Principles and Importance
Healthcare services rely on information technology systems to ensure continuous and efficient operations. BDMS consequently places high importance on assessing the risks regarding cybersecurity and user data privacy in conformity with related regulations. A data breach can negatively affect the corporate reputation and also pose financial risks. Understanding the importance of information privacy and security, BDMS has established policies and fundamental structures for its information systems to ensure the personal information security of clients and employees.
Information Security Management
BDMS has established a structure for information security and also enforces policies, guidelines and standards for work operations in the organization. This is to ensure appropriate utilization of information technology and to prevent potential risks.
Data Governance Council
BDMS subsidiary hospitals and companies must assign personnel to join the Data Governance Council to support the operations in conformity with the Personal Data Protection Act. The Council’s responsibilities are as follows:
- Establish procedures and guidelines on information exchange from the preparation stage to launch, as well as during and after operations to ensure information security
- Assess and revise the right of a department to utilize information according to its roles and mission
- Support departments with resources to effectively comply with the information policy
- Devise an action plan and procedures
BDMS Information Privacy Guidelines
BDMS has revised its guidelines for BDMS Information Privacy in critical operations and publicized them throughout the BDMS group according to the Personal Data Protection Act, with details as follows:
- Privacy Notice
- Record of Processing Activity (ROPA)
- Personal Data Security Measure
- Data Processing Agreement
- Data Subject Rights Request
- Data Breach Notification
- Use of Social Media for Personal Data Collection or Disclosure
- Disclosure of Data to Third Party
Information Security Management Committee (ISMC)
- ISMC consists of BDMS Board of Directors and senior executives who are responsible for approving and enforcing related policies or procedures; setting criteria and managing critical risks; and taking disciplinary action against those violating the policy. The responsibility of the Committee will cover data privacy in 2021.
Data Protection Officer (DPO)
- DPO are BDMS employees or appointed personnels who are responsible for supervising the storage and usage of personal information; reporting risks or related incidents; providing suggestions for the Committee; organizing training; publicizing news and coordinating with related internal and external departments on information management.
Information Security Director (ISD)
- ISD consists of Executive representatives of BDMS subsidiaries who are responsible for providing consultancy on the establishment of policy and related measures; supervising systems and computer network administrators; encouraging education of related personnel; monitoring compliance; updating the policy; finding solutions to violations of policy or information security; and submitting a quarterly report to the Committee.
BDMS Computer Emergency Response Team (BDMS CERT)
- BDMS CERT are BDMS employees or appointed personnels who are responsible for responding to incidents related to information security; advising and rectifying information security threats; monitoring and publicizing news related to information security; studying and updating tools and guidelines and performing other duties as may be assigned.