New Delhi: With the officials in Health Ministry divided over setting up a nodal body to enforce privacy and security measures for electronic health data, it seems the fate of Digital Information Security Health Care Act (DISHA) may hang in the balance.
According to sources, now the ball is in the court of Health Minister JP Nadda who would take a final call on setting up "National Digital Health Authority" through an Act of parliament which would be a statutory body for promotion/adoption of e-Health standards in the country.
Interestingly, the thought process talk to put DISHA project on backseat started after making a draft of the new law and seeking comments on it to safeguard patients' digital data and make provision for punishment on any type of leak.
However, at this stage, according to sources, ministry officials are of the view that the responsibility of making such a stringent law on data security is not the mandate of Health Ministry rather it's the responsibility of Ministry of Information and Technology, which is led by Union Minister Ravi Shankar Prasad. The Health Ministry officials have also opined that they don't have any specialisation in the subject.
Some officials are of the view that there is no need to formulate new laws to protect the digital data as the security of all types of digital data should be kept under the ambit of one law.
However, officials associated with the draft of DISHA argue that a large-scale digital data is being prepared for patients under the aegis of Ayushman Bharat. "In such a case, a strict law is must protect huge data and Health Ministry cannot be dependent on another ministry for taking any action in this regard," the sources said.
Notably, the Health Ministry had released the draft of the DISHA in March, which was aimed at safeguarding the health-related information of patients.
As per the draft, all hospitals, diagnostic centres, pathology labs of the country were covered under the purview of the proposed law. Under the proposed a National Electronic Health Authority of India was to be formed and details of patient's illness, identity, payment related information, sexual orientation and biometric information were to be kept secret.
In case of any violation, the DISHA draft had a provision of a penalty of up to Rs 5 lakh and a jail sentence of up to five years. The suggestions from different stakeholders were sought by the Ministry till April 21.
When contacted, officials in the IT Ministry stated that there seems to be little logic in this argument in the backdrop of entire digital transaction programme being propagated by National Payments Corporation of India (NPCI). "At present, we have not received any communiqué from Health Ministry in this regard," the official said.