With the alleged data breach furore, the central government has drafted the digital health security law. According to the draft, perpetrators carrying out any breach will face punishment up to five years imprisonment and a Rs 5-lakh fine, according to The Indian Express report. The draft Digital Information in Healthcare Security Act (DISHA) categorically states that any health data including physiological, physical and medical records, sexual orientation and history and biometric information are the property of the person who it pertains to.
The Act also talks about a health information exchange, a National Electronic Health Authority and a State Electronic Health Authority. It has laid down that a clinical establishment (as defined in the Clinical Establishments (Registration and Regulation) Act, 2010). These three authorities shall be duty-bound to protect the privacy, security and confidentiality of the owner’s digital health data. It says the owners have the right to privacy, security and confidentiality of their digital health data. The owners the right to give or refuse consent for generation and collection of such data.
It has been learnt that National Electronic Health Authority of India is designed to be the main agency which will look after the National Health Protection Mission. National Electronic Health Authority of India comprises 10 members. National Health Protection Mission is an ambitious health programme to cover 10.74 crore families against annual medical expenses of up to Rs 5 lakh.
“Any person who commits a serious breach of healthcare data shall be punished with imprisonment, which shall extend from three years and up to five years; or fine, which shall not be less than Rs 5 lakh. Provided that, any fine imposed as part of sub-section (2) may be provided to the individual whose data is breached, by the Court, as it deems fit as compensation,” the draft says.