Medical services and technology are increasingly been used together to provided effective and time bound services. While this is a welcome move yet regulatory compliances cannot be kept at bay while providing such services.
In the Indian context, regulatory compliances are frequently ignored and violated. Whether it is online pharmacies, e-health, m-health, telemedicine, mobile medical devices and applications, etc, medicine field related stakeholders are openly flouting the applicable norms and regulations.
Although we have no law on the lines of United State’s Health Insurance Portability and Accountability Act of 1996 yet there are numerous statutory provisions that must be complied with. These include privacy law compliances, data protection requirements (PDF), cloud computing compliances, encryption related compliances, cyber law due diligence (PDF), etc.
It has been reported that All India Institute of Medical Sciences (AIIMS) Bhubaneswar will launch electronic health card, a smartcard-based automated system to store and manage medical records of patients receiving treatment in the institution. The project entails simplification of process for both the hospital administration as well as the patients by creating computerised medical database. While this is a welcome move yet techno legal compliances seem to have been ignored. Even there are no hints of ensuring an effective and techno legal cyber security for such e-health records database.
The proposed card will store individual patient records right from registration, primary consultation, diagnosis, pathological and other diagnostic tests and medicines prescribed during every visit to the hospital. This data is personal sensitive information that has to be protected both legally and technologically. But there seems to be no sign of the same so far.
The e-health card would be introduced in a phase-wise manner starting off with the students, faculty members, AIIMS staff and patients suffering from chronic illnesses that require frequent visits and follow-ups before making it available to the general public. Initially around 10,000 to 20,000 such cards would be issued. The smartcard is also planned to be made part of the integrated hospital information management system (HMIS) network being implemented across the six new AIIMS in the country. This would enable seamless consultation and treatment of patients between the institutions.
We at Perry4Law welcome these reformative and pro health initiatives of AIIMS and Indian government. However, we also strongly recommend that techno legal issues of e-health records must also be ensure before hand before this much needed project is implemented. These types of projects have serious privacy, data protection and cyber security implications and the same must be kept in mind while launching the project. Fortunately, these aspects seem to be within the knowledge of AIIMS and we can expect their due implementation in the future as well.