I am happy to announce that a new website www.hdpsa.in has been activated to present the news and views about the proposed “Healthcare Data Protection and Security Act”. (HDPSA).
This HDPSA is similar to HIPAA of USA and is expected to bring in enormous change to the lives of Health Care professionals including Hospitals, Pharmacies, Medical Practitioners as well as all IT Companies who have an exposure to Indian hospitals and healthcare operations.
We all know that HIPAA and later HITECH Act stimulated the US economy and brought long term benefits to the IT industry though they were actually meant to benefit the Health Insurance sector. Even in India it is expected that the IT industry in general will benefit from this law.
The law is presently being considered by the Ministry of Health and Family Welfare.
We are aware that earlier attempts to bring in an omnibus Privacy law in India has not been successful. But this time the sectoral law on Healthcare privacy should go through. However we donot know the time line at which the law may get implemented. It would be no surprise if it takes an year or so for it to be notified.
However, for somebody who has been actively involved in HIPAA compliance in India, the undersigned has always highlighted that ITA 2000/8 made the provisions of HIPAA almost a standard for Indian Health Care industry. Many Indian companies therefore adopted the principles of HIPAA privacy and security mandates though they did not have exposure to US health information.
Now it becomes imperative for Indian Health Care companies to follow almost the same standards as are imposed in USA for Covered Entities and Business Associates in USA.
Though this is good news for privacy advocates, the financial and administrative burden on the companies will be significant and having observed the attitude on “Compliance ” of Indian companies over several decades, there would be every attempt made by the industry to postpone the inevitable.
We need to await the final law to really understand how the enforcement mechanism will shape up since this alone will let us know how the law will progress in terms of adoption.
But having driven the ITA 2000 compliance for the last 16 years, it is natural for the undersigned to pick up the HDPSA compliance as an important area of my activity. Obviously it starts with awareness building which the website www.hdpsa.in should do and will be followed by the consultancy for conducting gap analysis and implementing necessary mitigation efforts to achieve a reasonable level of compliance.
I wish the Government keeps in touch with the experts in the field at the time of designing the law itself so that there will be less need for us to be critical of any provisions subsequently.
It is expected that a forum of interested experts will come together under the website and try to provide guidance to the Government whether solicited or not.
I therefore invite participation of professionals in this activity first by contributing their views in the form of articles on the website.