Information Security & Privacy

Principles and Importance

Healthcare services rely on information technology systems to ensure continuous and efficient operations. BDMS consequently places high importance on assessing the risks regarding cybersecurity and user data privacy in conformity with related regulations. A data breach can negatively affect the corporate reputation and also pose financial risks. Understanding the importance of information privacy and security, BDMS has established policies and fundamental structures for its information systems to ensure the personal information security of clients and employees.

Information Security Management Committee (ISMC)

  • ISMC consists of BDMS Board of Directors and senior executives who are responsible for approving and enforcing related policies or procedures; setting criteria and managing critical risks; and taking disciplinary action against those violating the policy. The responsibility of the Committee will cover data privacy in 2021.

Data Protection Officer (DPO)

  • DPO are BDMS employees or appointed personnels who are responsible for supervising the storage and usage of personal information; reporting risks or related incidents; providing suggestions for the Committee; organizing training; publicizing news and coordinating with related internal and external departments on information management.

Information Security Director (ISD)

  • ISD consists of Executive representatives of BDMS subsidiaries who are responsible for providing consultancy on the establishment of policy and related measures; supervising systems and computer network administrators; encouraging education of related personnel; monitoring compliance; updating the policy; finding solutions to violations of policy or information security; and submitting a quarterly report to the Committee.

BDMS Computer Emergency Response Team (BDMS CERT)

  • BDMS CERT are BDMS employees or appointed personnels who are responsible for responding to incidents related to information security; advising and rectifying information security threats; monitoring and publicizing news related to information security; studying and updating tools and guidelines and performing other duties as may be assigned.

 

 

 

 

 

 

See BDMS Draft Data Subject Request Policy in here

See BDMS Example Consent Form in here

See BDMS Example Privacy Notice for Patients and Vendors in here