Compliance Index¶
Overview¶
Index of compliance requirements and documentation for BrainSAIT operations.
Regulatory Frameworks¶
Saudi Arabia¶
PDPL (Personal Data Protection Law)¶
- Status: In effect
- Documentation: HIPAA PDPL Alignment
- Key Requirements:
- Consent management
- Data subject rights
- Breach notification
- Cross-border restrictions
CCHI (Council of Cooperative Health Insurance)¶
- Status: In effect
- Documentation: Compliance SOP
- Key Requirements:
- Insurance regulations
- Provider standards
- Claims processing
NPHIES Standards¶
- Status: Mandatory
- Documentation: NPHIES Overview
- Key Requirements:
- FHIR R4 compliance
- API standards
- Data validation
International Standards¶
HIPAA (Reference Framework)¶
- Administrative safeguards
- Physical safeguards
- Technical safeguards
- Privacy practices
ISO 27001¶
- Information security management
- Risk assessment
- Security controls
SOC 2¶
- Security
- Availability
- Confidentiality
- Privacy
Compliance Checklist¶
Data Protection¶
- Consent mechanisms
- Data encryption
- Access controls
- Audit logging
- Breach procedures
Healthcare¶
- NPHIES integration
- FHIR compliance
- Coding standards
- Claims processing
Security¶
- Vulnerability management
- Incident response
- Access reviews
- Penetration testing
Audit Schedule¶
| Audit Type | Frequency | Last | Next |
|---|---|---|---|
| Internal | Quarterly | - | - |
| PDPL | Annual | - | - |
| Security | Semi-annual | - | - |
Related Documents¶
Last updated: January 2025