You may be trying to access this site from a secured browser on the server. Please enable scripts and reload this page.
+
-
Gray Colour
Green Colour
ع
Home
Ministry
About the Minister
- Minister’s CV
- Minister's Office
- Contact the Minister
MOH Officials
- Vice Ministers
- Deputy Ministers
About the Ministry
- Overview
- Vision
- Mission
- Health Indicators
- Organizational Structure
- Strategy
- Health Policies
- Achievements
- Budget
- Tenders and Procurement
- Contact Us
- Help & Support
Share Your Opinion with Us
- Prominent E-Participations
Patient Satisfaction Survey Results
Regulations
Forms
We Care About You
Unified Health File
MOH Initiatives & Projects
Knowledge Management
National E- Health Strategy
Life Events
Partnerships
About MOH Portal
Interactive Map
Awareness
Patients’ Rights
Educational Content
- First Aid
- Chronic Diseases
- Health Tips
- Healthy lifestyle
- Oral Health
- Educational Series
- Seasonal and Festival Health
- Child’s Health
- Women's Health
- Various Topics
- Elderly’s Health
Health Tools
- BMI Calculator
- IBW Calculator
- Calorie Calculator
- Best Time To Get Pregnant
- Pregnancy Due Date Calculator
- Visual Acuity Test
- Prediabetes Risk Test
- Asthma Control Test
World Health Days
Premarital Screening
Command & Control Center
Pilgrim’s Health
E-Services
Media Center
MOH News
MOH Announcements
Events and Activities
MOH Publications
Important Links
Open Data
Sign In
Sign In
MOH Portal
The Ministry
Share Your Opinion with Us!
Saudi Health Information Exchange Policies
Saudi Health Information Exchange Policies
Listen
Policy
Page Content
Policy #
10
-
Saudi Health Information Exchange Secondary Use Policy
10.1 PURPOSE
The purpose of this policy is to establish the conditions, if any, under which personal health information on the Saudi Health Information Exchange may be used for purposes other than direct patient care (as defined in the Purpose of Use Policy).
10.2 SCOPE/APPLICABILITY
This policy applies to the Saudi Health Information Exchange, and to all individuals and organizations that have access to the Saudi Health Information Exchange managed health records, including:
• Participating Healthcare Subscriber (PHCSs),
• their Business Associates,
• any subcontractors of Business Associates that perform functions or provide services involving the use and disclosure of PHI,
• any Saudi Health Information Exchange Infrastructure Service Provider,
• any other subcontractor of the Saudi Health Information Exchange, and
• any party requesting to use the Health Information Exchange managed information for secondary use as described below.
This policy applies to all PHI provided to or retrieved from the Saudi Health Information Exchange.
10.3 POLICY
1. Personal health information on the Saudi Health Information Exchange MAY be made available for purposes other than Treatment, Operations and Public Health, as defined in the Purpose of Use Policy, under the following conditions:
1.1. Designated ethics committee (i.e., Medical Research Board; local IRB) approval SHALL be considered on a case-by-case basis.
1.2. Any additional approval requirements and other proposal criteria requesting access to such data SHALL be determined and published by the designated ethics committee.
1.3. The designated ethics committee MAY publish criteria (e.g., may have a minimum necessary content for the proposal).
1.4. The Saudi Health Information Exchange Privacy and Security Officer or designee SHALL be a member of the designated ethics committee.
1.5. Research data extracts or views SHALL be managed by the Saudi Health Information Exchange or a Saudi Health Information Exchange approved subcontractor.
1.6. A Data Use Agreement between the research organization/individual and the Saudi Health Information Exchange SHALL be established. The Data Use Agreement SHALL include the following requirements:
1.6.1. The data use and access SHALL be limited to the specified purpose cited in the approved proposal.
1.6.2. Additional authorizations and consents of study subjects MAY be required, as defined by the designated ethics committee. Where authorizations and consents are required, the Saudi Health Information Exchange SHALL have access to the authorizations and consents
1.6.3. The designated ethics committee MAY require that the data be de-identified with or without re-identification capabilities.
1.6.4. In the case where a view is provided to the data set that would be managed by the Saudi Health Information Exchange, the party requesting the data SHALL identify designated individuals that access the data for the approved purpose.
2. De-identified health information MAY be released from the Saudi Health Information Exchange under the following conditions:
2.1. De-identification methods SHALL undergo a re-identification risk assessment of the proposed data extract.
2.2. Designated ethics committee (i.e., Medical Research Board; local IRB) MAY consider the request on a case-by-case basis.
2.3. The designated ethics committee MAY offer criteria that will allow documentation of de-identified data sets that are not subject to case-level consideration and approval (e.g. re-identification risk criteria of routine de-identified information sets)
2.4. De-identification methods to be used for the data set SHALL be disclosed
2.5. A Data Use Agreement between the research organization/individual and the Saudi Health Information Exchange SHALL be established. The Data Use Agreement SHALL include the following requirements:
2.5.1. The data use and access SHALL be limited to the specified purpose cited in the approved proposal.
2.5.2. The requesting party SHALL be required to provide contract assurances that no attempt SHALL be made by it to re-identify the de-identified PHI from the Exchange provided for the approved data use.
2.5.3. In the case where a view is provided to the data set that would be managed by the Saudi Health Information Exchange, the party requesting the data SHALL identify designated individuals that access the data for the approved purpose.
2.5.4. If approved, de-identified data extracts or views SHALL be prepared by Saudi Health Information Exchange Health staff or a Saudi Health Information Exchange Health approved subcontractor with due consideration of protections to be applied to all processed data.
3. Pseudonymized health information MAY be released by the Saudi Health Information Exchange under the following conditions in addition to those conditions that apply to de-identified data release:
3.1. Reversible Pseudonymization provisions for the extract SHALL be subject to approval by the designated ethics committee to be reviewed on a case-by-case basis.
4. The Saudi Health Information Exchange SHALL make available a record of all approved requests for identified PHI, de-identified health information, anonymized health information, and pseudonymized health information from the Saudi Health Information Exchange.
4.1. The record of all approved requests SHOULD be reviewed with the same frequency as audit report requirements as specified by the Audit Policy.
4.2. The record of all approved requests SHALL include:
4.2.1. the date of the data release,
4.2.2. the entity to which the data was released,
4.2.3. a summary of the research or analysis involved, and
4.2.4. Approval Reference Number.
4.3. Such record SHOULD be retained for at least ten years after the release of the information.
10.4 POLICY MAINTENANCE
The Saudi Ministry of Health (MOH) is responsible for monitoring and maintenance of policies.
1
0
You have to
Login here
to give your feedback about the policies
in this
Section
MOH E-Participation Policy
Currently selected
Prominent E-participations
E-Service Surveys
Also
You may be interested
Last Update :
10 April 2014 05:50 PM
Reading times :
All Rights Reserved – Ministry of Health – Kingdom of Saudi Arabia ©
Share Your Opinion with Us!
Saudi Health Information Exchange Policies
Currently selected
Policy
Citizens Voice
Forums
Interview text
Interview Text
Join Us On Live Chat
E-Service Surveys
About the Surveys
e-service Survey
Hospital Staff Response to Needs of Inpatients at Afif General Hospital
Identifying Research Priorities
It looks like your browser does not have JavaScript enabled. Please turn on JavaScript and try again.