NEW DELHI: To enforce privacy and security measures for digital health data, the Centre has drafted a law that makes any breach punishable by imprisonment along with a fine.
According to the proposed Digital Information in Healthcare Security Act (DISHA), those making any breach will face punishment up to five years imprisonment and a Rs 5-lakh fine.
According to the draft, digital health data means an electronic record of health-related information including an individual's physical or mental health, health service provided to the individual, information derived from the testing or examination of a body part or bodily substance of the individual.
It also includes information concerning the donation by the individual of any body part or any bodily substance or information relating to details of the clinical establishment accessed by the individual.
It states that an owner has the right to privacy, confidentiality, and security of their digital health data and have the right to give or refuse consent for the generation and collection of digital health data by clinical establishments and entities.
The owner also has the right to give, refuse or withdraw consent for the storage and transmission of digital health, to refuse consent to the access or disclosure of his or her digital health data, and if refused it shall not be disclosed.
The draft has been put on the website of the Health Ministry and it has invited comments by April 21.
The draft also calls for establishing a National Electronic Health Authority and a State Electronic Health Authority and Health Information Exchanges.
The Health Information Exchange will have a Chief Health Information Executive who will access, and process the digital healthcare data transmitted by clinical establishments to further transmit the digital healthcare data and take appropriate measures to maintain, secure and protect the digital healthcare data as prescribed by the National Digital Health Authority of India.
He will also notify the data breach to the owner and such other concerned along with storing the digital healthcare data in a prescribed mode in all situations.
As per the draft, any person who breaches digital health data is liable to pay compensation to the person in case of breach of data.
"Any person who commits a serious breach of healthcare data shall be punished with imprisonment, which shall extend from three years and up to five years; or fine, which shall not be less than Rs 5 lakh," it states.