There are lots of highly developed laws enacted in the United States and much of Europe to protect the personal data of individuals, and they are looking further to improve the system.

India, on the other hand, is just starting out. It is still learning from western countries.

The first step by Indian legislation to protect online data came through the amendment of the information technology act, 2000. And the IT Act was the primary law to explain the term, sensitive personal information.

Under this act, any corporate body or person who obtains personal information for any reason must get written consent from the person who owns the information.

The Indian government has made privacy and security laws, but, in certain sectors and types of sensitive information only.

The current state of data protection in India

Currently, the healthcare sector lacks a single, comprehensive law and procedures that can regulate the collection and use of critical information of patients.

There are no laws available for the protection of the medical history of a patient and confidential information.

Though, the healthcare professionals have the obligation to protect the information of individuals because of the doctor-patient confidentiality, as per the medical laws and ethics in India, 2002.

The physicians are required to keep the information of patients as well as the various stages of medical treatment confidential.

Source: Pixabay

But these obligations do not exist for private hospitals to protect critical information. Also, the Indian Medical Regulations fail to recognize IP addresses and URLs as sensitive information, which is a significant part of the internet-driven world.

When we look into the IT Act, it was mainly to provide a basic framework to protect data of e-commerce within India. Most provisions in the law are concerned mainly with verifying the authenticity of the digital documents and messages within the country, but these suffer from various flaws.

For example, the act does not define cybercrime in the digital field appropriately. It mostly focusses on computer-related crimes only, plus, the policies are not well-structured. It also excludes some of the legal entities like NGOs, and many others.

As such, most of the cybercrime cases in India are left untreated. According to a report by National Crime Records Bureau, out of the 24,187 cybercrimes, only 38% were disposed of in 2016.

Also Read: 10 healthcare data security measures everyone should implement

Coming back to healthcare, most Indians don’t even know when their sensitive health information is being protected by the law and when it is not.

This year in March, Bob Diachenko, an independent cybersecurity researcher from Germany found that more than 12.5 million medical records of Indian women were available online without a password.

“Before the Acronis implementation, there was a huge risk that malware could take down our company. Now, with Acronis, I can say that we’ve done everything possible to protect our data from an attack.” CIO, high performance manufacturing company.
Read details in a report by Forrester.

Very sensitive information like ultrasound scans, abortions, pregnancy complications, etc., were available for three weeks, which was a major data breach in regard to doctor-patient confidentiality.

With individuals, institutions, and organizations going digital, there is a growing concern about related risks.

An additional risk arises when companies compromise data due to the lack of proper safeguards in place. Thus, there is a necessity for laws in the country to protect personal and digital information right now.

Why India needs to protect healthcare data?

The healthcare sector in India is quickly becoming the main target for hackers. The cybersecurity ecosystem of healthcare has seen a rise in data breaches in the last 5 years, with the largest breaches impacting about 80 million people.

Source: Pixabay

The data breaches in healthcare often expose very valuable information than any other industry like patient’s name, contact information, address, medical history, card details, health insurance information, etc. that can be used for identity theft by hackers.

This healthcare data is fraudulently used to purchase items, billing for care, receive medical care, and modify health records. Attackers may also use the patient’s private information to blackmail them or perform criminal activities. 

Plus, the healthcare setup is regarded as having a weak security system. A report from SecurityScorecard ranks healthcare in 5th number in ransomware counts, and 9th in terms of overall security ratings, among all the industries.

What’s more? More than 77 percent of the healthcare industry is infected with malware since 2015.

As a result, India has been working on to shape the data collection in the country. In alignment with the EU’s General Data Protection Regulation (GDPR), the Ministry of Health and Family Welfare last year presented the Digital Information Security in Healthcare Act (DISHA) to ensure the collection, confidentiality, and security of digital health data.

Also Read: Incoming! Healthcare data protection law in India

“The purpose of the act is to provide for electronic health data privacy, confidentiality’, security and standardization and provide for the establishment of National Digital Health Authority and Health information Exchanges and such other matters related and incidental thereto,” the draft mentioned.

But the law has not come into effect yet as the Health Ministry awaits the decision of the Supreme Court on Aadhaar case regarding the issue of individuals’ privacy.

Self-improvement for data protection

As they wait for an effective data protection law continues, companies are looking for ways to secure their online presence.

The responsibility of companies also rises as they need to repeatedly ensure how their customer data is collected, stored and shared, and check if the data is hacked, altered or deleted by any unauthorized user.

Read Next: How is Data Transforming Healthcare in India?

While healthcare compliance in India is a big concern for healthcare firms, they are also aware that they are equally responsible for any data breach and it is their responsibility to make compliance planning a priority.

“Acronis is directly responsible for saving our company 1200 hours per year for IT operations staff in backup and recovery workflows.” CIO, high performance IT company.
Read details in a report by Forrester.

So, they are adopting technology solutions to follow the prescribed norms and to prevent risking reputation. For if data compromises happen, a single complaint may hit a business badly, as badly as more than 2 years.

Thus, healthcare providers and organizations must strengthen their cybersecurity capabilities and improve data management. Most importantly, this will give customers the confidence that their health data is protected, and is in trusted hands.