Draft Digital Health Security Law

May 2, 2018 November 17, 2019

The central government has put in the public domain the draft of a law to ensure protection of health data. The features of the bill include:

  • The law makes any breach punishable by up to five years imprisonment and a Rs 5-lakh fine.
  • It proposes that any health data including physical, physiological and mental health condition, sexual orientation, medical records and history and biometric information are the property of the person who it pertains to.
  • The owners have the right to privacy, confidentiality, and security of their digital health data and the right to give or refuse consent for generation and collection of such data.
  • The Act envisages a health information exchange, a State Electronic Health Authority and a National Electronic Health Authority.
  • Health information exchange, a State Electronic Health Authority and a National Electronic Health Authority along with clinical establishment shall be duty-bound to protect the privacy, confidentiality and security of the owner’s digital health data.
  • Digital health data may be generated, collected, stored, and transmitted by a clinical establishment and by health information exchanges for various purposes including advancing the delivery of patient-centered medical care, to provide appropriate information to help guide medical decisions and to improve coordination of care and information among hospitals, laboratories, medical professionals, and other entities through an effective infrastructure for secure and authorized exchange of digital health data.
  • A serious breach of this data is said to have occurred when the breach is intentional or repeated or its security not ensured as per the standards in the Act or if it is used for commercial gains.
  • The draft Act provides that no court shall take cognizance of any offence punishable under the Act except on a complaint made by the Central Government, State Government, the National Electronic Health Authority of India, State Electronic Health Authority, or a person affected.

There is growing concern over the security of digital data. The steps to protect the digital health data is a welcome sign towards protecting the right to privacy of the Indians in large. [Reference]

« »

Leave a Reply