Cybersecurity Policy
Jodal Health Care, Inc. Cybersecurity Stance Statement
As a premier healthcare provider, Jodal Health Care, Inc. is dedicated to maintaining the highest standards of patient confidentiality, data integrity, and information security. Our cybersecurity stance is structured around a robust framework that ensures all Payment Card Information (PCI) is handled in strict accordance with the latest Ministry of Health standards and PCI Data Security Standards.
Policy Overview
- Data Protection Policy: All PCI data stored, processed, or transmitted by Jodal Health Care, Inc. will be encrypted using industry-standard encryption methods. Access to this data will be strictly controlled and monitored.
- Access Control: Access to sensitive data will be granted on a need-to-know basis, utilizing role-based access controls (RBAC) to minimize the risk of unauthorized disclosure.
- Employee Training: All employees will receive regular training on the importance of data security and the specific steps Jodal Health Care, Inc. takes to protect PCI data, including the identification and reporting of any suspicious activities.
- Compliance with Ministry Standards: We commit to regular audits and assessments to ensure our practices are in line with the latest directives from the Ministry of Health regarding patient data security and privacy.
- Vendor Management: All third-party vendors with access to PCI data will be required to comply with our cybersecurity standards and demonstrate their adherence to the relevant Ministry and PCI DSS requirements.
Operational Practices
- Regular Risk Assessments: We will conduct regular risk assessments to identify and mitigate potential vulnerabilities in our systems and processes.
- Incident Response Plan: We maintain a comprehensive incident response plan designed to quickly address any security breaches or data exposure incidents.
- Network Security: Robust firewall and intrusion detection/prevention systems are in place to protect against unauthorized access and potential security threats.
- Data Retention and Disposal: We follow strict data retention policies and employ secure disposal practices for all PCI-related information that is no longer needed.
- Physical Security: Physical access to systems handling PCI data is secured and monitored, with entry controls to prevent unauthorized access.
Technology and Solutions
- Security Information and Event Management (SIEM): Utilizing SIEM tools for real-time analysis of security alerts generated by network hardware and applications.
- Advanced Malware Protection: Implementing advanced malware protection solutions to defend against evolving threats.
- Data Loss Prevention (DLP): Employing DLP strategies to monitor and control data transfer across the organization.
- Multi-Factor Authentication (MFA): Requiring MFA for any internal or remote access to systems containing PCI data.
Compliance and Audit
- PCI DSS Adherence: Ensuring all cardholder data environments (CDE) comply with the latest PCI DSS requirements.
- Regular Audits: Engaging with independent auditors to perform regular reviews of our security measures and compliance status.
- Documentation and Records: Maintaining thorough records of compliance efforts, incident responses, and policy updates.
Review and Improvement
- Continuous Improvement: We are committed to the continuous improvement of our cybersecurity posture, learning from industry best practices, and integrating the latest technological advancements.
- Feedback Mechanisms: Establishing channels for employees, patients, and partners to provide feedback on our cybersecurity measures.
- Management Commitment: Ensuring that cybersecurity remains a top priority at the executive level, with clear accountability and adequate resourcing.
By implementing and maintaining this comprehensive cybersecurity stance, Jodal Health Care, Inc. demonstrates its unwavering commitment to safeguarding the privacy, integrity, and security of our patients’ payment card information and ensuring trust in our healthcare services.
Discover the Jodal Health Care Difference!
We provide the care you want where you want it - group home, day program, nursing home, and in home care support services - 24-hour basis. We look forward to serving you.