Skip to main content

Security & Compliance

Patient trust depends on the security and confidentiality of health information. SystmOne uses multiple layers of protection — encryption, role-based access controls, audit trails, and compliance frameworks — but technology alone is not enough. Daily user behaviour is what ultimately protects patient data.

Security is Everyone's Responsibility

Every action you take under your login is logged and auditable. Protect your credentials, lock your screen, and access only what you need for legitimate clinical duties.

Start Here

Not sure where to begin? Pick the path that matches your role:

Clinical Staff
Daily habits, password rules, workstation security, and what you must never do
Administrator or Supervisor
RBAC roles, account provisioning, access reviews, and system-level controls
I Need to Report an Incident
Lost credentials, suspicious access, or suspected data breach — act immediately

Why Security and Privacy Matter

Patient Trust
Confidentiality supports the clinician-patient relationship. When patients trust their information is private, they share more openly, improving diagnosis and care outcomes.
Legal Compliance
Malaysia's healthcare environment includes PDPA, MOH policies, and MMC guidelines. These frameworks require robust controls to prevent unauthorized access and protect patient rights.
Professional Duty
Protecting patient information is an ethical obligation for all healthcare staff. This duty applies to how records are accessed, stored, and shared.
Quality Care
Secure systems enable clinicians to focus on patient care confidently. When security runs smoothly in the background, workflow stays efficient while confidentiality remains protected.

Defense in Depth

SystmOne uses a defense-in-depth model. Multiple layers work together so that if one layer fails, others still protect the data.

01
Data Protection
Encryption at rest and in transit, cloud redundancy, automated backups, disaster recovery
02
Access Control
Role-based permissions, authentication, session timeouts, restrictions on sensitive data
03
Audit Trail
Every action logged permanently: who, what, when, where. Tamper-proof and non-deletable
04
Compliance
Alignment with ISO 27001, ISO 9001, PDPA, MOH ICT Security Policy, and MMC guidelines

Your Security Essentials

The Non-Negotiables

RuleWhy It Matters
Never share your loginYou are personally accountable for every action under your account
Lock your screen when you step awayPrevents unauthorized access in shared clinical areas
Access records only for legitimate careCuriosity access is a breach of ethics and policy
Log out at shift endEnds your session completely; auto-lock is not enough
Report concerns immediatelyEarly reporting protects patients, staff, and the clinic

Quick Reference: Common Mistakes to Avoid

RiskCorrect Practice
Leaving workstation unlockedLock screen before stepping away (Windows key + L)
Sharing passwords during busy periodsEach person logs in with their own credentials
Writing passwords on sticky notesUse approved secure password management methods
Accessing records out of curiosityAccess only records needed for clinical duties
Multiple users logged in on the same workstationOne user logs out fully before the next logs in
Discussing patient details in waiting areasKeep discussions in private clinical spaces

Emergency? Contact Now

Contact the Clinic ICT Security Officer (ICTSO) or Clinic Administrator if you observe or suspect:

  • Unauthorized access to patient records
  • Lost or stolen devices with patient data
  • Forgotten passwords or unusual account lockouts
  • Suspicious system behaviour or error messages
  • Security policy violations by staff
  • Accidental disclosure of patient information
Report Early

Report early, even if unsure. Early reporting protects both patients and staff.

What This Section Covers

Access Control & Data Security

User Account Policy

Find a Topic

If you need to understand…Go to…
What I must and must not do every dayUser Responsibilities
How roles and permissions workAccess Control & Data Security
How every action is loggedAudit Trail
How to correct errors safelyMark In Error
Feedback

Send feedback

Last updated on by Fuad Jaafar

Feedback

Send feedback

© CCMS Hub. Content on this site was prepared for internal clinical use. Please request permission before reproducing or republishing on other platforms.