You may be trying to access this site from a secured browser on the server. Please enable scripts and reload this page.
+
-
Gray Colour
Green Colour
ع
Home
Ministry
About the Minister
- Minister’s CV
- Minister's Office
- Contact the Minister
MOH Officials
- Vice Ministers
- Deputy Ministers
About the Ministry
- Overview
- Vision
- Mission
- Health Indicators
- Organizational Structure
- Strategy
- Health Policies
- Achievements
- Budget
- Tenders and Procurement
- Contact Us
- Help & Support
Share Your Opinion with Us
- Prominent E-Participations
Patient Satisfaction Survey Results
Regulations
Forms
We Care About You
Unified Health File
MOH Initiatives & Projects
Knowledge Management
National E- Health Strategy
Life Events
Partnerships
About MOH Portal
Interactive Map
Awareness
Patients’ Rights
Educational Content
- First Aid
- Chronic Diseases
- Health Tips
- Healthy lifestyle
- Oral Health
- Educational Series
- Seasonal and Festival Health
- Child’s Health
- Women's Health
- Various Topics
- Elderly’s Health
Health Tools
- BMI Calculator
- IBW Calculator
- Calorie Calculator
- Best Time To Get Pregnant
- Pregnancy Due Date Calculator
- Visual Acuity Test
- Prediabetes Risk Test
- Asthma Control Test
World Health Days
Premarital Screening
Command & Control Center
Pilgrim’s Health
E-Services
Media Center
MOH News
MOH Announcements
Events and Activities
MOH Publications
Important Links
Open Data
Sign In
Sign In
MOH Portal
The Ministry
Share Your Opinion with Us!
Saudi Health Information Exchange Policies
Saudi Health Information Exchange Policies
Listen
Policy
Page Content
Policy #
6
-
Saudi Health Information Exchange Authentication Policy
6.1 PURPOSE
The purpose of this policy is to ensure that systems and individuals interacting with the Saudi Health Information Exchange systems are known through the process of reliable security identification of subjects by incorporating an identifier and its authenticator.
6.2 SCOPE/APPLICABILITY
This policy applies to the Saudi Health Information Exchange, and to all individuals and organizations that have access to Saudi Health Information Exchange managed health records, including:
• Participating Healthcare Subscriber (PHCSs),
• their business associates,
• any subcontractors of business associates that perform functions or provide services involving the use and disclosure of personal health information,
• any Saudi Health Information Exchange Infrastructure Service Provider, and
• any other subcontractor of Saudi Health Information Exchange.
This policy applies to all personal health information provided to or retrieved from Saudi Health Information Exchange systems.
6.3 POLICY
1. Emergency Access SHALL be supported by all HIE node systems accessing the Saudi Health Information Exchange as a break-glass with audit and review of these actions, in accordance with the Audit Policy. Notification to the subject of care in the event of break-glass access SHOULD be provided by the Security and Privacy Officer of the Saudi Health Information Exchange.
2. Automatic user logoff SHALL be supported by all HIE nodes accessing the Saudi Health Information Exchange. The user sessions of the HIE node SHOULD be automatically logged off after no more than 30 minutes of inactivity.
3. All HIE Nodes exchanging personal health information SHALL implement a node authentication mechanism compliant with Transport Layer Security (TLS) [Internet Engineering Task Force (IETF): Transport Layer Security (TLS) 1.0 (RFC 2246)].
4. All Saudi Health Information Exchange system remote access by individual users SHALL require multi-factor authentication.
5. PHCSs SHOULD assert multi-factor authentication for remote access to their systems (from outside of the physical control of the organization), if the accessed system enables access to the Saudi Health Information Exchange.
6. A directory of PHCSs within the Saudi Health Information Exchange MAY include primary contact information of registered members, roles/privilege information, and identity attributes of providers, organizations, and systems. The primary contact information for the data in the directories supplied to the directory SHOULD minimally include a primary contact name and any associated contact phone numbers.
6.1. For Saudi Regulated Health Professionals, this information SHALL be sourced through the Saudi Commission for Health Specialties database.
6.2. The Saudi Commission for Health Specialties SHALL be the authoritative source for health practitioner’s license revocation.
6.3. For Healthcare Organizations, this information SHALL be provided by the corresponding sector-regulating body (Council of Health Services).
6.4. For employees and staff of Healthcare Organizations and Supporting Organizations, this information SHALL be provided by the designated contact within the PHCS.
6.5. All non-regulated health professionals SHALL be managed as employees of healthcare organizations.
7. The Saudi Health Information Exchange SHALL require unique identification of the individuals (employees, care providers, subjects of care, subjects of care agents), systems (HIE node, HIE system, or the Application), and Organizations accessing the information in the Saudi Health Information Exchange.
8. The user identity, role, and affiliation must be checked for both revocation and expiration at the time of logon to the system. If any have been revoked or have expired, use would be denied.
9. Any system providing access to the Saudi Health Information Exchange SHALL be responsible for verification of credentials. Verification implies that:
9.1. the credential is issued by a trusted third party,
9.2. the credential is current,
9.3. the credential is not suspended or revoked, and
9.4. the credential type is appropriate (for example, physician or pharmacist).
6.4 POLICY MAINTENANCE
The Saudi Ministry of Health (MOH) is responsible for monitoring and maintenance of policies.
1
0
You have to
Login here
to give your feedback about the policies
in this
Section
MOH E-Participation Policy
Currently selected
Prominent E-participations
E-Service Surveys
Also
You may be interested
Last Update :
10 April 2014 05:50 PM
Reading times :
All Rights Reserved – Ministry of Health – Kingdom of Saudi Arabia ©
Share Your Opinion with Us!
Saudi Health Information Exchange Policies
Currently selected
Policy
Citizens Voice
Forums
Interview text
Interview Text
Join Us On Live Chat
E-Service Surveys
About the Surveys
e-service Survey
Hospital Staff Response to Needs of Inpatients at Afif General Hospital
Identifying Research Priorities
It looks like your browser does not have JavaScript enabled. Please turn on JavaScript and try again.