In draft digital health security law, 5-year jail term, Rs 5 lakh fine for data breach

Image source


Mains Paper 3: Internal Security | Basics of cyber security

From UPSC perspective, the following things are important:

Prelims level: Digital Information in Healthcare Security Act (DISHA), National Electronic Health Authority, Clinical Establishments (Registration and Regulation) Act, 2010, National Health Protection Mission

Mains level: Concerns related to data security


Draft Digital Information in Healthcare Security Act (DISHA)

  1. The Centre has quietly put in the public domain the draft of a law to ensure the protection of health data
  2. The draft Digital Information in Healthcare Security Act (DISHA) lays down that any health data including physical, physiological and mental health condition, sexual orientation, medical records and history and biometric information are the property of the person who it pertains to
  3. The law makes any breach punishable by up to five years imprisonment and an Rs 5-lakh fine

Provisions of the act

  1. The Act envisages a health information exchange, a State Electronic Health Authority, and a National Electronic Health Authority
  2. It lays down that a clinical establishment (as defined in the Clinical Establishments (Registration and Regulation) Act, 2010) and these three authorities shall be duty-bound to protect the privacy, confidentiality, and security of the owner’s digital health data
  3. Any person or company who breaches digital health data, as per the draft Act, is liable to pay compensation to the person whose data has been breached
  4. The ten-member National Electronic Health Authority of India is designed in the long run to become the bulwark for the National Health Protection Mission
  5. NHPM is the ambitious health programme to cover 10.74 crore families against annual medical expenses of up to Rs 5 lakh

Judicial access 

  1. The draft Act says that no court shall take cognizance of any offense punishable under the Act except on a complaint made by the Central Government, State Government, the National Electronic Health Authority of India, State Electronic Health Authority, or a person affected
  2. This means a person or entity charged with data theft or breach does not have the option of challenging the punishment in court
  3. The Central and state adjudicating authorities formed under the Act will have powers of a civil court
Health Sector – UHC, National Health Policy, Family Planning, Health Insurance, etc.
  • Subscribe

    Do not miss important study material

Leave a Reply

Please Login to comment
Notify of