14.1. Purpose:
14.1.1. To define compliance and audit requirements for the NABIDH Platform.
14.1.2. To assure effectiveness of implemented information security controls and prevent violations and breaches as per the laws, policies, or controls within the UAE.
14.1.3. To provide guidance in identifying and preventing unauthorized access to PHI within the NABIDH system and to comply with relevant privacy requirements.
14.1.4. To define the roles and responsibilities of all the relevant participants within the NABIDH system
14.1.5. To have an effective auditing process that ensures confidentiality of PHI within NABIDH.
14.1.6. To define the frequency and specifications of maintaining Audit Logs for maintaining Audit Logs for documenting all the access to and receipt of PHI through the NABIDH system.
14.2. Scope/ Applicability:
14.2.1. The scope of this document is the specification for audit requirements for implementation of the NABIDH platform among DHA licensed healthcare providers in the Emirate of Dubai.
14.2.2. This policy applies to NABIDH, and to all individuals and Healthcare facilities that have access to NABIDH managed PHI, including
14.2.3. DHA and their Business Associates or any subcontractors, who is responsible for oversight of NABIDH platform.
14.2.4. Public Health and their Business Associates or any subcontractors who is responsible for exchange of PHI.
14.2.5. NABIDH and their Business Associates or any subcontractors who is responsible for exchange of PHI.
14.2.6. HealthCare Facilities, their Business Associates or any subcontractors who is responsible for submission, collection and use of PHI.