fb


Digital Information Security Healthcare Act

Digital Information Security Healthcare Act

Introduction

Every country should have the proper and adequate data of each and every patient either in hard copy or in soft copy. But now paperwork has become minimal because we have moved to technology era. At present everyone tries to keep the records in a digital form or in soft copy form as technology for its own benefits. But there should be proper and constructive security of sensitive and important data. 

Indian is a more populated country so it has always been more difficult to maintain a single unified data for every patient or person. There has required for a proper data security of the patient digitally. The central government aware of these facts and the incidents of data breaches means high personal and sensitive data created a new record in the health sector then provides a solution to these issues in a form of public welfare act or Digital Information Security in Healthcare Act, 2018.

Objective of the Digital Information Security in Healthcare Act

There are many objectives of the Digital Information security In Healthcare Act, 2018 which are given below: -

  • The main objective of the act was to provide the digital health data privacy, security and standardization.

  • To regulate the generation, collection, storage, transmission and access to the digital health data associated with personally perceptible information.

  • To established the National Digital Health Authority and Health Information Exchanges. 

  • It records all the health-related information relating to physical and mental health and health services provided to the person, donation of any body part or any bodily substance, information of testing or examination of a body part or bodily substance, information collected while providing health services and details of any clinical establishment which is accessed by the person.

  • The objective behind using personally identifiable information is to uniquely identify, contact, or locate any person specifically. The information in which including the name of the patient, address, vehicle number, date of birth and financial information etc.

  • DISHA give the effect to the provisions- National Electronic Health Authority at the central level and State Electronic Health Authorities at the state level.

Need a healthcare data security law in India

India ranks second, among the countries affected by cyber attacks. Recently, US-based Cyber Security firm FireEye reported that China compromised attacked on an Indian healthcare website and rupture more than 68Lakh health records which contained all the information of the patients and doctors.

These attackers directly sold the stolen information in underground forums.  According to the FireEye, the average cost of a single stolen record in healthcare is $380, which is the highest out of all the industries.

After carrying out a successful cyber attack on healthcare websites or organizations, attackers can rupture the health data and sold out in the black market. This stolen data can be misused by the person. These consequences of stolen health data shows that really needs a healthcare data protection law in India.

Duties of healthcare organizations under Digital Information Security in Healthcare Act, 2018

In India, the healthcare sector will need under Digital information security in Healthcare Act, 2018:

  • Before collecting his/her digital health data to inform the owner.

  • To tell the owner about the purpose of data collection.

  • To inform the owner about the entities with whom the data is being shared, within 3 working days.

  • To share identity of the people who can access the data.

  • To hold and save the digital health data of individuals on behalf of the National Electronic Health Authority.

In India, the healthcare industry will have to strictly take care that all the digital records remain private, confidential and secure.

The main measures that will need to be taken care which will be mention below: -

1.    Data encryption

If the healthcare organizations shared or transmitted the digital health data to health information exchange then this will need to be done in any encoded form. What encoded does protect the data from being compromised while t reaches from one entity to another entity.

2.    Data security

In India, the healthcare industry will have to implement all the necessary physical, administrative and technical measures to ensure the privacy, confidentiality and security of the digital health data.

3.    Training

Healthcare Authorities or organization will have to conduct the regular trainings for their personnel because they can maintain rules and regulations with the security protocols which mentioned in the India’s data protection law.

In India, healthcare organizations don’t comply with DISHA Act

If the law is not taken seriously then the significance of any law is measured on the basis of the consequences. The same thing is applicable to Digital Information Security in Healthcare Act (DISHA). The consequences are given below if healthcare organization doesn’t comply with DISHA act.

Failure in compliance

If an entity does not comply with the Digital Information Security in Health Act, it will be fined with a penalty of minimum Rs.1, 10, 000 will be additional fine for each day till the failure in compliance continues, to a maximum of Rs.1Crore.

Breach of digital health data

The entity will have to compensate and pay for the damages to the owner if an entity or organization collects, stores and discloses the digital health data or not secure the data per the standards or damages, destroys, delete and tamper with data. 

A serious breach of digital health data

If a person transfer any data dishonestly or intentionally or fraudulently or if the person fails to secure the data in accordance with the DISHA act or uses the data for commercial purposes or commits the breach repeatedly then the person will be punished with imprisonment of 3-5 years or fine is more than Rs.5Lakh.

Conclusion

It concluded that everyone tries to keep the records in a digital form or in soft copy form as technology for its own benefits. But there should be proper and constructive security of sensitive and important data. The central government aware of these facts and the incidents of data breaches means high personal and sensitive data created a new record in the health sector then provides a solution to these issues in a form of public welfare act or Digital Information Security in Healthcare Act, 2018.

Author:

Radhika Punani
Ambala
I am Radhika from Ambala city. I qualified LLM from Kurukshetra University and B.A.LLB from Maharishi Markandeshwar University


Leave a Comment



Previous Comments


Related Blogs