Healthcare initiatives have been one of the major tasks undertaken by the current government at centre. Government has a vision of providing health care assistance to all Indians, and reduce the out-of-pocket spending on healthcare with the help of state governments. Along with this, they also intended to focus on the key factors that are detrimental to our health, such as sanitation and drinking water, to help reduce the number of water-borne diseases in the country.
The latest addition to the initiatives to boost the healthcare system in India is the National Health Protection Mission, which was introduced by the government in the Union Budget 2018. The government had emphasised on the capabilities and scalability of the new age technologies in the healthcare sector, which is a clear indication of the government’s reliance on the latest technologies in different domains.
However, one loophole that has become a nightmare for the government is the data privacy hurdles. Hence, addressal of the data breach is coming at a critical point where the government is fighting off privacy hurdles over the Aadhaar Act while issuing warnings to Facebook and Cambridge Analytica over Facebook data breach of 50 million people. Taking lead from such incidents, in a silent yet tough stance towards data breach, the central government of India has released a draft of Healthcare Security Law under Digital Information in Healthcare Security Act (DISHA) and has invited comments from stakeholders and readers on the same before April 21.
In the draft document shared, the Ministry of Health and Family Welfare has announced plans to set up a nodal body and the “purpose of the act is to provide for electronic health data privacy, confidentiality security and standardisation and provide for the establishment of the National Digital Health Authority and Health lnformation Exchanges and such other matters related and incidental thereto”.
The key highlights of this initiative are:
- Any health data including physical, physiological and mental health condition, sexual orientation, medical records and history, and biometric information are the property of the person who it pertains to.
- Digital health data may be generated, collected, stored and transmitted by a clinical establishment and by health information exchanges for various purposes including advancing the delivery of patient-centred medical care, to provide appropriate information to help guide medical decisions and to improve coordination of care and information among hospitals, laboratories, medical professionals, and other entities through an effective infrastructure for secure and authorised exchange of digital health data.
- Any person who commits a serious breach of healthcare data shall be punished with imprisonment, which shall extend from three years and up to five years or fine, which shall not be less than INR 5 Lakh.
- No court shall take cognizance of any offence punishable under the Act except on a complaint made by the Central Government, State Government, the National Electronic Health Authority of India, State Electronic Health Authority, or a person affected.
- The draft envisages a health information exchange, a State Electronic Health Authority and a National Electronic Health Authority along with a clinical establishment [as defined in the Clinical Establishments (Registration and Regulation) Act, 2010]to protect the privacy, confidentiality and security of the owner’s digital health data.
The initiative looks like a powerful one, however, its utility will be known only in the days to come.