You may be trying to access this site from a secured browser on the server. Please enable scripts and reload this page.
+
-
Gray Colour
Green Colour
ع
Home
Ministry
About the Minister
- Minister’s CV
- Minister's Office
- Contact the Minister
MOH Officials
- Vice Ministers
- Deputy Ministers
About the Ministry
- Overview
- Vision
- Mission
- Health Indicators
- Organizational Structure
- Strategy
- Health Policies
- Achievements
- Budget
- Tenders and Procurement
- Contact Us
- Help & Support
Share Your Opinion with Us
- Prominent E-Participations
Patient Satisfaction Survey Results
Regulations
Forms
We Care About You
Unified Health File
MOH Initiatives & Projects
Knowledge Management
National E- Health Strategy
Life Events
Partnerships
About MOH Portal
Interactive Map
Awareness
Patients’ Rights
Educational Content
- First Aid
- Chronic Diseases
- Health Tips
- Healthy lifestyle
- Oral Health
- Educational Series
- Seasonal and Festival Health
- Child’s Health
- Women's Health
- Various Topics
- Elderly’s Health
Health Tools
- BMI Calculator
- IBW Calculator
- Calorie Calculator
- Best Time To Get Pregnant
- Pregnancy Due Date Calculator
- Visual Acuity Test
- Prediabetes Risk Test
- Asthma Control Test
World Health Days
Premarital Screening
Command & Control Center
Pilgrim’s Health
E-Services
Media Center
MOH News
MOH Announcements
Events and Activities
MOH Publications
Important Links
Open Data
Sign In
Sign In
MOH Portal
The Ministry
Share Your Opinion with Us!
Saudi Health Information Exchange Policies
Saudi Health Information Exchange Policies
Listen
Policy
Page Content
Policy #
5
-
Saudi Health Information Exchange Identity Management Policy
5.1 PURPOSE
The purpose of this policy is to ensure that the identities of the individuals and entities interacting with the Saudi Health Information Exchange are assured to enable a data processing system to recognize entities.
5.2 SCOPE/APPLICABILITY
This policy applies to the Saudi Health Information Exchange, and to all individuals and organizations that have access to Saudi Health Information Exchange managed health records, including
• Participating Healthcare Subscribers (PHCSs),
• Their business associates,
• Any subcontractors of business associates that perform functions or provide services involving the use and disclosure of personal health information,
• Any Saudi Health Information Exchange Infrastructure Service Provider, and
• Any other subcontractor of Saudi Health Information Exchange.
This policy applies to all personal health information provided to or retrieved from Saudi Health Information Exchange systems.
5.3 POLICY
1. Healthcare Organization [e.g. hospital] and Supporting Organization [e.g. supporting quality management Organization] systems connecting to the Saudi Health Information Exchange systems SHOULD be subject to Trusted Third Party Attestation for the issuance of organization system digital certificates. Self-signed certificates or those issued by another PKI MAY be used as a Direct Trust method for certificates of HIE nodes or applications at the node, with additional out-of-band verification of source identity as part of the onboarding process.
2. Individual users accessing the Saudi Health Information Exchange systems SHOULD be subject to Trusted Third Party Attestation for the issuance of identity credentials.
3. Digital certificates used for authentication or digital signatures SHALL be issued by the National Center for Digital Certification.
4. Federated identity providers MAY apply to authenticate users to the HIE on a case by case basis.
5. Requirements for Proof of Identity for individuals are as follows:
5.1. Identity proofing for all individuals SHALL require a valid government issued photographic identification (i.e. passport, driver’s license, military ID, national ID, or Residency Permit for Non-Saudi) and/or a government-recognized biometric identification.
5.1.1. For Subject of Care this same proofing SHOULD be required, but antecedent data MAY be used.
5.2. For Subject of Care agent, the proofing SHALL be provided by government issued Family Card or other legal document indicating authorization to act on behalf of the Subject of Care for medical decisions. Identity Proofing for all individuals SHALL include a face-to-face attestation of the individual’s identity.
