Healthcare can be significantly improved
with the use of information and communication technology (ICT). Examples
of combination of healthcare with ICT are e-health, m-health,
telemedicine, online pharmacies, etc. However, with the use of ICT there
are certain techno legal issues that have to be managed by various
stakeholders especially the Indian Government.
As a matter of fact it is absolutely essential to formulate e-health laws in general and Digital India Laws
in particular. Similarly, actual implementation of proposed or declared
projects and policies is more important as otherwise polices and
projects remain mere declarations. For instance, a proposal to
constitute an e-health authority of India was mooted in June 2014. However, till August 2016 there is no sign of such an authority.
It is only now that the Union health
ministry recently conducted a National Consultation on NeHA under the
chairmanship of secretary, ministry of health, to give a final shape to
the e-health authority. Obviously, it would take some more time, may be
years, for the NeHA to be finally operational. Even then it is not clear
whether the Indian Government would be able to provide a techno legal
framework for NeHA with adequate procedural safeguards as till now that is missing from all its projects, including the Digital India. Perry4Law Organisation (P4LO) strongly recommends that such a techno legal framework must be formulated by Indian Government as soon as possible.
The Ministry of Health and Family Welfare has released a concept note discussing establishment of the National eHealth Authority (NeHA) for India
in the past. According to the note, NeHA will be the nodal authority
that will be responsible for development of an Integrated Health
Information System (including Telemedicine and mHealth) in India, while
collaborating with all the stakeholders, viz., healthcare providers,
consumers, healthcare technology industries, and policymakers. It will
also be responsible for enforcing the laws and regulations relating to
the privacy and security of the patients health information and records.
Healthcare laws and regulatory compliances are long overdue in India. For instance, telemedicine and online pharmacies related regulatory issues are ignored by the e-health and m-healthy entrepreneurs in India. Websites selling medicines online are openly flouting the laws of India. Mobile application developers
in India are also required to comply with privacy, data protection and
cyber law requirements. These regulatory compliances are not adhered to
by healthcare industry and entrepreneurs of India.
Similarly, healthcare cyber security issues in India are still not priority area for businesses and entrepreneurs. Healthcare industry is facing diverse range of cyber attacks
these days. The prominent among them is ransomware that encrypts the
sensitive healthcare information and decrypts the same only once the
ransom is paid. So much is the nuisance these days that the National
Institute of Standards and Technology (NIST) has released a guide for IT
developers on integrating security measures into the development
process, which could influence healthcare cyber security management.
Recently the cabinet approved the draft national IPR policy of India.
This would facilitate intellectual property creation in favour of
e-health and m-health entrepreneurs in India. This would also ensure
that IPRs of others are not violated by the e-health and m-health
entrepreneurs of India
Indian government has started ambitious initiatives like Digital India and Internet of Things (pdf) that intend to bridge the digital divide in India on the one hand and enabling e-delivery of services in India
on the other. There are many segments of Digital India projects and
e-health is one of them. E-health initiatives of India government aim at
providing timely, effective and economical healthcare services to
Indian population. E-health is particularly relevant for masses that
have little access to healthcare services in India.
While the objectives of Digital India are
laudable and deserve full support yet we at Perry4Law Organisation
(P4LO) also believe that the shortcomings of Digital India
project of India cannot be ignored or bypassed by Indian government.
Similarly insisting upon Aadhaar number for healthcare services in India
would be a terrible idea especially when Aadhaar is not mandatory for government services in India.
As per the concept note, NeHA would be responsible:
(a) To guide the adoption of e-Health
solutions at various levels and areas in the country in a manner that
meaningful aggregation of health and governance data and
storage/exchange of electronic health records happens at various levels
in a cost-effective manner,
(b) To facilitate integration of multiple health IT systems through health information exchanges,
(c) To oversee orderly evolution of
state-wide and nationwide Electronic Health Record Store/Exchange System
that ensures that security, confidentiality and privacy of patient data
is maintained and continuity of care is ensured.
