specific event in the life cycle of an electronic health record. [ISO 27789]
Audit Record Repository (ARR)
Receives and stores audit records from sources and consumer of the Saudi eHealth Information Exchange managed health information.
Audit Trail
Collection of Audit Records from one or more Audit Logs relating to a specific Subject of Care or a specific electronic health record. [ISO 27789]
Audit Trails and Node Authentication (ATNA)
IHE profile that establishes the characteristics of a basic secure node.
Authentication
The process of reliable security identification of subjects by incorporating an identifier and its authenticator. [ISO 7498-2]
Authorization
The granting of rights, which includes the granting of access based on access rights. [ISO 7498-2]
Availability
The property of being accessible and useable upon demand by an authorized entity. [ISO 7498-2]
Breach
A Breach is a Reportable Event that, once investigated, is confirmed to have compromise the security or privacy of the Personal Health Information (PHI).
Break-Glass
"Break the glass" relates to an “emergency” and “temporary” authorization of a system user and is required to obtain access to information.
Business Associate (BA)
A person or entity that performs certain functions or activities for, or provides services to, a Regulated Health Professional or entity involving the use or disclosure of PHI. [Adapted from HIPAA]
Certification Authority (CA)
Authority trusted by one or more users to create and assign public-key certificates. [ISO-9594-8].
Collected
Obtained and persisted. [ISO/ TS 1462514265]
Confidentiality
Property that information is not made available or disclosed to unauthorized individuals, entities, or processes. [ISO 7498-2]
Credential
An object that authoritatively binds an identity (and optionally, additional attributes) to a token possessed and controlled by a person. [NIST 800-63-1]
Data Integrity
Property that data has not been altered or destroyed in an unauthorized manner. [ISO 7498-2]
[Data subject's] consent
Any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed. [ISO /IS 22857]
Data Use Agreement
Comprehensive agreement that governs the exchange of health data between participants in the Saudi Health Information Exchange.
De-identification
De-identification is the general term for any process of removing the association between a set of identifying data and the data subject. [ISO /TS -25237]
Emergency Access
Access to data for the provision of care where threat of injury or death requires special permissions or override of other controls in order to ensure uninterrupted and urgent treatment. [ISO/ TS -1462514265]
Encryption
Cryptographic transformation of data to produce ciphertext [ISO 7498-2]. A ciphertext is data produced through the use of encryption, the semantic content of which is not available without the use of cryptographic techniques. [ISO/IEC 2382-08]
External Privacy and Security Audit
Verification by someone outside of the organization that the systems are managed according to specified requirements.
Health Information Exchange Nodes (HIE Nodes)
HIE nodes are those systems (Electronic Medical Records, Public Health Information Systems) that are connected to Saudi Health Information Exchange Systems.
Health Information Management
Mainly responsible for providing medical records and healthcare information management services. [AHIMA]
Health Record
Repository of information regarding the health of a subject of care. [ISO 13606-1] Under this policy, this refers to all personal health information accessible through the Saudi Health Information Exchange.
Healthcare Organization
Officially registered organization [under the umbrella of Saudi Council of Health Services] that has a main activity related to healthcare services or health promotion. [ISO/ IS 17090]
HIE Node Authentication
Describes authenticating each computer system to the Saudi Health Information Exchange.
Identification
Performance of tests to enable a data processing system to recognize entities. [ISO/IEC 2382-8]
Identifier
Piece of information used to claim an identity, before a potential corroboration by a corresponding authenticator. [ENV 13608-1]
Internal Privacy and Security Audit
Verification by someone inside of the organization (Saudi Health Information Exchange or Saudi Health Information Exchange service providers) to ensure that the systems are managed according to specified requirements.
Non-Regulated Health Professional
Person employed by a healthcare organization who is not a regulated health professional.
EXAMPLES: Medical receptionist who organizes appointments or a nurse’s aide who assists with patient care.
NOTE: The fact that a body independent of the employer does not authorize the employee’s professional capacity does not, of course, imply that the employee is not professional in conducting her/his services. [ISO/ IS 17090]
Organization
Healthcare organization or a supporting organization.
(Organization) Employee
Person employed by a healthcare organization or a supporting organization.
EXAMPLES: Medical records transcriptionists, healthcare insurance claims adjudicator, and pharmaceutical order entry clerks. [ISO /IS 17090]
Organization Roles
Organization roles correspond to the hierarchical organization in an [organization] in terms of internal structures. [Neumann/Strembeck]
Participating Healthcare Subscriber (PHCS)
Any healthcare institution or healthcare professional that has executed an effective Participation Agreement with the Saudi Health Information Exchange. This may be a Healthcare Organization, a Supporting Organization, or a Regulated Health Professional.
Personal Health Information (PHI)
Information about an identifiable person which relates to the physical or mental health of the individual, or to provision of health services to the individual, and which may include: a) information about the registration of the individual for the provision of health services; b) information about payments or eligibility for healthcare with respect to the individual; c) a number, symbol or particular assigned to an individual to uniquely identify the individual for health purposes; d) any information about the individual collected in the course of the provision of health services to the individual; e) information derived from the testing or examination of a body part or bodily substance; f) identification of a person (e.g., a health professional) as provider of healthcare to the individual. [ISO 27799]
Privacy
Freedom from intrusion into the private life or affairs of an individual when that intrusion results from undue or illegal gathering and use of data about that individual. [ISO/IEC 2382-8]. In the context of the Saudi HIE, it refers to an individual's interest in limiting who has access to personal healthcare information. [HIPAA]
Privacy and Security Audit
Audit focused on assuring conformance to privacy and security practices and procedures.
