The bad practices of medical service provider and gap in existing law has often brought the issue of leakage of medical data. In a news published by Inc 42 in the year 2020, it stated over a million medical records and 121 Mn medical images of Indian patients, including X-rays and scans, have been leaked online to be freely accessible by anyone. Patient records also include also include details such as the name of the patient, their date of birth, the national ID, name of the medical institution, their medical history, physician names and other details that are meant to be classified. Its high time India should awaken to strengthen the legal framework to secure the data. This article focuses on data security in health care sector.
HIPAA is famous Health Insurance Portability and Accountability Act of America passed in the year 1996 by US Congress. HIPAA Privacy regulations require health care providers and organizations, as well as their business associates, to develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared. This applies to all forms of PHI, including paper, oral, and electronic, etc. Furthermore, only the minimum health information necessary to conduct business is to be used or shared.
The history of the law dates back when the Health Insurance Industry was trying to force more digitization into medical record so that the processing of health insurance could be more efficient and less fraud prone. The Insurance industry therefore wanted a push for greater use of Electronic Health Records( EHR) by medical professionals. Insurance industry dominates the US healthcare sector and hence the move was inevitable. India on the other hand has no visibility in terms of legal coverage of medical records except that they are part of privileged communication.
What is considered personal health information under HIPAA?
HIPAA lists 18 different information identifiers that, when paired with health information, become PHI. Some of these identifiers on their own can allow an individual to be identified, contacted or located. Others must be combined with other information to identify a person. This list includes the following:
- name;
- address (anything smaller than a state);
- dates (except years) related to an individual — birthdate, admission date, etc.;
- phone number;
- fax number;
- email address;
- Social Security number;
- medical record number;
- health plan beneficiary number;
- account number;
- certificate or license number;
- vehicle identifiers, such as serial numbers, license plate numbers;
- device identifiers and serial numbers;
- web URL;
- Internet Protocol (IP) address;
- biometric IDs, such as a fingerprint or voice print;
- full-face photographs and other photos of identifying characteristics; and
- any other unique identifying characteristic.
- Health information such as diagnoses, treatment information, medical test results, and prescription information
Indian Scenario
There is mushrooming of the mobile apps in healthcare sector but what is the status of privacy of the patient information in India needs to be seen. Different countries have different laws parallel to HIPAA but the question is where does India stand. Currently, Indian healthcare is protected only under the HIPAA laws
Add Comment