NABIDH Authorization Policy: Ensuring Data Privacy

One of the biggest challenges for the healthcare industry today, is the need to balance data accessibility and security. How do you safeguard patient health information while also making it more accessible and available for better healthcare delivery?  Dubai Health Authority’s (DHA) NABIDH platform is your answer. Short for National Backbone for Integrated Dubai Health, this platform enables seamless and secure exchange of patient health information. This system is governed by a comprehensive set of stringent policies and standards, one of which is the NABIDH Authentication and Authorization Policy.

NABIDH Authorization Policy: What it Entails

The NABIDH Authentication and Authorization Policy outlines the guidelines for allowing only authorized users and certified applications to access patient health information through NABIDH. This policy ensures the privacy and confidentiality of patient medical data is never compromised.

What purpose does the policy serve?

 There are three main objectives served by the NABIDH Authentication and Authorization Policy:

  1. To provide well-controlled access. The purpose is to allow only authorized users and certified applications to access patient data through NABIDH. This ensures that sensitive data remains secure at all times.
  2. To minimize exposure of health data. The NABIDH Authentication and Authorization Policy limits the exchange of health information exclusively to authorized individuals. This minimizes risk of unauthorized exposure or data breach.
  3. To build confidence. The necessity to adhere to strict authentication and authorization protocols instills confidence in patients about the privacy and security of their health data on the NABIDH system.

Who does the NABIDH Authorization Policy apply to?

This policy applies to all NABIDH users who can access and use patient health information stored in the NABIDH platform, including the DHA, NABIDH, healthcare facilities in Dubai, their associates, and patients. 

What are your responsibilities with respect to the Policy?

As a healthcare facility/provider, you play a crucial role in upholding the NABIDH Authentication and Authorization Policy. Your responsibilities include:

  • Compliance with all applicable laws and regulations, and strict identity verification. You have to ensure that access is granted only after thoroughly verifying and authenticating the identity of users through physical and digital identity checks.
  • Controlling access based on job functions and professional objectives. You must ensure that appropriate access levels are assigned based on individual roles and responsibilities. This is a prerequisite to safeguard data privacy and security.
  • Training NABIDH users in your facility. You must train authorized NABIDH users before activating their access to NABIDH. This is to make sure they are well-versed with the procedures and protocols of NABIDH usage. You must also provide annual refresher training to ensure data continues to remain safe and secure.
  • Developing and implementing access control policies and procedures. You are also responsible for formulating internal policies and procedures to ensure controlled access to NABIDH patient health information.
  • Removing access for individuals who have been terminated, left the facility, or have misused NABIDH health information.
  • Notifying NABIDH about users terminated for information misuse.
  • Implementing secure authentication processes for remote access to the NABIDH Clinical Portal.

The NABIDH Authentication and Authorization policy is designed to protect patient privacy and health data security. It fosters a collaborative and secure environment for exchanging health data and enables seamless authorized access to critical information. This enables you to deliver better healthcare and significantly improves patient health outcomes.