Batıgöz Health Group has established the Information Management System (IMS) Policy to manage all its information assets effectively, securely, and sustainably. This policy encompasses all information systems used in the health services provided in the medical centers of the group. The primary objective of the IMS is to ensure the confidentiality, security, and integrity of patient data while guaranteeing that all processes are conducted in compliance with legal, ethical, and quality standards.
Information Security
Our organization adopts a comprehensive information security management system to ensure the security of information assets and shapes all processes accordingly. In this context, all information assets are protected by effective security measures against risks such as unauthorized access, data loss, theft, unauthorized disclosure, and misuse.
Our information security practices are carried out in compliance with national and international regulations and standards specific to the healthcare sector, primarily the Personal Data Protection Law (KVKK) (for example, ISO 27001). This ensures the confidentiality, integrity, and availability of both patient information and other critical data components.
All our employees undergo regular training programs to raise awareness of information security and to disseminate a security culture at the organizational level. These trainings elevate personnel's awareness levels regarding information security, helping them to be better prepared against potential threats.
Sensitive data, especially patient information, can only be viewed and processed by authorized personnel with access rights as per their job descriptions. In this regard, role-based access controls are implemented, and user authorizations are carried out in accordance with specific security protocols.
To ensure the sustainability of the information security policy, technical and administrative controls are regularly reviewed, potential security vulnerabilities are quickly identified, and necessary improvements are made. To provide protection against cybersecurity threats, up-to-date technologies and software are utilized, and our systems are continuously monitored with a proactive approach.
- All information assets are protected against unauthorized access, loss, theft, and misuse.
- Information security processes are managed in accordance with standards in the healthcare field and relevant legal regulations.
- Employees regularly receive information security training and their awareness levels are heightened.
- Patient information and other sensitive data remain accessible only to authorized personnel.
Our organization views information security not just as a technological issue but also as a corporate responsibility and aims to continuously improve all its processes with this awareness.
Sub-Systems Constituting the IMS
The following sub-information management systems are used within the Batıgöz Health Group:
- HBMS (Health Information Management System): Enables the management of patient records, diagnoses, treatments, and reporting processes.
- LBMS (Laboratory Information Management System): Facilitates the recording of laboratory results and their sharing with relevant units.
- PACS (Picture Archiving and Communication System): Ensures the secure storage and sharing of data obtained from imaging devices.
- Web and Email Systems: Cover internal and external communication, data sharing, and internet services.
- File Servers: Provide centralized storage and management of electronic documents.
- Other Sub-Systems: All auxiliary systems that support information management processes.
Operation of HBMS and Change Management
- Changes to be made on the HBMS are primarily evaluated in a testing environment and risks related to patient safety and information integrity are analyzed.
- All change requests are documented and go through an approval process.
- Approved changes are shared with users, and necessary training is provided.
Information System Hardware, Infrastructure, and Request Processes
- System hardware is subject to regular maintenance processes.
- Requests for new hardware or infrastructure are presented for approval after evaluating the relevant needs.
- All infrastructure and hardware processes are planned and executed with an understanding of uninterrupted service.
Asset Management
- An up-to-date inventory of hardware, software, and data assets within the organization is maintained.
- Responsibilities for each asset are clearly defined and monitoring processes are implemented.
- Necessary security precautions are taken throughout the lifecycle of the assets.
Business Continuity Management
- Business continuity plans have been prepared for all information management systems.
- Regular disaster recovery tests are conducted to ensure that services continue without interruption in emergencies.
- Backup systems and data centers support business continuity strategies.
Backup Policy
- Information assets are regularly backed up at specified intervals.
- Backups are stored in secure environments and periodic restore tests are conducted.
- Backups of critically important systems are stored in geographically different locations.
Information Technology Disposal Management
- Information technology equipment that has completed its useful life is disposed of in a manner that does not compromise data security.
- Disposal processes are carried out in accordance with special protocols and in cooperation with authorized third parties.
- Each disposal process is documented and recorded in detail.
The Information Management System (IMS) Policy has been prepared to ensure that the Batıgöz Health Group manages its information management systems in accordance with national and international standards. The policy is reviewed and updated regularly based on needs.