Screen Shot 2018-07-20 at 3.20.42 PMBy Priyanka Anand and Vasudha Luniya, Clasis Law

India is on the cusp of digital revolution and as part of its Digital India Mission, the Indian government recognises the issue of cyber security and the need for robust laws to protect digital data. An important step in this direction is the proposed Digital lnformation Security in Healthcare Act (DISHA), which seeks to provide for electronic health data privacy; confidentiality, security and standardisation; and establishment of National Digital Health Authority and Health Information Exchanges.

Various jurisdictions have enacted specific laws to protect personal data. One such example is the US law, Health Insurance Portability and Accountability Act, 1996 (HIPAA) which establishes the legal framework for privacy and protection of health information and gives patients substantial control over their protected health information. The scope of sensitive personal data under the EU General Data Protection Regulation also includes health data. DISHA is the Indian counterpart to HIPAA.Screen Shot 2018-07-20 at 3.21.01 PM

Overview of regulatory framework in India
In India, the current legal framework pertaining to e-health protection is governed by the provisions of the Information Technology Act, 2000, read with, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, which offers some degree of protection to the collection, disclosure and transfer of sensitive personal data, which covers within its ambit medical records and history.

Further, clinical establishments and health care providers in India are increasingly using electronic medical records (EMRs) and electronic health records (EHRs) as the preferred method of storing patient information. In fact, the rules of Clinical Establishments (Registration and Regulation) Act 2010, notified on May 23, 2012, mandate the “maintenance and provision of EMR or EHR for every patient” for the registration and continuation of every clinical establishment. Additionally, the Ministry of Health and Family Welfare first introduced the EHR Standards, which was a uniform standard-based system for creation and maintenance of EHRs by the healthcare providers, in 2013 which was subsequently revised and notified on December 30, 2016.

DISHA — Salient features
DISHA lays down provisions that regulate the generation, collection, access, storage, transmission and use of Digital Health Data (DHD) and associated personally identifiable information (PII). DISHA states that health data including physical, physiological, mental health condition, sexual orientation, medical records, medical history and biometric data is information that can only be the property of the person it pertains to.

The salient features of DISHA are:

  • DHD is an electronic record of health-related information about an individual and includes information relating to an individual’s physical or mental health; donation by the individual of any body part or any bodily substance, etc.
  • PII is defined as any information that can be used to uniquely identify, contact or locate an individual specifically or along with other sources. This includes information such as name, address, date of birth, vehicle number, financial information etc.
  • The legislation creates a central regulator called the National Electronic Health Authority (NeHA), and various State Electronic Health Authorities (SeHA) to give effect to the provisions of DISHA.
  • It covers within its ambit clinical establishments (which includes hospitals, nursing homes, dispensaries, clinics, sanatoriums and pathology labs) and any other entity that collects DHD.
  • DISHA has proposed stringent penalties for defaulters in the nature of fine and/or imprisonment.

Challenges to implementation of DISHA
The most serious issue with data collection and sharing will be how to obtain informed consent from a data owner. Another concern will be effective enforcement of the provisions of DISHA, given that the costs involved in implementing security solutions may become a drain on resources for clinical establishments.

Electronically stored data is vulnerable to security breaches and therefore comprehensive and technology driven data security measures would need to be adopted. Sensitisation and protection of people’s right to privacy and security of their data will be the bedrock of DISHA.


