15 September 2021
–Tirthesh Shah
The Ministry of Health and Family Welfare (MoHFW), Government of India proposed National Digital Health Mission (NDHM) for digitisation of the entire healthcare system in India. This will include creating and maintaining registries of individuals digital health records for healthcare professionals and health facilities in India. The healthcare data collected will be stored at central, state, union territory and healthcare facility level’s.
To ensure security and protection of such collected and stored personal health data a Health Data Management Policy (Policy) is proposed. The Policy applies to health ID holders, healthcare professionals, MoHFW and National Health Authority, healthcare providers, payers, pharmaceuticals, research bodies and anyone who collects or processes personal or sensitive personal data. The Policy briefly elaborates upon Law and Governance Structure, Consent Framework, ID Policy, Obligations of data fiduciaries, obligations of entities with whom personal data is shared and Grievance Redressal and Compliance.
From a legal standpoint at present the protection of personal data in India is governed by the section 43A of Information Technology Act 2000 which provides for compensation for failure to protect data only by corporates. There is no complete or specific legislation on data protection in place.
However, there are two draft bills i.e. Personal Data Protection Bill 2019 (PDPB) and health sector specific Digital Information Security in Healthcare Act (DISHA) which are pending in the Parliament of India. It is therefore imperative to enforce these bills beforehand to provide a complete legal infrastructure for data protection and to back the Policy.
To read the complete policy click here: https://ndhm.gov.in/health_management_policy
Disclaimer: This article is the copyright of Reina Consulting LLP. It is not intended to be a form of solicitation or advertising. The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is viewed or that it will continue to be accurate thereafter. No person should act on such information without appropriate professional advice based on the circumstances of a particular situation. This information is not to be considered as legal advice or opinion and the firm shall not be liable for any action taken by the user, directly or indirectly, on the basis of such material.
