NEW DELHI: The health ministry may wait for the Justice BN Srikrishna committee to submit its recommendations on an all-encompassing data privacy law, before pushing a piece of legislation concerning security of information it has been working on for the health sector.
The Ministry of Health had put out a draft of the ‘Digital Information Security in Healthcare, Act (DISHA)’ in March to “enforce privacy and security measures for electronic health data, and to regulate storage and exchange of electronic health records”. It had also sought establishment of a National Digital Health Authority and health information exchanges. The ministry has now decided to go slow, even as the telecom sector regulator’s recommendations last week over data privacy has triggered a controversy with some quarters of the government unhappy over the timing of the move, as the Justice Srikrishna committee is expected to submit its report soon.
While the health ministry has yet to take a call on whether it will completely halt work on DISHA, it is constantly engaged with the Ministry of Electronics and IT (MeiTY) in the drafting of the regulation, senior government officials ETspoke to said.
“We’ve had several discussions with MeiTY and the whole government would have to work within the same framework (to bring out a data protection law). Inter-ministerial discussions are a prerequisite before passing any such law,” said a senior health ministry official, who did not wish to be named.
When the health ministry came to know of MeiTY’s intention to create a data protection law, it sent its draft of DISHA to MeiTY for comments.
“The idea is to see whether DISHA can be incorporated in Mei-TY’s data protection Act as a health-specific regulation like protection of patient data,” said a senior government official on the condition of anonymity.
“MeiTY is anyway brought in for guidance on IT-specific interventions in healthcare. A draft of DISHA was already up for public comments,” added the official.
An official at MeiTY said it had on its part requested the health ministry to wait for the Justice Srikrishna committee’s report.
The Telecom Regulatory Authority of India (Trai) last week released its recommendations on the subject titled ‘Privacy, Security and Ownership of Data in the Telecom Sector’, which are applicable for apps, browsers, operating systems and handset makers.
The recommendations came at a time when the government-appointed Justice Srikrishna Committee is close to finalising its recommendations for data protection legislation. The committee report which, earlier expected to be finalised by end of June, is delayed and unlikely to be finalised before the first week of August. According to sources, the committee will meet for one more time before finalising the legislation.