Digital healthcare includes health information technology, mobile health, wearable devices, telemedicine, telehealth and customized medicine. In digital health care programs information technology is used to provide the healthcare solutions to people who are undergoing treatment. Gadgets, health apps, electronic records all form a part of digital healthcare. It involves applying electronic information to healthcare services. As per the 2018 Consumer Survey on Digital Healthcare conducted by Accenture, almost 75 percent of the patients are using digital methods to get themselves treated. Despite this high chunk of population resorting to digital health care methods, there is no set out legislation specifically governing digital health care in India. The scope of digital healthcare being so expensive and covering a wide range of business prototypes, makes it difficult to administer. Especially in the context of the current pandemic, digital health has become an important part of our daily lives, with maximum benefit to the elderly.
Digital health care has made life easier. This area of healthcare with the rapidly increasing technology is bringing in advantages to both the service providers as well as the patients. But at the same time it poses a threat to privacy and sensitive information of patients. Many e-Health platforms are being vary of data infringements.
The security and safety of data is a serious issue in terms of access to personal data. Electronic Health Record Standards (EHR Standards) were provided by the Ministry of Health and Family Welfare in September 2013. Data protection requires that the collection of data and processing of such personal data should be lawful. The aim of Ministry of Health is to establish a governing body to regulate privacy protection laws, implements e-health standards regulate and store electronic data in a way that the privacy of patients is not infringed. National e-Health Authority, a body of the Ministry of Health and Family Welfare will be responsible for forming consolidated health information system. It will be set up as a regulatory body which will govern the digital healthcare in India.
One of the main issues involved in data sharing is confidentiality along with privacy, security, accountability. The Digital Information Security in Healthcare Act (DISHA) was drafted by the Health Ministry for protection of data in the healthcare sector of India. The main objects of DISHA are regulating storage and exchange of digital health information and maintaining strict privacy and security standards for the data stored and exchanged.
The current data laws are not structured to tackle the amount of data and information that is being exchanged, accessed and stored. According to Information Technology Act, 2000 and Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, all corporations need to put in place sufficient security measures. If adequate measures are not in place, and the data is not safeguarded, corporations would be liable to concerned individual.
The draft DISHA penalizes serious health care data violations. If a person intentionally infringes digital health data, or shares information that is not anonymous and fails to save data as per the Act, he is deemed to cause serious data breach. An employer may also be sued under the concept of vicarious liability, where his employee’s actions in the course of his employment result in healthcare data breach in accordance with the provisions of DISHA.
The Digital Healthcare sector is emerging rapidly and providing a sea of opportunities but it comes with risks. Laws governing the digital healthcare in India are yet to formalize. This will depend on how the sector evolves. Limitations are being considered while formalizing policies regulating the healthcare sector and more specifically the digitized data involved in the sector.
Originally posted on www.kpalegal.com on 22nd June 2021