Watch the Webinar Replay
Topics to Discuss
- Need and Strategic Purpose of ADHICS
- Privacy and Security assurance by ADHICS
- Application of ADHICS in various health institutions like - Medical Centres, Dental Centers, Home Care, Aesthetic Clinics and Hospitals.
- Some benefits of being ADHICS compliant.
As the risk of digitization of healthcare data is rising exponentially, the Department of Health, Abu Dhabi has initiated Abu Dhabi Healthcare Information and Cyber Security in 2018 as a strategic initiative, so as to ensure privacy and security of healthcare data and records at international standards around its health sector.
ADHICS is a complete guide for the regulation of healthcare data in Abu Dhabi for healthcare professionals and providers. This will enable the providers and professionals to minimize the impact of information security threats and minimize recovery time.
Dr. Mahera AbdulRahman, MD, PhD
Health Informatics & Smart Health Department
Health Regulation Sector
Dr. Mahera previously held several positions at the Dubai Health Authority (DHA), most recently as a policymaker in Health Informatics and Smart health department, health regulation sector, DHA. She is the leading person in putting all health data governance-related regulations and policies in the Emirate of Dubai.
Dr. Mahera has also played an important role in leading implementing NABIDH policies through conducting several awareness webinars within the health sector. In addition, she actively established links between DHA and other organizations within UAE and Internationally.
Business Head - HMS Solutions
Practo - Middle East
Sathish Jeganathan is heading the business of Insta by Practo for the Middle East. He comes with more than a decade of health care experience with Health tech software's and ERP, Pharma experience with GSK and MSD.
He is part of the Journey of Insta by Practo to reach 300+ centers in GCC and also worked closely with Malaffi and NABIDH team to establish the connectivity with these HIE's.
How Insta HMS helps healthcare providers to follow and adhere to information security standards.
- In UAE, Insta HMS is hosted on enterprise grade Microsoft Azure Cloud services which has certifications such as ISO 27001, HIPAA, FedRAMP, SOC 1, and SOC 2.
- Insta HMS follows data localization hosting compliance rules and so has Abu Dhabi and Dubai customers hosted out of Abu Dhabi and Dubai regions only.
- Insta HMS either allocates a separate dedicated instance or a shared hardware but tenanted database to each healthcare provider who uses Insta HMS.
- Microsoft Azure Cloud services offers multiple options to comply with Data Encryption requirements.
- Data encryption at rest: includes information that resides in persistent storage on physical media, in any digital format. This can include files on magnetic or optical media, archived data, and data backups. Microsoft Azure offers a variety of data storage solutions to meet different needs, including file, disk, blob, and table storage.
- Azure offers many mechanisms for keeping data encrypted in motion or in transit.
- Transparent Data Encryption (TDE) protects data and log files, using AES and Triple Data Encryption Standard (3DES) encryption algorithms. Encryption of the database file is performed at the page level. The pages in an encrypted database are encrypted before they are written to disk and are decrypted when they’re read into memory. TDE is now enabled by default on newly created Azure SQL databases.
- Insta HMS is the only clinic and hospital management solution which is able to offer Etisalat SDWAN powered Microsoft Azure hosted cloud based solutions with Malaffi Health Information Exchange connectivity in Abu Dhabi.
- Insta HMS has extensively well defined and flexible backup policy options for point in time recovery and disaster management to choose from whether they are hosted on their own on-premises servers or Insta managed Microsoft Azure cloud. These backups are tested periodically in coordination with the providers.
- Hot backup option to a local disk or NAS using database WAL shipping.
- Streaming replication to a backup server for High Availability.
- Backup from on prem to cloud.
- Insta has role based access controls so that only authenticated users via multi factor authentication have access to the Insta HMS application at all times.
- Access controls can be defined to authorize which users have access to specific screens and actions in the application workflow.
- Insta supports totp based authentication using apps, otp over email/sms, offline tokens which can be setup basis IP configuration rules.
- Insta stores all passwords in an 128 bit encrypted format, enforces a minimum 12 character length password, enforces first time login change password and has configurable password preferences to enforce customizable strength rules as well such as number of special characters, digits, characters, lower/uppercase letters etc.
- Insta has a wide range of administrator access to view the trail of transactions using the application audit log functionality.
- Insta HMS has written contractual agreements in place with customers not to make attempts to anonymize healthcare entity data/information, through specific instances, for the purpose of our own business benefits or needs.
- In the event that a customer wishes for any reason to transition out or discontinue use of Insta HMS services we are fully supportive of the customer during the transition and offer the following options for data extraction:
- a database dump is provided to the customer before deinstallation of software from customer servers or cloud instances.
- clinical data such as medical reports can be extracted in the form of PDF exports.
- masters and transactional data can be exported using Insta’s extensive reporting capabilities.
- In addition, we are responsible for all data removal from our environment, disconnecting all existing integrations and knowledge handover based on a mutually agreed approach.
- In the event that a security breach occurs our operations teams are equipped to make the disclosures within one hour of observation or knowledge to email@example.com.