Experiencing a Breach?
GET IN TOUCH

Get the assistance to roadmap your ADHICS V2 compliance journey  

Discover hidden compliance and security risks across your infrastructure with dedicated assistance to identify and address the gaps specific to ADHICS V2 standards  

DOWNLOAD DATASHEET
OVERVIEW

Understanding
ADHICS V2 Standards

The Department of Health, Abu Dhabi, framed and published the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS) on February 3rd, 2019. It is standard for the healthcare sector, providing entities in the healthcare sector with systematic regulation of healthcare data.  

 

It seeks to ensure privacy and security at the highest level for all healthcare information and data with international security standards.  It is a proactive measure to assist healthcare entities in securing their most valuable information assets, comprising sensitive healthcare information.  

 

The standard reflects the Abu Dhabi Government’s commitment to secure health information and healthcare infrastructure. It seeks to establish requirements for a secure healthcare ecosystem and is aligned with the strategic demands of the Abu Dhabi Healthcare Information and Cybersecurity Strategy. See how SharkStriker helps healthcare entities adhere to ADHICS V2 standard.

ADHICS Compliance
APPLICABILITY

On whom does ADHICS apply? 

It applies to all the entities that generate, access, store, use, process and/or transmit healthcare information. It includes but is not limited to: 

  • Healthcare Facility  
  • Any Payer who handles healthcare or patient data 
  • Healthcare Technology and Service Provider in the emirate of Abu Dhabi  
BENEFITS

What are the benefits of being ADHICS compliant?

  • Improves information assurance standards between healthcare entities and citizens of the UAE
  • Clarifies ownership of information assets
  • Prepares organization for data breaches, ransomware, and other attacks
  • Builds trust between patients and healthcare entities
  • Saves business from the costs of cyber attacks
  • Helps healthcare entities establish a strong cybersecurity posture
  • Creates a loyal base of repeating customers
  • Helps organizations achieve global benchmarks
REQUIREMENTS

Mandatory Requirements of ADHICS V2 

The entities that are subject to the standard are expected to demonstrate their information and cybersecurity compliance efficiently and they must address the specific management needs of healthcare and its complex operation environments.  

The standard has 708 controls across 11 domains, 332 are ‘basic’ controls, 211 are ‘transitional’ and 165 are ‘advanced’. 

The following are some of the mandatory requirements of ADHICS V2: 

01
Risk management
it requires subjected entities to assess infrastructure for risks and mitigate the risks as per assessment (ADHICS, A-4)
02
Establishing policies for information security
Entities are required to develop and implement policies and procedures and other requirements as per ADHICS Standard. They are free to customize the policies as per their organizational setup.
03
Classification of assets
Entities subjected to the standard must define asset classification scheme (ADHICS, A-5, Domain 2, “Asset Management” Section B, AM 1 to AM 3)
04
Implementation of controls
Entities must implement requisite controls for human resource security, access control, health information, communication, asset management, environmental security, information security, physical security, and incident management.
05
Continuous improvement
Entities are required to ensure the effectiveness of measures and continuously improve with the requirements. They must ensure management review, internal audit, and actions for remediation. Entities must also review and submit their status of compliance to DoH.
NON-COMPLIANCE RISKS

What are the consequences of non-compliance?

There is no mention of any specific amount of penalty in the standard however, the standard does specify that non-compliance can result in penalties like fines and sanctions and potential legal liability from patients and regulatory bodies. Non-compliance can significantly Impact the auditing process and license registration/renewal.  

APPROACH

How SharkStriker helps you become ADHICS V2 compliant?

We gather context about the organization’s infrastructure and services and frame the scope of our project.

We assess the status quo information security measures against ADHICS requirements, looking for gaps in compliance.

We assess whether their healthcare data got exposed to any security or privacy risks.

We prepare a detailed risk treatment plan that addresses all the security and compliance gaps and risks with actionable measures, resources, technology, and expertise as per ADHICS V2.

We help prepare & manage policies, ensuring that they align with the security and privacy requirements specified in the ADHICS V2.

We identify and bridge gaps in technology, processes, and expertise to be implemented for adherence to ADHICS V2.

We engage in continuous security assessments using Vulnerability Assessment & Penetration Testing, and other testing methodologies at regular intervals to ensure that the organization’s security posture is compliant with ADHICS V2.

To mitigate the possibility of human error and non-compliance, we assess and train employees across different levels regarding ADHICS V2 compliance.

We perform compliance audits at regular intervals to assess and maintain the level of compliance.

We perform comprehensive internal audits to ensure that there is no deviation from the ADHICS V2 policy and procedural requirements.

BEST PRACTICES

Some ADHICS v2 best practices we help implement

  • Detailed ADHICS v2 gap assessment
  • Customized compliance road mapping
  • Policy framing and management
  • Asset identification and classification as per ADHICS v2
  • Training & awareness against ADHICS v2 compliance roles and responsibilities
  • Continuous compliance monitoring
  • Incident response planning
  • Third party/vendor risk management
  • Audit related guidance

Get experts to meet your ADHICS compliance goals

SPEAK WITH OUR TEAM