The health data will eventually become the backbone of the National Health Protection Mission
As it prepares to roll out the biggest public funded health insurance programme in the world, the government of India has also drafted a comprehensive law for the security of digital healthcare information.
The draft Digital Information in Healthcare Security Act (DISHA) aims to “provide for the establishment of National and State eHealth Authorities and Health Information Exchanges; to standardize and regulate the processes related to collection, storing, transmission and use of digital health data; and to ensure reliability, data privacy, confidentiality and security of digital health data and such other matters related and incidental thereto.” Stakeholder comments on the draft legislation have been invited by April 21.
The law makes breach of digital health data a punishable offence, with the provision for imprisonment of three to five years and a fine of not less than Rs 5 lakh
The law lays down that the owner shall have the right to privacy, confidentiality, and security of their digital health data, and also have the right to give or refuse consent for the generation and collection of digital health data by clinical establishments. It makes breach of digital health data a punishable offence, with the provision for imprisonment of three to five years and a fine of not less than Rs 5 lakh.
A serious breach would be said to have occurred when:
(a) A person commits a breach of digital health data intentionally,
dishonestly, fraudulently or negligently; or
(b) Any breach of digital health data occurs, which relates to
information which is not anonymised or de-identified; or
(c) A breach of digital heath data occurs where a person failed to
secure the data as per the standards prescribed by the Act or
any rules thereunder; or
(d) Any person uses the digital health data for commercial
purposes or commercial gain; or
(e) An entity, clinical establishment or health information
exchange commits breach of digital health data repeatedly;
Data theft is also similarly punishable.
The law also provides for the constitution of a ten member National Electronic Health Authority of India, a national executive committee and state electronic health authorities. The Centre will set up health information exchanges. Digital health data may be generated, collected, stored, and transmitted by a clinical establishment – read hospitals, clinics – and by health information exchanges for various purposes including advancing the delivery of patient centered medical care, to provide appropriate information to help guide medical decisions at the time and place of treatment and to improve the coordination of care and information among hospitals, laboratories, medical professionals, and other entities through an effective infrastructure for the secure and authorized exchange of digital health data.
