Insta HMS has been actively working on their Information Security Standards to help its healthcare providers with better Data Security. Since the era of digitalization, healthcare data is always at risk and has been increasing exponentially. Insta HMS has introduced many new features to its system so as to keep a check on it’s security standards like that of the ADHICS.
What is ADHICS?
In 2018, the DOH (Department of Health), Abu Dhabi established an initiative called the Abu Dhabi Healthcare Information & Cyber Security (ADHICS) to keep the healthcare data secure and private at international standards. Now, ADHICS has become the guide for all the healthcare providers and professionals for the healthcare regulations in Abu Dhabi. Following these ADHICS guidelines, it becomes easier for the providers and professionals to minimize the risk of potential Information Security threats.
How is Insta HMS connected to ADHICS?
As it is already known that Insta HMS is a clinic and hospital management software solution and as part of the management system, Insta HMS helps the healthcare providers to follow and adhere to the Information Security Standards.
Insta HMS hosted on Microsoft Azure Cloud Insta HMS in the region of UAE is hosted on Microsoft Azure Cloud which has certifications like ISO 27001, HIPAA, FedRAMP, SOC 1, and SOC 2.
Insta HMS also follows the data localization hosting compliance rules which means each Insta HMS healthcare provider is either allocated a separate dedicated instance or a shared hardware but tenanted database.
The Microsoft Azure Cloud offers multiple options to comply with Data Encryption requirements.
Data Encryption at Rest is the information that is on the persistent storage in any digital format that is in physical media. These can include files on magnetic or optical media, archived data, and data backups. Microsoft Azure offers a variety of data storage solutions to meet different needs, including file, disk, blob, and table storage.
It also offers many mechanisms for keeping data encrypted in motion or in transit.
Transparent Data Encryption (TDE) protects data and log files. Encryption of the database file in Azure is performed at page-level. The pages are encrypted before they are written on a disk and decrypted when they are read into the memory. TDE is now a default function on newly created Azure SQL databases
Insta HMS’s integration with Malaffi Health Information Health Connectivity Insta HMS remains the only hospital and clinic management software solution which offers Etisalat SDWAN powered by Microsoft Azure Cloud based solution in integration with Malaffi Health Information Health Connectivity in Abu Dhabi.
Insta HMS’ Backup Policy Irrespective of where Insta HMS is hosted (Microsoft Azure Cloud or Insta’s on-premise servers), they have well defined and flexible backup policy for time recovery and disaster management for their healthcare providers.
These backups are tested periodically in coordination with the providers.
Hot backup option to a local disk or NAS using database WAL shipping.
Streaming replication to a backup server for High Availability.
Backup from on-premises to cloud.
Insta HMS’ Multi-Factor Authentication
Insta has introduced a new role based access controls to provide access to only authenticated users via multi factor authentication to the Insta HMS application at all times.
Access controls can be defined to authorize which users have access to specific screens and actions in the application workflow.
Insta supports TOTP based authentication using apps like authenticator, otp over email/sms, offline tokens which can be setup based on IP configuration rules.
Insta HMS’ Service Exit Policy Insta HMS has a very flexible Service Exit policy. That is, in the event that a customer wishes for any reason to transition out or discontinue the use of Insta HMS services, we are fully supportive of the customer during the transition and offer the following options for data extraction:
A database dump is provided to the customer before deinstallation of software from customer servers or cloud instances.
Clinical data such as medical reports can be extracted in the form of PDF exports.
Masters and transactional data can be exported using Insta’s extensive reporting capabilities.
In addition, we are responsible for all data removal from our environment, disconnecting all existing integrations and knowledge handover based on a mutually agreed approach.
Insta HMS’ Additional Data Security Features
All the passwords are stored in an 128 bit encrypted format. It also enforces a minimum 12 character length password with first time login change password and has configurable password preferences to enforce customizable strength rules as well such as number of special characters, digits, characters, lower/uppercase letters etc.
To view the trail of transactions using the application audit log functionality, Insta has a wide range of administrator access.
Insta HMS has also written contractual agreements with customers so as to not make any attempts to anonymize healthcare entity data/information, through specific instances, for the purpose of our own business benefits or needs.
Insta HMS is actively working on its information security standards and in many ways has been trying to follow the ADHICS compliance. Insta HMS has also introduced many new features to help its clients and healthcare providers with better Data Security Standards.