Site icon LAWYERS GYAN

DISHA: Proposed Health Security Bill

Health records digitization

INTRODUCTION:

India is in dire need of the legal framework for data protection, amid all the plans and talks of an IT framework for government’s new health protection scheme, union ministry released the draft, for upcoming act, to protect health data. In December 2017, the white paper on data protection framework for India was published under the committee of experts, chaired by Justice BN Srikrishna. Intruding the framework of the same, the introduction of draft bill of DISHA, Digital Information Security in Health Act, has been headed in the right direction.

On March 21, 2018, Government of India published a draft bill on the same, through e-health section of ministry of health and family welfare department and has invited the public and stakeholders to comment by Aril 21, 2018.

In nutshell, DISHA will help to share, digitally, personal health records with hospitals and clinics, creating the database of health records in India.

Discussing the mains of the bill:

1. Ownership of digital health data and rights of the owner of data:

The data collected or generated or transmitted or stored, will be owned by the individual whose health data will be digitized. All the establishment or health information exchange, clinics or hospital, holding data of any entity shall have the duty to protect the privacy, confidentiality and security of such data.

2. Clause of consent:

Under the fundamental right “right to privacy”, the confidentiality, security of digital health data and generation and collection of health data, by institutions, are subject to exceptions, mentioned under the bill. Exception to all, righto refuse consent, right to give, right to withdrawal consent for the generation and collection of data are given to the owner of the data. Further, several other clauses have been invoked for the prior permission for each instance, like, transmission, generation, circulating, form the owner. The clause of transmitting or disclosing sensitive health related data which can cause damage or distress to the owner, is prevented.

3. Data collection:

Collection of data must be in a specific limits and should not exceed the required need of collection

4. Transparency:

Owner of the data must know as where his information is being disclosed or transmitted or shall have a right to access his information with details of consent given and right to be informed at every instance related to the access of data by any authority.

5. Rectification:

Right to rectify any inaccurate or incomplete information about the owner should be there without any delay through established institutions.

6. Sharing:

The information created should be shared with the family in case of emergency.

7. Protection:

The right to seek compensation for damages under any breach of data.

8. Data collection and defining personally identifiable information:

Sensitive health-related information’ means information, that if lost, compromised, or disclosed, could result in substantial harm, embarrassment, inconvenience, violence, discrimination or unfairness to an individual, including but not limited to, one’s physical or mental health condition, sexual orientation, sexual practices, abortion, etc. 

9. Data Collection:
10. Purpose of collection, storage, transmission and use of the digital health data

Personally Identifiable information:

De-identified data :

11. Storage of digital health data:

The establishment or any institution or health information exchange holding any data for the purpose of creating data health record or  on the behalf of Electronic Health Authority, personally identifiable information can be collected, and stored by any entity, apart from a clinical establishment. However, there shall be no access to, or disclosure of such information without exceptions. This information may only be used for the purposes of direct care of the owner of the data.

12. Transmission of data:
13. Rectification of digital health data:

Owner, to rectify the health data, has to make an application to establishment and the information should be rectified within 3 working days of the application received.

14. Breach:

Breach of digital health data is if:

  1. In case any person collects and store any information, specifically mentioned to be prohibited under the act;
  2. Any act done in contravention of the rights conferred to the owner of the data;
  3. Any digital record is not secured as per the giver security measures under the act;
  4. Any person damages or destroys or delete or harm or tamper the data in any manner;

Person breachinhg the data shall be liable to pay damages, in form of compensation, to owner of the digital health record data..

15. Penalties for breach/serious breach

The Central Government, State Government, the National Electronic Health Authority of India, State Electronic Health Authority, or a person affected can go to court.

Do read: https://lawyersgyan.com/blog/delhi-hc-lashes-at-media-houses-in-kathua-gang-rape/

Visit our Instagram page @lawyergyan at this link.

For more BLOG/ NEWs, CLICK HERE.

Please Subscribe for more updates.

WhatsApp Group Join Now
Telegram Group Join Now
Instagram Group Join Now
Exit mobile version