Livemint | Thu | Oct 05 2017. 12 12 AM IST
Draft National Patient Safety Implementation Framework will protect hospitalized patients’ Aadhaar details, medical history and current health conditions
New Delhi: The health ministry has proposed a law that will prevent personal information about hospital patients from findings its way into the public domain.
Data such as Aadhaar details, medical history and current health conditions of hospitalized patients are sought to be protected under the proposed law.
The proposal is a part of a draft National Patient Safety Implementation Framework prepared by the Directorate General of Health Services (DGHS).
A strong legal framework was required to be put in place in the backdrop of reports that patients’ data had been hacked from hospital computer systems following a decision by the central government to switch from manual to electronic health records.
“Laws, regulations, policies and strategies on the quality of care do exist in the country, however they are largely fragmented; there is a need to improve and consolidate these policies,” said Jagdish Prasad, director general of health services (DGHS) at the ministry of health and family welfare.
“The Consumer Protection Act deals with medical negligence and deficiency of services but has failed to define the rights of the patients,” he said.
Section 43(a) and section 72 of the Information Technology (IT) Act provide the broad framework for the protection of personal information.
“We want to ensure supportive legislative mechanisms for effective functioning of patient safety surveillance systems. The provision of protecting sensitive information such as HIV status and other diseases conditions, addresses and names of patients already exists but after the government’s shift to EHRs, legal framework support has become imperative,” Prasad said.
In 2016, the electronic medical records of around 35,000 patients, containing sensitive health information, held by a Maharashtra-based pathology lab, were leaked. The hacker group Legion in the same year threatened to leak information and data from a private hospital’s servers.
The government will implement the proposed new law through the National eHealth Authority (NeHA), which will be responsible for the development of an integrated health information system. NeHA will oversee orderly evolution of a state-wide and nationwide EHR Store or Exchange System that ensures that security, confidentiality and privacy of patient data is maintained and continuity of healthcare is ensured.
NeHA is taking the cue from other countries where information technology (IT) interventions for patient data safety have proved successful.
For instance, in Singapore, a National e-Policy to promote the use of information and communication technology (ICT) across all sectors has been extremely effective, as has been the public funding for ICT support to programmes addressing national health priorities. Regulations to protect the privacy and security of individual patient data are rated as very effective.
In Australia, the National e-Health Transition Authority (NEHTA) is a not-for-profit company set up by the federal, state and territory governments to develop better ways of electronically collecting and securely exchanging health information, maintaining high standards of patient privacy and information security.
In the US, the office of the National Coordinator for Health Information Technology was created in 2004. With the passage of the Health Information Technology for Economic and Clinical Health in 2009, it has been charged with building an interoperable, private and secure nationwide health information system.
