How to meet the Approved Security Standards for Electronic Health Records (EHR) in India

Government norms, rules and regulations for EHR in India

The benchmarks for Electronic Medical Records (EMR) in India have been  published by the Government and can be read here – Electronic Health Record (EHR) Standards for India -2016 | Ministry of Health and Family Welfare Guidance

On browsing the above document, it will become apparent to anyone well versed with use of EHR applications in UK or USA that the security standards and framework in India is essentially the same as the benchmarks for such a system in Western Developed World. In the USA the legislation is called HIPPA or The Health Insurance Portability and Accountability Act. Any EHR that meets HIPPA Standards will essentially satisfy the needs of the legal framework on security in India.

HIPPA Compliant Achitecture for Electronic Health Records for India

Digital patient records need to be secure and comply with norms at the minimum recommended levels and designed with the ability to scale up to enterprise levels depending on the risk and liabilities of a given business entity/hospital.

The Patient Tracker System (PTS) has been designed with HIPPA Compliance in mind, it is informed by benchmarks set by EU guidelines such as the GDPR and Data Protection Laws in the UK and Legislation stipulating the Standards for EHR in India.

The PTS comes with following features that ensure end to end encryption and security at all times: 

  • Front end security – secure log-in, 2 factor authentication and use of OTP and IP white-listing.
  • Automated User Validation – staff and patient (if access is provided to read-only patient portal or e-appointments).
  • Transport Layer Security (TLS) or Secure Sockets Layer (SSL) enabled encryption for data in transit at all times.
  • Database encryption
  • Server and application firewalls
  • Threat penetration testing and monitoring
  • Upgrades and patch releases to ensure systems remain secure and up-to-date when dealing with changes to risks
  • ISO27001 accredited server hosts of international repute to ensure physical infrastructure is monitored 24/7
  • Encrypted back-up

For more on security standards for EHRs in India please see Electronic Health Record (EHR) Standards for India -2016 | Ministry of Health and Family Welfare Guidance 

It should be noted that the cyber architecture of an EHR and its requirements is different to the laws governing who owns the data and who processes the data and respective rights and responsibilities. This is differentiated by legislation in India and more can be read here – data protection laws in India.

Back to About EHR in India