This site is intended for Healthcare professionals only.

Five-year Jail, Rs Five lakh fine if Patient Health Data Breached, says new bill

Five-year Jail, Rs Five lakh fine if Patient Health Data Breached, says new bill

General Public / Stake Holders / Others are requested to give its Comments on Setting up Digital Information Security Health Care Act (DISHA) by 21 April 2018

NEW DELHI: Hospitals, nursing homes, even clinics run by single doctors will now be held liable, even with imprisonment if there is any breach of the data of their patients, according to a new bill put forward by the Health Ministry in the public domain

To enforce privacy and security measures for digital health data, the Centre has drafted a law that makes any breach punishable by imprisonment along with a fine. According to the proposed Digital Information in Healthcare Security Act (DISHA), those making any breach will face punishment up to five years imprisonment and a Rs 5-lakh fine.

According to the draft, digital health data means an electronic record of health-related information including an individual’s physical or mental health, health service provided to the individual, information derived from the testing or examination of a body part or bodily substance of the individual.

It also includes information concerning the donation by the individual of any body part or any bodily substance or information relating to details of the clinical establishment accessed by the individual.

It states that an owner has the right to privacy, confidentiality, and security of their digital health data and have the right to give or refuse consent for the generation and collection of digital health data by clinical establishments and entities.

The owner also has the right to give, refuse or withdraw consent for the storage and transmission of digital health, to refuse consent to the access or disclosure of his or her digital health data, and if refused it shall not be disclosed.

The draft has been put on the website of the Health Ministry and it has invited comments by April 21.

The draft also calls for establishing a National Electronic Health Authority and a State Electronic Health Authority and Health Information Exchanges.

The Health Information Exchange will have a Chief Health Information Executive who will access, and process the digital healthcare data transmitted by clinical establishments to further transmit the digital healthcare data and take appropriate measures to maintain, secure and protect the digital healthcare data as prescribed by the National Digital Health Authority of India.

 He will also notify the data breach to the owner and such other concerned along with storing the digital healthcare data in a prescribed mode in all situations.

As per the draft, any person who breaches digital health data is liable to pay compensation to the person in case of breach of data.

“Any person who commits a serious breach of healthcare data shall be punished with imprisonment, which shall extend from three years and up to five years; or fine, which shall not be less than Rs 5 lakh,” it states.


Source: PTI
6 comment(s) on Five-year Jail, Rs Five lakh fine if Patient Health Data Breached, says new bill

Share your Opinion Disclaimer

Sort by: Newest | Oldest | Most Voted
  1. user
    Dr. Kunal dheep May 18, 2018, 4:48 pm

    The fine and liability should be to the software company to whom we doctors pay huge sums as annual maintenence fee. I don\’t know how I am going to be liable for the information about patients that are sent over the net day in and day out through hospital softwares.

  2. user
    Dr. Linesh Yawalkar April 1, 2018, 8:34 pm

    What about sharing of data to gather help about an accident victim whose identity is not known. What about spreading message in social media about requirement of blood or monetary help when patient is unconscious or is a child.
    It all can boomerang on the doctor or the hospital.

  3. user
    Dr. Rakesh Gupta April 1, 2018, 6:22 am

    Second it in principles. The question I have is whether the operational/ implementation component has been evaluated in view of the proportionately larger private sector India has. The private establishments will have to do so once it becomes the law but eventually it will add up to the cost to be born by either the patient himself or his employer/s.

  4. Notification of TB compulsory
    Is that a breach of data

  5. Great move
    Hopefully there will be support to doctors when we refuse to divulge patient details to all and sundry who claim to be relatives