Five-year imprisonment, Rs five lakh fine for digital healthcare data breach: Proposed law

To enforce privacy and security measures for digital health data, the Centre has drafted a law that makes any breach punishable by imprisonment along with a fine.

Published: 27th March 2018 11:40 PM  |   Last Updated: 27th March 2018 11:40 PM   |  A+A-

hospital, medical, doctor, bill, medicine, treatment

File Image for Representational Purposes.


NEW DELHI: To enforce privacy and security measures for digital health data, the Centre has drafted a law that makes any breach punishable by imprisonment along with a fine.

According to the proposed Digital Information in Healthcare Security Act (DISHA), those making any breach will face punishment up to five years imprisonment and a Rs 5-lakh fine.

According to the draft, digital health data means an electronic record of health-related information including an individual's physical or mental health, health service provided to the individual, information derived from the testing or examination of a body part or bodily substance of the individual.

It also includes information concerning the donation by the individual of any body part or any bodily substance or information relating to details of the clinical establishment accessed by the individual.

It states that an owner has the right to privacy, confidentiality, and security of their digital health data and have the right to give or refuse consent for the generation and collection of digital health data by clinical establishments and entities.

The owner also has the right to give, refuse or withdraw consent for the storage and transmission of digital health, to refuse consent to the access or disclosure of his or her digital health data, and if refused it shall not be disclosed.

The draft has been put on the website of the Health Ministry and it has invited comments by April 21.

The draft also calls for establishing a National Electronic Health Authority and a State Electronic Health Authority and Health Information Exchanges.

The Health Information Exchange will have a Chief Health Information Executive who will access, and process the digital healthcare data transmitted by clinical establishments to further transmit the digital healthcare data and take appropriate measures to maintain, secure and protect the digital healthcare data as prescribed by the National Digital Health Authority of India.

He will also notify the data breach to the owner and such other concerned along with storing the digital healthcare data in a prescribed mode in all situations.

As per the draft, any person who breaches digital health data is liable to pay compensation to the person in case of breach of data.

"Any person who commits a serious breach of healthcare data shall be punished with imprisonment, which shall extend from three years and up to five years; or fine, which shall not be less than Rs 5 lakh," it states.

Stay up to date on all the latest Nation news with The New Indian Express App. Download now
(Get the news that matters from New Indian Express on WhatsApp. Click this link and hit 'Click to Subscribe'. Follow the instructions after that.)


Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on are those of the comment writers alone. They do not represent the views or opinions of or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp