Arun Sreenivasan, New Delhi
Friday, March 23, 2018, 08:00 Hrs [IST]
The Union health ministry has finalised the draft of the proposed Digital Information Security in Healthcare Act (Disha), a crucial step in establishing the National Electronic Health Authority (NeHA), a nodal agency for creating regulatory framework and guidelines for interoperability and exchange of digital healthcare data in the country.
The government is getting ready to set up the statutory body through an Act of Parliament. The authority will play a key role in promoting e-health standards by enforcing privacy and security measures and regulating storage and exchange of records. The Act will also pave the way for the setting up of Health Information Exchanges.
The 33-page draft document discusses in detail the role and composition of the proposed nodal agency, its powers and responsibilities. The general public can express their suggestions and views on the draft bill till April 21.
As per the draft document, digital health data is defined as any health-related electronic record about an individual such as information on physical or mental health, any health service provided to him or her and data on donation of body parts or testing of any bodily substance.
The draft, which differentiates general health data from sensitive health-related information, defines the latter as any record, “If lost, compromised or disclosed, could result in substantial harm, embarrassment, inconvenience, violence, discrimination or unfairness to an individual, including but not limited to, one’s physical or mental health condition, sexual orientation, use of narcotic or psychotropic substances, consumption of alcohol, sexual practices, Human Immunodeficiency Virus status, sexually transmitted infections treatment and abortion”.
The NeHA will have the power to formulate standards, operational guidelines and protocols for the generation, collection, storage and transmission of the digital health data. Its powers are applicable to clinical establishments generating digital health data and health information exchanges. It is also responsible for ensuring data protection by establishing security measures including access controls, encrypting and audit trails.
Once the national authority is in place, it will have its state-level offshoots and state governments are responsible for their formation.
The draft document also elaborates on punitive measures against health data thieves. It stipulates that obtaining the digital health information of another person, fraudulently or dishonestly, shall be punished with imprisonment for a term which shall extend up to one year or fine, which shall be not less than Rs.1 lakh or both. “Whoever intentionally and without authorisation acquires or accesses any digital health data shall be punished with imprisonment for a term, which shall extend from three years up to five years or fine, which shall be not less than Rs.5 lakh or both,” the draft states.
Other salient aspects of the bill include regulations for data ownership and standardisation and specifics regarding adjudicating authority.
It may be noted that Union health minister JP Nadda had recently highlighted the role of digital health data in reducing inequity in provisioning and distribution of resources and services and slashing medical errors and cost of care. In the National Health Policy 2017, the government had charted a road map for healthcare and setting up district-level electronic database of information on health system components by 2020 was one of its primary goals. Against this backdrop, many industry observers view the formation of a nodal agency to strengthen the health surveillance system as an imperative measure.