One of the major challenges is the adoption of minimum security requirements for health care providers and allocation of responsibilities for their implementation, auditing and reporting through an appropriate legal intervention, incorporating the requirements of baseline security profile (BSP) as expressed in the epSOS IAR (Initial audit report). As part of the help desk to be established at Cyprus NCPeH, HCPs will be supported to implement and report on their compliance to them.
Concurrently Cyprus NCPeH will ensure that all cross border safeguards included in the BSP will be implemented and audited as part of the center’s Information Security Management system. A monitoring and reporting mechanism will also be established, mirroring EU level procedures and profiting from the experience gained during the epSOS pilot.
For this purpose, a security lead will be appointed by the Cyprus NCPeH that will coordinate communication with the health care providers in what concerns the implementation of the cross border security policy and requirements in general and the cross border minimum requirements in particular.
As part of its established relationship with HCPs, Cyprus NCPeH will also create a support and monitoring on line service through which HCPs will be able: (i) to report regularly on the implementation of the security requirements; (ii) report security incidences and receive support on how to resolve them and (iii) be prompted to complete the IAR reports on time for EU level peer review.
The Cyprus NCPeH may implement, if required, an ISO27000 conformant IMS (Integrated Management System). This will support the periodic security audit that the Cyprus NCPeH logical and physical infrastructure will undergo. The IMS should be reviewed against the IAR incorporating the baseline security profile and be amended to include any additional requirements if necessary. These requirements may be subject also to regular internal and external audit of the Cyprus NCPeH, as part of its established relationship with Healthcare providers, as well as provide support for the implementation of the BSP requirements for HCPs. For this purpose, an on line service can be created for archiving the regular reports on their compliance to the security requirements.
The Cyprus NCPeH IMS may undergo regular internal and external security audit. The Security Audit Report, including a special report on conformance against cross border care requirements, in the form of the IAR, will be made available for peer review within the community of NCPeHs, or as otherwise decided, as part of the MS collaborative governance for sake of trust and transparency.
A third party external Audit Report including a special section on conformance against cross border care requirements, will be made available for peer review within the community of NCPeHs, or as otherwise decided as part of the MS collaborative governance for sake of trust and transparency.