Five-year Jail, Rs Five lakh fine if Patient Health Data Breached, says new bill
Advertisement
General Public / Stake Holders / Others are requested to give its Comments on Setting up Digital Information Security Health Care Act (DISHA) by 21 April 2018
NEW DELHI: Hospitals, nursing homes, even clinics run by single doctors will now be held liable, even with imprisonment if there is any breach of the data of their patients, according to a new bill put forward by the Health Ministry in the public domain
To enforce privacy and security measures for digital health data, the Centre has drafted a law that makes any breach punishable by imprisonment along with a fine. According to the proposed Digital Information in Healthcare Security Act (DISHA), those making any breach will face punishment up to five years imprisonment and a Rs 5-lakh fine.
According to the draft, digital health data means an electronic record of health-related information including an individual's physical or mental health, health service provided to the individual, information derived from the testing or examination of a body part or bodily substance of the individual.
It also includes information concerning the donation by the individual of any body part or any bodily substance or information relating to details of the clinical establishment accessed by the individual.
It states that an owner has the right to privacy, confidentiality, and security of their digital health data and have the right to give or refuse consent for the generation and collection of digital health data by clinical establishments and entities.
The owner also has the right to give, refuse or withdraw consent for the storage and transmission of digital health, to refuse consent to the access or disclosure of his or her digital health data, and if refused it shall not be disclosed.
The draft has been put on the website of the Health Ministry and it has invited comments by April 21.
The draft also calls for establishing a National Electronic Health Authority and a State Electronic Health Authority and Health Information Exchanges.
The Health Information Exchange will have a Chief Health Information Executive who will access, and process the digital healthcare data transmitted by clinical establishments to further transmit the digital healthcare data and take appropriate measures to maintain, secure and protect the digital healthcare data as prescribed by the National Digital Health Authority of India.
As per the draft, any person who breaches digital health data is liable to pay compensation to the person in case of breach of data.
"Any person who commits a serious breach of healthcare data shall be punished with imprisonment, which shall extend from three years and up to five years; or fine, which shall not be less than Rs 5 lakh," it states.
NEW DELHI: Hospitals, nursing homes, even clinics run by single doctors will now be held liable, even with imprisonment if there is any breach of the data of their patients, according to a new bill put forward by the Health Ministry in the public domain
To enforce privacy and security measures for digital health data, the Centre has drafted a law that makes any breach punishable by imprisonment along with a fine. According to the proposed Digital Information in Healthcare Security Act (DISHA), those making any breach will face punishment up to five years imprisonment and a Rs 5-lakh fine.
According to the draft, digital health data means an electronic record of health-related information including an individual's physical or mental health, health service provided to the individual, information derived from the testing or examination of a body part or bodily substance of the individual.
It also includes information concerning the donation by the individual of any body part or any bodily substance or information relating to details of the clinical establishment accessed by the individual.
It states that an owner has the right to privacy, confidentiality, and security of their digital health data and have the right to give or refuse consent for the generation and collection of digital health data by clinical establishments and entities.
The owner also has the right to give, refuse or withdraw consent for the storage and transmission of digital health, to refuse consent to the access or disclosure of his or her digital health data, and if refused it shall not be disclosed.
The draft has been put on the website of the Health Ministry and it has invited comments by April 21.
The draft also calls for establishing a National Electronic Health Authority and a State Electronic Health Authority and Health Information Exchanges.
The Health Information Exchange will have a Chief Health Information Executive who will access, and process the digital healthcare data transmitted by clinical establishments to further transmit the digital healthcare data and take appropriate measures to maintain, secure and protect the digital healthcare data as prescribed by the National Digital Health Authority of India.
He will also notify the data breach to the owner and such other concerned along with storing the digital healthcare data in a prescribed mode in all situations.
As per the draft, any person who breaches digital health data is liable to pay compensation to the person in case of breach of data.
"Any person who commits a serious breach of healthcare data shall be punished with imprisonment, which shall extend from three years and up to five years; or fine, which shall not be less than Rs 5 lakh," it states.
Our comments section is governed by our Comments Policy . By posting comments at Medical Dialogues you automatically agree with our Comments Policy , Terms And Conditions and Privacy Policy .
Disclaimer: This website is primarily for healthcare professionals. The content here does not replace medical advice and should not be used as medical, diagnostic, endorsement, treatment, or prescription advice. Medical science evolves rapidly, and we strive to keep our information current. If you find any discrepancies, please contact us at corrections@medicaldialogues.in. Read our Correction Policy here. Nothing here should be used as a substitute for medical advice, diagnosis, or treatment. We do not endorse any healthcare advice that contradicts a physician's guidance. Use of this site is subject to our Terms of Use, Privacy Policy, and Advertisement Policy. For more details, read our Full Disclaimer here.
NOTE: Join us in combating medical misinformation. If you encounter a questionable health, medical, or medical education claim, email us at factcheck@medicaldialogues.in for evaluation.