You may be trying to access this site from a secured browser on the server. Please enable scripts and reload this page.
+
-
Gray Colour
Green Colour
ع
Home
Ministry
About the Minister
- Minister’s CV
- Minister's Office
- Contact the Minister
MOH Officials
- Vice Ministers
- Deputy Ministers
About the Ministry
- Overview
- Vision
- Mission
- Health Indicators
- Organizational Structure
- Strategy
- Health Policies
- Achievements
- Budget
- Tenders and Procurement
- Contact Us
- Help & Support
Share Your Opinion with Us
- Prominent E-Participations
Patient Satisfaction Survey Results
Regulations
Forms
We Care About You
Unified Health File
MOH Initiatives & Projects
Knowledge Management
National E- Health Strategy
Life Events
Partnerships
About MOH Portal
Interactive Map
Awareness
Patients’ Rights
Educational Content
- First Aid
- Chronic Diseases
- Health Tips
- Healthy lifestyle
- Oral Health
- Educational Series
- Seasonal and Festival Health
- Child’s Health
- Women's Health
- Various Topics
- Elderly’s Health
Health Tools
- BMI Calculator
- IBW Calculator
- Calorie Calculator
- Best Time To Get Pregnant
- Pregnancy Due Date Calculator
- Visual Acuity Test
- Prediabetes Risk Test
- Asthma Control Test
World Health Days
Premarital Screening
Command & Control Center
Pilgrim’s Health
E-Services
Media Center
MOH News
MOH Announcements
Events and Activities
MOH Publications
Important Links
Open Data
Sign In
Sign In
MOH Portal
The Ministry
Share Your Opinion with Us!
Saudi Health Information Exchange Policies
Saudi Health Information Exchange Policies
Listen
Policy
Page Content
Policy #
3
-
Saudi Health Information Exchange Information Security Policy
3.1 PURPOSE
The purpose of this policy is to ensure that the information security is conducted in a manner that protects personal health information and supports the availability, confidentiality, integrity, and accountability of the Saudi Health Information Exchange shared clinical information.
3.2 SCOPE/APPLICABILITY
This policy applies to the Saudi Health Information Exchange, to all individuals and organizations that have access to Saudi Health Information Exchange managed health records, including
• Participating Healthcare Subscribers(PHCSs),
• Their business associates,
• Any subcontractors of business associates that perform functions or provide services involving the use and disclosure of personal health information,
• Any Saudi Health Information Exchange Infrastructure Service Provider, and
• Any other subcontractor of Saudi Health Information Exchange.
This policy applies to all personal health information provided to or retrieved from Saudi Health Information Exchange systems.
3.3 POLICY
1. PHCSs SHALL implement policies and protections for Access Control, Automatic Logoff, Audit Log, Emergency Access, Integrity, Authentication, and Encryption. A list of policies and protections SHALL be requested and checked when onboarding participating sites. A minimal set SHALL be specified in the policy, and additional requirements may be included in the Data Use Agreement.
2. All Saudi Health Information Exchange system components SHOULD be managed and operated in conformance with the ISO/TC 215 standard: “ISO 27799:2008, Health informatics – Information security management in health using ISO/IEC 27002”.
3. Data SHALL NOT be deleted at any time from the Saudi Health Information Exchange. Data MAY be amended or replaced to accommodate corrections.
4. All Saudi Health Information Exchange Infrastructure systems SHALL be managed in accordance with one of: ISO 27000, SAS70/ SSAE 16, supporting physical safeguards, clearance, access, supervising those with access and other core secure management practices.
5. All Saudi Health Information Exchange systems SHALL implement contingency and disaster recovery plans to assure availability and integrity of Saudi Health Information Exchange managed health information.
6. Retention time for Saudi Health Information Exchange managed PHI is indefinite.
7. All Saudi Health Information Exchange systems SHALL encrypt communications when exchanging electronic health information. Encryption SHALL minimally support one of the following:
7.1. AES
7.2. 3DES
8. All Saudi Health Information Exchange systems SHALL implement intrusion detection measures.
9. The Saudi Health Information Exchange and the PHCSs SHALL require personnel training in privacy and confidentiality for all personnel handling health information that is directly or indirectly involved in the support of Saudi Health Information Exchange systems.
10. A privacy/security officer SHOULD be designated at the Saudi Health Information Exchange, as well as in the PHCSs.
11. The Saudi Health Information Exchange and the PHCSs SHALL implement a personnel sanction policy for inappropriate use, transmission, copy or disclosure of Saudi Health Information Exchange information and services.
12. PHCSs SHOULD have contingency plans in place for extended downtime periods.
3.4 POLICY MAINTENANCE
The Saudi Ministry of Health (MOH) is responsible for monitoring and maintenance of policies.
3
0
You have to
Login here
to give your feedback about the policies
in this
Section
MOH E-Participation Policy
Currently selected
Prominent E-participations
E-Service Surveys
Also
You may be interested
Last Update :
10 April 2014 05:50 PM
Reading times :
All Rights Reserved – Ministry of Health – Kingdom of Saudi Arabia ©
Share Your Opinion with Us!
Saudi Health Information Exchange Policies
Currently selected
Policy
Citizens Voice
Forums
Interview text
Interview Text
Join Us On Live Chat
E-Service Surveys
About the Surveys
e-service Survey
Hospital Staff Response to Needs of Inpatients at Afif General Hospital
Identifying Research Priorities
It looks like your browser does not have JavaScript enabled. Please turn on JavaScript and try again.