We have earlier discussed the need to recognize the Governance structure of DPDPA Compliance team including the PSO or the Patient Safety officer as one of the co-owners of the compliance requirements since every data breach is also a Patient Safety event. We therefore suggested that the team of CISO-DPO-PSO will be responsible for DPDPA compliance, NABH compliance and ITA 2000 compliance as an integrated compliance plan.
Another area of complexity that the hospitals find is in establishing the status of the consulting doctors, Subordinate hospitals and diagnostic centres. Diagnostic centers operate independently and determine the clinical decisions and therefore the Patient Safety actions.
Many hospitals provide support to subordinate hospitals in terms of telemedicine consultancy and some times remote surgery. In such cases the two entities need to settle their inter-se status as Joint Data Fiduciaries with a recognized boundary for data responsibilities.
Hospitals also work with consulting doctors who are independent professionals and take independent decisions on how the patient data is processed and disclosed. Some doctors may have “Employment” status while most may not. In such cases the status of who is a data fiduciary and who is a joint data fiduciary is a matter to be taken into account.
Additionally most hospitals work under a brand sharing program where there could be an umbrella brand that attracts the patients while the service is rendered independently by the franchisee hospitals. In such cases the possibility of “Super Data Fiduciary” status for the umbrella brand has to be also considered.
The DGPSI-Hospital framework therefore needs to cover these special situations.
Please send your views on these issues.
Watch out for more discussion.
Naavi
