The privacy and the security of patients’ Protected Health Information (PHI) are among our top priorities. Malaffi and all participating healthcare facilities (Participants) protect PHI using physical, technical and administrative measures.
Malaffi and all Participants are required to comply with all Emirate-wide and federal health privacy laws, as well as the Abu Dhabi – Healthcare Information And Cyber Security Standard (ADHICS), which focuses on the specifics of protecting and/or securing personal health information.
Measures to protect PHI include rigorous privacy and security protocols, some of which are listed below:
- Only trained authorised healthcare professionals and members of the care teams (authorised users) will be able to access Malaffi
- All PHI is shared over a secure electronic network, and all information in transit and at rest is encrypted to prevent unauthorised access
- Our teams perform a security assessment of the participants before they connect to Malaffi, to ensure that they uphold the required security standards
- We ensure that all our staff has passed the HIPAA Awareness Training for Business Associates. HIPAA (Health Insurance Portability and Accountability Act) is a USA legislation which provides security provisions and data privacy, in order to keep patients’ medical information safe
- Malaffi has implemented privacy and security guidelines for authorisation and accessibility of the platform. As part of the guidelines, Malaffi maintains activity logs of the authorised users who view patient files and access information and receives notifications in case of misuse of the platform
- Only the highest level of authorised users who are clinically treating the patient may “Break the Privacy Seal”, i.e. access all patient’s sensitive health information (e.g. HIV/ AIDS, sexually transmitted diseases, substance abuse, mental health conditions). This is on the condition that, in the professional judgment of that clinician, access to such sensitive health information is strictly necessary to ensure optimal treatment of the patient. These activities are monitored to ensure proper usage of the platform