In the light of the above, NeHA has been envisaged to support:
(a) Formulation of policies, strategies
and implementation plan blueprint (National eHealth Policy / Strategy)
for coordinated eHealth adoption in the country by all players;
regulation and accelerated adoption of e-health in the country by public
and private care providers and other players in the ecosystem; to
establish a network of different institutions to promote eHealth and
Tele-medicine/remote healthcare/virtual healthcare and such other
measures;
(b) Formulation and management of all
health informatics standards for India; Laying down data management,
privacy & security policies, standards and guidelines in accordance
with statutory provisions; and
(c) To promote setting up of state health records repositories and health information exchanges (HIEs);
(d) To deal with privacy and confidentiality aspects of Electronic Health Records (EHR).
Functions of National eHealth Authority
(1) Core Functions
(a) Policy and Promotion
(i) Working out vision, strategy and
adoption plans, with timeframes, priorities and road-map in respect of
eHealth adoption by all stakeholders, both Public and Private providers,
formulate policies for eHealth adoption that are best suited to Indian
context and enable accelerated health outcomes in terms of access,
affordability, quality and reduction in disease mortality &
morbidity
(ii) To engage with stakeholders through
various means so that eHealth plans are adopted and other policy,
regulatory and legal provisions are implemented by both the public and
private sector stakeholders.
(iii) It shall provide thought leadership, in the areas of eHealth and mHealth.
(b) Standards Development
(i) Government of India, MoHFW has
published EMR/EHR standards for India in 2013. Similarly, MoHFW has
become a member of IHTSDO with a view of widespread adoption of
SNOMED-CT in India; MoHFW has also nominated C-DAC (Pune) as interim NRC
(iNRC). As such, initial focus of NeHA would be on addressing
implementation issues and promoting mechanisms in support of the same.
(ii) Concurrently, NeHA will be nurtured
to undertake the role of a standards development, maintenance and
support agency in the area of Health Informatics
(c) Legal Aspects including Regulation
(i) NeHA will be setup through an
appropriate legislation (Act of Parliament). It is also proposed to
address the issues relating to privacy and confidentiality of Patients’
EHR in the legislation. NeHA may act as an enforcement agency with
suitable mandate and powers.
(ii) NeHA will be responsible for
enforcement of standards and ensuring security, confidentiality and
privacy of patient’s health information and records.
(d) Setting up and Maintaining Health Repositories, Electronic Health Exchanges and National Health Information Network
NeHA, while avoiding the implementation
role by itself, will prepare documents relating to architecture,
standards, policies and guidelines for e-Health stores, HIEs and NHIN;
it may also initiate or encourage PoCs, in close consultation with
government – centre and states, industry, implementers and users. Later,
it would lay down operational guidelines and protocols, policies for
sharing and exchange of data, audit guidelines and the like; these shall
be guided by experience in operation and use of PoC, global best
practices and consultations with stakeholders (MoHFW, State governments
and other public and private providers, academia, R&D labs, and
others).
(e) Capacity Building
Spreading awareness on Health Informatics
/ eHealth to healthcare delivery professionals through various
educational initiatives and flexible courses according to the background
of the learners will form a component of NeHA activities, as it is seen
as critical to acceleration of adoption of eHealth.
(f) Other functions may be assigned to NeHA as the situation warrants.
Health being a state subject in India and
much depends on the ability /regulatory framework enacted by the State
governments, NeHA shall be created through legislation (Act of
Parliament) that empowers it to take leadership and strategic role for
setting directions for public and private eHealth initiatives, including
electronic health records storage and health information exchange
capabilities and other related health information technology efforts and
regulation of the same.
NeHA shall ensure ongoing interagency
cooperation – while engaging with various stakeholders through the
Standing Consultative Committee and also through other means, in a
structured, open and transparent manner to support successful evolution
of national integrated health information system. We at Perry4Law Organisation (P4LO) welcome this initiative of Indian government and wish all the best to it in this regard.