PERSONA THEME TRENDS WELL-BEING ISSUES RESEARCH NEWSCOPE
DISHA: Need of the hour How crucial is DISHA (Act) for healthcare industry? By Dhruv Singh
"A
journey of a thousand miles begins with a single step." The Digital Information Security in Healthcare Act ('DISHA') is that firm first step taken by the Indian Government in the long journey to secure the healthcare data of patients in India. The question we need to ask ourselves is that why DISHA is the need of the hour? Why we need to safeguard the electronic health records in hospitals? The draft of the Act was made public in November 2017 by the Ministry of Health and Family Welfare. The word ‘DISHA’ means direction, the GoI has taken the first step in the direction of safeguarding the digital health records. For this InnovatioCuris has also taken the first step towards having a concrete discussion about ‘Challenges in the implementation and opportunities for making health sector DISHA and data protection ready’. There were panelists from various renowned government and private hospitals and healthcare IT firms. The first session was about the ‘Challenges in the implementation of DISHA’. The panelists were happy that InnovatioCuris has taken up this initiative to critically discuss the challenges a hospital will face once the Act becomes the law. The panelists agreed that the Act lacks various aspects. Few concerns that bother the clinicians are, that who will give the consent if the patient is unconscious. The ambulances have the capability that it sends the health records from the ambulance to hospital before the patient reaches the hospital for doctors to study the emergency cases. In this scenario, what should be done if a patient denies the consent for sharing the data at a later stage. Should the clinical establishments discard the 60
Volume 4 | Issue 1 | January-March 2019
already shared health record or should they handover the same to the owner (in this case, patient) or what should be done. There are no set protocols defined in the Act for such cases. A question was put forward, does the patient has the authority to edit their health record, or can they view, who has seen their health record. A healthy discussion took place where we got to know that citizens of Estonia have chip cards, where one can see their health record and can also see the detailed logof who have accessed their health record. This made us realize, that India as a nation state, can use Aadhar card as a mechanism, where we can login into a portal and get access to health records. Third challenge that came forward was interoperability of health records. As the record lies with the custodian not the patient, editing and viewing of it can be done by the clinical establishments. The health record can be shared by the clinical establishments to another, but there is no standard on how to transfer it. Data integrity is a point of concern, which is not mentioned in the Act.
One of the challenges that came into light was according to ‘Clinical Establishment Act Standards for Hospital [1], the hospital has to keep health information and statistics in respect of national programmes, notifiable diseases and emergencies/disasters/epidemics and furnish the sameto the district authorities in the prescribed formats and frequency. The question is what if the patient does not give consent. The proposed Act should have a provision where the clinical establishments are liable to take the health data. As we have unstructured healthcare facilities in India, the Act should also empower the clinical establishments by various means to keep the data safe. As of now the DISHA is a proposed Act, not a law and has lots of loopholes. It also lacks in many aspects discussed earlier. This is just a start and government should take necessary steps to improve it. The second panel discussed ‘Opportunities for making health sector DISHA and data protection ready’. The panelist consisted of CIO of pathlabs, owners of healthcare IT firms, who
