May 7, 2018
The Health Ministry is drafting a law which will make any breach of privacy of health data punishable by up to five years and a fine of up to INR50,000.This means that insurers which use the health data of people to sell them health or life insurance policies will be affected once the Digital Information Security in Healthcare Act (DISHA) comes into force.
“Digital health data, whether identifiable or anonymised, shall not be accessed, used or disclosed to any person for a commercial purpose and in no circumstances be accessed, used or disclosed to insurance companies, employers, human resource consultants and pharmaceutical companies, or any other entity as may be specified by the Central government,” the draft says.
“Insurance companies shall not insist on accessing the digital health data of persons who seek to purchase health insurance policies or during the processing of any insurance claim. Provided that for the purpose of processing of insurance claims, the insurance company shall seek consent from the owner for access to his or her digital health data from the clinical establishment to which the claim relates,” it adds.