Let's Build a Responsible Cyber Society




Indian BPOs need to demonstrate their commitment to Data Security

The report in Economic Times suggesting a successful sting operation revealing the possibility of leakage of medical record information for a price by one transcription company in India calls for an urgent and appropriate response from the industry.

It is necessary for us to remind the world that the IT industry contains a spectrum of operators and there will be the good, the bad and the ugly. One sting operation like the reported incident cannot be used to tarnish the image of the industry as a whole.

A recent PWC survey on global scenario indicates that Information Security practices in India is reasonably good and compares well with the global standards. However more efforts are needed in this direction to ensure that accusing fingers are not pointed at India.

However, it is possible for sections of the International Community which is opposed to outsourcing business to India to pick up the current incident and blow it out of proportion. They may actually try to get sanctions passed against outsourcing of business to India through the Data Protection Act in EU or through HIPAA/HITECH in USA. The problems will not stop at the small medical transcriptionists. It is likely to affect the image of the country as a "Security Conscious" country and would hurt even the larger companies.

If the Indian industry does not wake up and take remedial action, the damage can be substantial. Naavi.org therefore suggests an action plan for medical Transcription Centers in Bangalore to meet the emerging threat.

The outline of the action plan is as follows:

1. Naavi.org will take the lead in promoting the concept of "Information Security Society for Medical Transcriptions" to which all Medical Transcription companies in Bangalore will become members.

2. The objective of the society is to promote use of global standard information security in all the member establishments.

3. Provisional membership would be provided to all entities which are in the Medical Transcription Business.

4. The membership will be upgraded from "Provisional" to "Secure" membership of Class I, Class II and Class III.

5. Norms of security would be defined for each member class I, II and III and the members need to fulfill the norms and maintain it.

6.Periodical audits to be conducted by the organizations to document their security status.

7. Society would conduct periodical surprise inspections to determine whether the security status is being maintained.

8. The society would endeavour to project a collective image to the global vendors to instill confidence in them.

9. Cyber Law College will develop a standard framework called MTSF-1009 (Medical Transcription Security Framework) exclusively for the purpose on the lines of LIPS-1008 a security standard developed for Legal Process Outsourcing Companies.

10. The Society would endeavour to conduct appropriate training for the members and their employees to ensure compliance of the desired "Techno Legal Information Security Standards"


October 19, 2009

[Comments Welcome]

 Comments are Welcome at naavi@vsnl.com