It is a huge opportunity for the
stakeholder to bring standards in the Act.
DISHA might have only completed its
first round of comments from the public
and stakeholders, it can be expected that
the revisions made based on the feedback
will churn out a more refined version
of the Act. In any case, it is evident
from the draft that the government
has really pushed to provide additional
security, privacy and confidentiality for
individuals, with respect to their digital
health record.
Volume 4 | Issue 1 | January-March 2019
61
With over 20 successful projects
under his belt, Dhruv Singh is a
seasoned project manager. Specializing
in Project Management, after his
Bachelors in Engineering, he started
his work journey with a bunch of
young innovators and entrepreneurs
in a budding start-up. Currently, he
is working as a cybersecurity analyst
with a well-established organisation
conducting various cyber security
training bootcamps for government,
defense organizations and various
accredited hospitals of India.
[1]http://clinicalestablishments.gov.in/
WriteReadData/147.pdf
[2]https://newsroom.ibm.com/2018-
07-11-IBM-Study-Hidden-Costs-of-
Data-Breaches-Increase-Expenses-for-
Businesses
One of the challenges in the DISHA
is that, the owner of the data must be
informed of any breach of privacy or
confidentiality of their digital health
record within three days. But according
to IBM report it takes on an average of
197 days to detect a breach [2]. How can
the healthcare IT companies safeguard
the health record and let the owner
know about the breach? The solution is
to encrypt the tables in the database, but
that might hamper the performance.
The imminent threat is in the software
which are already in place and have not
been patched or the system has not been
upgraded. The good news is that many
have an audit trail in-built in their system,
which tracks the CRUD (creation,
read, update, delete) of the records. The
discussion contributed a fruitful thought:
DATA AT REST IS NOT ENCRYPTED.
The question that arises is what is
preventing the healthcare IT companies
to encrypt the data at rest.
shared relevant thoughts and comments.
The panel started the discussion on why
we need the Act and what are the benefits
of the Act.Panelists highlighted that the
clinical establishments will take steps to
increase the safety of the health record.
The gaps in the technology for generation,
storage and transmission will be lowered
down. Sectors such as banking, financing
and insurance have structured their data,
but this lacks in healthcare. Detailed
scope of security features is missing from
the Act, this would help the companies
to design the software from the ground
up by using security as an important
consideration.