5.2.1. For subjects of care, this same proofing SHOULD be required, but antecedent data MAY be used.
5.2.2. For other users, antecedent data MAY be used to provide limited access to the Saudi Health Information Exchange.
5.3. Identity Proofing for Regulated Health Professional SHALL require evidence of a current license issued by the Saudi Commission for Health Specialties in addition to the Identity Proofing requirements that apply to all individuals (as described in 5.1 and 5.2 above).
5.4. Identity Proofing for healthcare employees SHALL require verification of employee ID or letter from employer on employer letterhead indicating current employment status where the identifier is not issued directly by the employer in addition to the Identity Proofing requirements that apply to all individuals (as described in 5.1 and 5.2 above).
5.5. Identity Proofing of a Sponsored Healthcare Provider SHALL require a letter from a regulated healthcare professional or authorized representative of a sponsoring regulated health organization to establish that they are active in their healthcare community OR evidence of current credentials issued by the Saudi Commission for Health Specialties in addition to the Identity Proofing requirements that apply to all individuals (as described in 5.1 and 5.2 above).
6. Identity Proofing requirements for Organization systems are as follows:
6.1. Identity Proofing of an Organization’s secure node (HIE node) SHALL require attestation by an individual identified by the organization as authorized to provide such attestation.
6.1.1. A letter on the entity letterhead signed by a corporate officer SHALL identify a representative of the entity authorized to validate and request organization or device certificates on behalf of the entity that will be used to provision HIE node certificates.
6.2. The Organization responsible for the system SHALL provide proof of a current license to conduct the healthcare or healthcare associated business, a valid commercial registration document, or a nationally-recognized government entity.
7. Electronic identity credentials SHALL NOT be issued until an agreement addressing the credential holder’s requirements is completed and signed. This may for example include an agreement to terms and conditions for online registration processes for individual users.
8. Procedures for account revocation upon employee severance for any employee who was issued an individual identity credential to access the Saudi Health Information Exchange systems SHALL be implemented by the PHCS.
8.1. Notification to the Saudi Health Information Exchange SHOULD be issued within two business days.
8.2. Acknowledgment of receipt of notification SHOULD be issued upon receipt.
8.3. Account revocation by the PHCS and the Saudi Health Information Exchange SHOULD be implemented within two business days after notification.
9. Procedures for account update upon employee role modification for any employee who has been issued an individual identity credential to access the Saudi Health Information Exchange systems, SHALL be implemented by the PHCS.
9.1. Notification to the Saudi Health Information Exchange SHOULD be issued within two business days.
9.2. Acknowledgment of receipt of notification SHOULD be issued upon receipt.
9.3. Account update by the organization and the Saudi Health Information Exchange SHOULD be implemented within two business days after notification.
10. Subscribers [NIST 800-63-1] SHALL notify a Saudi Health Information Exchange authorized Registration Authority if their digital identity is lost, stolen, or otherwise known to be compromised. This SHALL result in a revocation request and request for a new digital identity.
11. Account subscriber [NIST 800-63-1] agreements SHALL include the requirement to protect the subscriber identity credential.
5.4 POLICY MAINTENANCE
The Ministry of Health (MOH)
1
0
You have to
Login here
to give your feedback about the policies
in this
Section
MOH E-Participation Policy
Currently selected
Prominent E-participations
E-Service Surveys
Also
You may be interested
Last Update :
10 April 2014 05:50 PM
Reading times :
All Rights Reserved – Ministry of Health – Kingdom of Saudi Arabia ©
Share Your Opinion with Us!
Saudi Health Information Exchange Policies
Currently selected
Policy
Citizens Voice
Forums
Interview text
Interview Text
Join Us On Live Chat
E-Service Surveys
About the Surveys
e-service Survey
Hospital Staff Response to Needs of Inpatients at Afif General Hospital
Identifying Research Priorities
It looks like your browser does not have JavaScript enabled. Please turn on JavaScript and try again.