Pseudonymization
Pseudonymization is a process by which identifying information of a data subject is removed while retaining a link between multiple records pertaining to the data subject. [ISO/ TS 25237]
Pseudonymization, irreversible
The process of Pseudonymization is said to be irreversible if, for any passage from identifiable to pseudonymous, it is computationally infeasible to trace back to the original identifier from the pseudonym [ISO /TS 25237]
Registration Authority (RA)
Entity that is responsible for identification and authentication of certificate subjects, but that does not sign or issue certificates (i.e. an RA is delegated certain tasks on behalf of a CA). [IETF/RFC 3647]
Regulated Health Professional
Person who is authorized by a nationally recognized body [SCFHS, Saudi Commission for Health Specialties] and qualified to perform certain health services.
EXAMPLES: Physicians, registered nurses, and pharmacists [e.g. Saudi-licensed practitioners]
NOTE 1: The types of registering or accrediting bodies differ in different countries and for different professions. Nationally recognized bodies include local or regional governmental agencies, independent professional associations, and other formally and nationally recognized organizations. They MAY be exclusive or non-exclusive in their territory.
NOTE 2: A nationally recognized body in this definition does not imply one nationally controlled system of professional registration but, in order to facilitate international communication, it would be preferable for one nationwide directory of recognized health professional registration bodies to exist. [ISO 17090]
Remote Access
Access to the Saudi Health Information Exchange from a device connected to a HIE node and situated outside of the physical and environmental control of the corresponding PHCS. This would typically include access to a HIE node from a remote location such as from home.
Reportable Event
A Reportable Event is an action (or lack of action), suspected or confirmed, that violates Saudi Health Information Exchange policies and procedures for accessing or using PHI managed by the Saudi Health Information Exchange. Such violations may be unintentional or intentional.
Role
Set of competences and/or performances that are associated with a task. [ISO/ TS 21298]
Saudi Health Information Exchange (SeHe)
The Saudi organization known as SeHe that delivers capabilities to enable the electronic sharing of health-related information and health-related services across the country of Saudi Arabia.
Saudi Health Information Exchange Infrastructure Service Provider
An entity operating and managing the core services supporting the Saudi Health Information Exchange systems (e.g. Provider Registry, Client Registry, Clinical Data Repository, etc.)
Saudi Health Information Exchange Systems
All hardware and software components providing the infrastructure to enable the Saudi Health Information Exchange. HIE nodes are not components of the Saudi Health Information Exchange Systems.
Secondary use of personal data (Repurposing data)
Secondary use of personal data is any use different from primary use [ISO/ TS 25237]
NOTE: For example, the primary use is for treating the individual patient; we can consider that the secondary use is for purposes other than treating the individual patient, such as for research or marketing.
Security
Combination of availability, confidentiality, integrity, and accountability. [ENV 13608-1]
Sensitive PHI
PHI Subject to heightened confidentiality requirements (at least including but not limited to mental health, substance abuse, genetic information, sexually transmitted disease, reproductive health).
Sensitivity
Measure of importance assigned to information to denote its need for protection. [ISO 13606-4]
Shall
Whenever occurs in this policy, SHALL means the action must be taken.
Should
Whenever occurs in this policy, SHOULD means it is a recommendation that an action ought to be done, but it is not required.
Special Notice / Notice of privacy practice
Notice given to patients by a Participating Healthcare Subscriber explaining the Saudi Health Information Exchange and the patient’s rights regarding disclosure of PHI from the Saudi Health Information Exchange.
Sponsored Healthcare Provider
Health services provider who is not a regulated professional in the jurisdiction of his/her practice, but who is active in his/her healthcare community and sponsored by a regulated healthcare organization. [ISO /IS 17090]
NOTE: in Saudi Arabia, this may be, for instance, a Healthcare Provider that is licensed in another country and contracted as a temporary provider by a Saudi Hospital
Subject of Care
Person who receives health related services and has health information contained within the Saudi Health Information Exchange; any person who uses or is a potential user of a healthcare service; subjects of care may also be referred to as patients, healthcare consumers or Subject of Cares [ISO/ TS 22220]
Subscriber
A party who receives a credential or token from a certification service provider. [NIST 800-63-1]
Supporting Organization
Officially registered organization which is providing services to a healthcare organization, but which is not providing healthcare services.
EXAMPLES: Healthcare financing bodies such as insurance institutions, suppliers of pharmaceuticals and other goods. [ISO /IS 17090]
Trusted Third Party
Third party who is considered trusted for purposes of a security protocol.
3
2
You have to
Login here
to give your feedback about the policies
in this
Section
MOH E-Participation Policy
Currently selected
Prominent E-participations
E-Service Surveys
Also
You may be interested
Last Update :
10 April 2014 05:50 PM
Reading times :
All Rights Reserved – Ministry of Health – Kingdom of Saudi Arabia ©
Share Your Opinion with Us!
Saudi Health Information Exchange Policies
Currently selected
Policy
Citizens Voice
Forums
Interview text
Interview Text
Join Us On Live Chat
E-Service Surveys
About the Surveys
e-service Survey
Hospital Staff Response to Needs of Inpatients at Afif General Hospital
Identifying Research Priorities
It looks like your browser does not have JavaScript enabled. Please turn on JavaScript and try again.