NDHM’s Health Data Management Policy

Tirthesh Shah

The Ministry of Health and Family Welfare (MoHFW), Government of India proposed National Digital Health Mission (NDHM) for digitisation of the entire healthcare system in India. This will include creating and maintaining registries of individuals digital health records for healthcare professionals and health facilities in India. The healthcare data collected will be stored at central, state, union territory and healthcare facility level’s.

To ensure security and protection of such collected and stored personal health data a Health Data Management Policy (Policy) is proposed. The Policy applies to health ID holders, healthcare professionals, MoHFW and National Health Authority, healthcare providers, payers, pharmaceuticals, research bodies and anyone who collects or processes personal or sensitive personal data. The Policy briefly elaborates upon Law and Governance Structure, Consent Framework, ID Policy, Obligations of data fiduciaries, obligations of entities with whom personal data is shared and Grievance Redressal and Compliance.

From a legal standpoint at present the protection of personal data in India is governed by the section 43A of Information Technology Act 2000 which provides for compensation for failure to protect data only by corporates. There is no complete or specific legislation on data protection in place.

However, there are two draft bills i.e. Personal Data Protection Bill 2019 (PDPB) and health sector specific Digital Information Security in Healthcare Act (DISHA) which are pending in the Parliament of India. It is therefore imperative to enforce these bills beforehand to provide a complete legal infrastructure for data protection and to back the Policy.

To read the complete policy click here: https://ndhm.gov.in/health_management_policy