Data Protection and Privacy Legislation

EHR in India and legal framework

The Patient owns their data at all times

The Information Technology Act 2000, Data Privacy Rules and Regulations in India outlines the roles and responsibilities clearly. These are very similar to International Legislation, be it the Data Protection Law such as the GDPR in UK/EU or HIPPA in North America.

Key points to bear in mind when implementing Electronic Patient Health Records in India

  • Personal identifiable information including health details should be kept confidential unless there was a legally justifiable reason to breach confidence.
  • Patient owns their own data not the health provider.
  • Given the above, the patient should have access to their data and information at all times.
  • As a health provider, a doctor or the hospital in India is responsible for processing and storing the data securely.
  • The doctor or the hospital is the data processor and they choose to do so with an EHR from a specific vendor or do it on paper.
  • The doctor and the hospital has ownership of the opinion made and care documented in the records. But this information is about a patient and the given patients should be able to access this at all times.
  • Data should be preserved and not tampered with for the minimum length of time as prescribed by the current legislation.

When designing and implementing electronic patient records the above principles need to be adhered to. With this in mind, the PTS is designed to offer each provider the the option of enabling Patient Health  Records (PHR).

PHR is different to an EHR:

The PHR is read only access given to the patient/s securely. This allows a portable electronic record of a person’s health history available to them at all times. Access to this also has to be secure with following basic features. Patients should also be able to download, print any of the records when needed.

  • Secure front and back ends
  • End to end encryption
  • Secure Patient Portal developed to allow patients read only access to their electronic medical records at all times – a feature that is still rarely in use even in UK/USA.

Advantages of a PHR:

  • Portable health record available at all times in case of need / medical emergency
  • Alerts and reminders of future appointments
  • Schedule appointments
  • Make Cashless Payments to Hospitals / Doctors at ease.
  • Access Care Plans and Health Education Information at all times relevant to your own condition / ailments.

For more information visit National Health Portal – India