EMERGENCY ACCESS PROCEDURE

Emergency access procedure refers to the process used for determining approval, follow-up, and oversight of emergency access to a User Account or computer system.

In accordance with the “security standards” incorporated into the Health Information Portability and Accountability Act, emergency access methods must be an integral part of the Company of Public Health Information Technology procedures and guidelines. Documented procedures for emergency access reduces the risk that key information technology assets are accessed inadvertently or inappropriately by persons without authority, while providing procedures that will allow appropriate individuals to access a resource to fix or respond quickly to an emergency.

  1. DEFINITION 
    1. Account is a functional part of the App, with the help of which the User can obtain Services and transfer his Data.
    2. User is any person who installs the App to receive Services for the purpose of monitoring their health.
    3. Personal Data is any information that is in the public domain, allowing you to directly or indirectly identify the User. For example, first name, last name, phone number, IP address.
    4. Data concerning health means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.
    5. Data is a common name for Personal Data and Data concerning health
    6. Doctor is a qualified specialist in the field of medicine, who is chosen by the User to receive Services for diagnosing his health or monitoring his condition.
    7. Disaster is any disruptive or catastrophic event (e.g., power outage, weather, natural disaster, vandalism) that causes an interruption in technology relating to Data, databases, systems, archived data and other resources provided by the Company. 
    8. Emergency means sudden, urgent, usually unexpected occurrence or occasion requiring immediate action.
    9. Department Administrator means the management staff of the Company's departments responsible for processing the work of Data Processing Employees.
    10. DeHealth company (hereinafter referred to as the "Company" or "DeHealth") is a DEHEALTH TECHNOLOGIES, INC, registered at 1049 El Monte Avenue, Ste C #846,
Mountain View, CA 94040, United States, EIN: 36-5099713, which provides Services to Users.
    11. DeHealth application (hereinafter referred to as the "App") is a service created so that the User can check the state of his health and monitor the change in his health.
    12. Services an algorithm of actions carried out by the Company to provide the User with the opportunity to install the App to check the state of his health and monitor its condition by contacting a Doctor.
    13. Third Party means a natural or legal person, government agency, institution or body, other than the User or Company.
  2. USING
    1. The Emergency Access Procedure is used only when the application of normal procedures is insufficient (for example, the help desk or system administrator or other Employees are not available).
    2. Emergency access procedure can be used in the following cases:
    3. Account problems:
      1. If the User has forgotten or lost access to his Account for any reason;
      2. In case of blocking access to the Account, for example: if the User entered an incorrect password too many times;
      3. If the User needs emergency medical assistance and a specialist in the field of medicine needs to transfer Data concerning health.
    4. Authentication problems:
      1. In the event of a failure of the software authentication system used for Employee access;
      2. In case of impossibility of authentication of Employees in case of an emergency situation;
      3. In case of an emergency change of the software used for authentication.
    5. Authorization problems:
      1. In the event of an emergency medical situation, when access to Data concerning health is required by an Employee that does not have the appropriate level of access;
      2. In case of an emergency medical situation, access to Data concerning health is required by any medical professional who is not a Doctor or a Partner of the Company.
    6. Disaster problems:
      1. In the event of a Disaster, when it is necessary to replace the software used to provide Services and access by Employees to Data concerning health by the Employee;
      2. In the event of a Catastrophe, when access to Data concerning health is required by an Employee who previously did not have such access;
      3. In the event of a Catastrophe, when access to Data concerning health is required by any medical professional who is not a Doctor or a Partner of the Company.
  3. APPLICABILITY 
    1. Applicability Emergency access procedures are applicable to all DeHealth departmental administrators and supervisors responsible for supervising Employees and processing of Data concerning health.
    2. The Company uses the following Emergency access procedures principles:
      1. All managers of the Company's departments are familiar with the importance of the Emergency Access Procedure, including the process of approval, follow-up and monitoring of their implementation.
      2. Good communication between all Company management and Employees, including the process and procedures for emergency access to Data.
      3. Employees obtain the approval of a Company manager before granting temporary Software/Account access control privileges to another person during an Emergency.
      4. During an Emergency/Disaster involving the User and his/her Data, the relevant Employee has the right to temporarily give control of access to the software to another Employee until the Emergency/Disaster is over.
      5. If an Emergency/Disaster affects or may affect Users, such as a clear misuse of IT resources or a security breach, the relevant Employee has the right to take the necessary measures without authorization during the emergency.
  4. PROCEDURES FOR EMERGENCE ACCESS
    1. During an Emergency/Disaster, the Company applies the following procedure:
      1. During an Emergency/Disaster, a Department Administrator or Company manager has the right to temporarily give control of access to the software to another Employee until the Emergency/Disaster is resolved.
      2. Once a decision is made, the Department Administrator or Company manager will contact the relevant Employee to begin the process of granting temporary control of access to the software to another Employee.
      3. A Department Administrator or Company manager will review such a decision before transferring access to the software to another Employee.
      4. The Department Administrator or the head of the Company implements technical steps to provide temporary access to another Employee according to the type of Emergency/Disaster and access rights.
      5. A Department Administrator or Company manager reviews the changes to ensure that the temporary Employee has the appropriate emergency access.
      6. If the problem still exists, the Department Administrator or Company Manager will reevaluate the technical steps and resolve any issues.
      7. After emergency access privileges have been successfully established, the Department Administrator or Company Manager will monitor and verify the actions of such Employee and their emergency access.
      8. The Department Administrator or the head of the Company sets the duration of granting such access to the Employee and is in close contact to determine the terms of granting such access to the software.
      9. When the Emergency/Disaster is resolved, the Department Administrator or Company Manager will remove the other Employee's temporary emergency access and return access controls to their original state.
  5. CONTACT OF TECHNICAL EXPERT
    Position: Web3/Mobile Lead
    Name: Alexander Lisovik
    Contact: [email protected]
    Position: Chief information security officer (CISO)
    Name: Oleh Khomiak
    Contact: [email protected]