Clasis Law Logo





T: (91) 11 4213 0000
F: (91) 11 4213 0099

Related Articles by Firm
India going all out to woo foreign companies moving out of China
A silver lining of the Covid-19 crisis is the potential of becoming an attractive alternative to China.
Doing business and ease of doing business in India
VIDEO BRIEFING: The government has taken numerous steps to give an impetus to foreign investment, but a lot remains to be done.
MCA introduces e-form DIR-3-KYC for directors with approved DINS
This compliance exercise seems to be a checkpoint for only genuine individuals acting as directors in a legitimate capacity.
A wide net of ineligibilities for being a resolution applicant
Almost two years after the Bankruptcy Law Reforms Committee submitted its report, the Insolvency and Bankruptcy Code is still a work in progress.
Insolvency in India: Section 29A…
A wide net of ineligibities for being a Resolution Applicant ...
The Admiralty (Jurisdiction and Settlement of Maritime Claims) Act, 2017
This much-awaited piece of legislation brings clarity to various deadlocks in Indian jurisprudence.
Metro projects likely to drive India's infrastructure sector
Metro Rail projects in India have picked up pace and are likely to catalyse substantial opportunities over the next few years.
Handling disciplinary proceedings by employers
Breach of an employment contract by an employee often results in disciplinary action leading up to termination in cases of serious misconduct.
Clasis Law Newsletter
The latest legal news from India, including recent court judgments, changes to corporate/commercial law and updates on projects and IP.
Initial Coin Offerings: Another brainteaser in the virtual currency bandwagon
The position of virtual currencies and ICOs in India remains murky.
The impact of General Data Protection Regulations on Indian companies
Extraterritorial applicability of GDPR makes it clear that these regulations will be applicable regardless of whether the processing takes place in EU or not.
ONGC vs Sime Darby consortium
An unsuccessful party cannot possibly apply for interim relief in aid of what it lost before the arbitral tribunal.
The Fugitive Economic Offenders Bill 2018
The bill aims to provide an effective, expeditious and constitutionally permissible deterrent to ensure that such actions are curbed.
Understanding The Maharashtra Shops And Establishments Rules 2018
The Act regulates the employer–employee relationship and service conditions such as hours of work, payment of wages, overtime, leave, holidays, etc.
Supreme Court gives clarity on Section 26 of the Arbitration and Conciliation (Amendment) Act, 2015
In Board of Control for Cricket in India vs Kochi Cricket, the Supreme Court has clarified some issues surrounding the Act.
Delhi High Court resolves uncertainty between two conflicting clauses in contracts
The settled principle of contra proferentem has been re-affirmed by the Court in a case involving Delhi Metro Rail and Voestalpine.
India: Supreme Court update
Supreme Court refers the question to determine the liability of the consignee or steamer agent in respect of ground rent charges to be paid to the port trust to a larger bench ...
Corporate Social Responsibility
There is a growing realization among the corporates that business growth along with positive community/social impact is now an expected goal ...
India: Execution Proceedings for Enforcement of Arbitral Award
Recent Supreme Court judgement resolves certain issues and requirements ...
India: Impact of the Companies (Amendment) Act, 2017
With the assent of the President on January 3, 2018, the much-awaited Companies (Amendment) Act, 2017 (Amendment Act), which provides for simpler provisions but stringent penalties, has finally seen the light of the day ...
Voluntary Liquidation in India
Winding up under Insolvency and Bankruptcy Code, 2016 ...
Strike Off of Companies in India
Over the years, many companies have been lagging behind in filing of annual documents such as annual returns, financial statements etc ...
India: Valuation by Registered Valuer
“Price is what you pay, Value is what you get” ...
India: Amendments Under Master Directions on Issuance and Operation of Prepaid Payment by RBI
Digital wallets such as PayTM, along with debit and credit cards, are expected to reduce (if not completely replace) the use of paper currency …
India: Institutional Arbitration – Need of the Hour
The need to promote and encourage institutional arbitration for commercial disputes in India ...
India: Supreme Court settles the law: Major relief for foreign operational creditors
Clasis Law recently represented Macquarie Bank in two civil appeals before the Supreme Court of India ...
India: Consumer Protection
NCDRC’s ruling on ‘Voluntary Consumer Association’ under the Consumer Protection Act, 1986 ...
India: Foreign Exchange Management Regulation
Significant changes for transfer or issue of security to a person resident outside India ...
India: Directors' duties and liabilities under the Companies Act, 2013
Directors must be aware of their role, responsibilities and duties towards the company and its shareholders ...
India Update for December 2017
This edition brings to our readers a featured article titled “The Tourism and Hospitality Sector 2017 — The Year Gone By!!”
India: RBI issues Directions on Peer to Peer Lending Platform
Online lending transactions are in their nascent stage in India and given the increase in peer-to-peer (P2P) lending through e-commerce marketplace it is of extreme importance to regulate such transactions ...
INDIA: Right to privacy and data protection in India
The concept of data protection and privacy has not been addressed in any exclusive comprehensive legislation in India ...
India: Protection against groundless threats under Indian IP laws
Rapidly growing awareness of intellectual property (IP) rights and a well-structured statutory regime protecting IP has allowed rights owners to assert and enjoy the limited monopolies conferred on them ...
Corporate compliance: Necessity and implication
The Companies Act of India is the primary legislation governing the functioning of companies established in India during their lifecycle....
India update from Clasis Law
Including briefings on the national food processing policy, projects and energy, and intellectual property.
RBI intervenes in patching up of Tata and DoCoMo’s joint venture
Background to the joint venture: Tata DoCoMo, an Indian mobile network operator, was set up as a joint venture between Tata Teleservices (TTSL) and NTT DoCoMo in November 2008...
Regulatory challenges for Vodafone Idea merger
Vodafone India is in discussions with Idea Cellular for an all-share merger. It appears that the intense competition the Indian telecom industry is facing due to freebies offered by the new entrant, Reliance Jio, has ...
India Update, inc: Regulatory challenges for Vodafone Idea merger
This months India newsletter from Clasis Law includes an article on the “Regulatory challenges for Vodafone Idea merger”, plus updates in Projects, Energy, IP and Banking & Finance ...
Investment conditions and restrictions for venture capital funds
Venture capital funds (VCFs) are contributing considerably to India’s economic growth. The amount of investment directed to venture capital has grown in recent years due to the pro-business environment and ...
India’s bid to become a hub for international commercial arbitration
As one of the world’s fastest-growing economies, India is a party to many international commercial arbitrations and the government is making efforts ...
Brands – Role and liability of celebrity endorsers
The marketing and advertising industry has grown as an organised industry using innovative ideas that are designed to ...
Related Articles
Related Articles by Jurisdiction
Bumpy road ahead for vehicle manufacturers in India – pulled up by the competition watchdog
South Asian markets are one of the fastest growing markets for vehicle manufacturers worldwide. However, doing business in South Asia has its own challenges. The anti-monopoly watchdog of India …
Urban reforms – three urban rejuvenation schemes launched
There is a compelling need to develop sustainable and technology-driven urban centres, partly as the burgeoning urban population is creating pressure on existing cities and partly to address the growing ...
Competition and Antitrust Special Report
In the latest issue of Asian-Counsel, we are provided with an in-depth look at the competition regimes in South Korea, Singapore, China and India from leading legal practitioners in those jurisdictions, and investigate whether there is any merit in the ...
Latest Articles