DISHA: Need of the hour
How crucial is DISHA (Act) for
healthcare industry?
By Dhruv Singh
"A
journey of a thousand
miles begins with a
single step." The Digital
Information Security in
Healthcare Act ('DISHA') is that firm first
step taken by the Indian Government in
the long journey to secure the healthcare
data of patients in India. The question we
need to ask ourselves is that why DISHA
is the need of the hour? Why we need to
safeguard the electronic health records
in hospitals?
The draft of the Act was made public
in November 2017 by the Ministry of
Health and Family Welfare. The word
‘DISHA’ means direction, the GoI has
taken the first step in the direction of
safeguarding the digital health records.
For this InnovatioCuris has also taken
the first step towards having a concrete
discussion about ‘Challenges in the
implementation and opportunities for
making health sector DISHA and data
protection ready’. There were panelists
from various renowned government and
private hospitals and healthcare IT firms.
The first session was about the
‘Challenges in the implementation
of DISHA’. The panelists were happy
that InnovatioCuris has taken up
this initiative to critically discuss the
challenges a hospital will face once
the Act becomes the law. The panelists
agreed that the Act lacks various aspects.
Few concerns that bother the clinicians
are, that who will give the consent if the
patient is unconscious. The ambulances
have the capability that it sends the health
records from the ambulance to hospital
before the patient reaches the hospital
for doctors to study the emergency
cases. In this scenario, what should be
done if a patient denies the consent for
sharing the data at a later stage. Should
the clinical establishments discard the
60
Volume 4 | Issue 1 | January-March 2019
already shared health record or should
they handover the same to the owner
(in this case, patient) or what should be
done. There are no set protocols defined
in the Act for such cases.
A question was put forward, does the
patient has the authority to edit their
health record, or can they view, who
has seen their health record. A healthy
discussion took place where we got to
know that citizens of Estonia have chip
cards, where one can see their health
record and can also see the detailed
logof who have accessed their health
record. This made us realize, that India
as a nation state, can use Aadhar card as
a mechanism, where we can login into a
portal and get access to health records.
Third challenge that came forward was
interoperability of health records. As the
record lies with the custodian not the
patient, editing and viewing of it can be
done by the clinical establishments. The
health record can be shared by the clinical
establishments to another, but there is
no standard on how to transfer it. Data
integrity is a point of concern, which is
not mentioned in the Act.
One of the challenges that came into light
was according to ‘Clinical Establishment
Act Standards for Hospital [1], the
hospital has to keep health information
and statistics in respect of national
programmes, notifiable diseases and
emergencies/disasters/epidemics
and
furnish the sameto the district authorities
in the prescribed formats and frequency.
The question is what if the patient
does not give consent. The proposed
Act should have a provision where the
clinical establishments are liable to take
the health data.
As we have unstructured healthcare
facilities in India, the Act should also
empower the clinical establishments by
various means to keep the data safe. As of
now the DISHA is a proposed Act, not a
law and has lots of loopholes. It also lacks
in many aspects discussed earlier. This is
just a start and government should take
necessary steps to improve it.
The
second
panel
discussed
‘Opportunities for making health sector
DISHA and data protection ready’. The
panelist consisted of CIO of pathlabs,
owners of healthcare IT firms, who