In March 2018, the Ministry of Health and Family Welfare released a draft of the ‘Digital Information Security in Healthcare Act (DISHA) to ‘enforce privacy and security measures for electronic health data, and to regulate storage and exchange of electronic health records’. In this regard, Ministry of Health and Family Welfare (MOHFW) seeks to set up a National Digital Health Authority and Health Information Exchanges with the aim to promote and adopt electronic health (e-health) standards.
The Draft provides for storage, use and transfer of digital health data and has provision for e-health data privacy, confidentiality, security and standardisation. It ensures safeguard of digital health data of a data owner at every step, right from the time of generation to collection, storage and its transmission.
The Draft gives right of refusal to individuals. One of its features is that even if individuals refuse to consent to generation, collection, storage, transmission and disclosure of their electronic health data, they will be entitled to receive health services. It prohibits commercial use of digital health data under any circumstance. After getting approval from data owners, limited exception has been granted for the purpose of processing insurance claims.
As per the Draft, it is obligatory for clinical establishments and health information exchanges to provide notice of breach of digital health data to the concerned individual within three days. The individual also has right to refusal under DISHA. It provides right to an individual to withdraw consent for storage and transmission of digital data pertaining to his health at any point of time. Individuals are also given right relating to rectification of their health data within 3 working days of making an application regarding it. The draft has provisions of imposing considerable penalties, damages and imprisonment (up to 5 years) and ` 5 lakh fine in case of non-compliance.