wordpress blog stats
Connect with us

Hi, what are you looking for?

Data Security Council of India establishes privacy guidelines for healthcare sector

The DSCI’s guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.

By Bhavana Muralidhar

Health data pertains to information relating to an individual’s mental and physical health. Rapid digitalisation across all sectors has resulted in huge amounts of health data being generated in the healthcare ecosystem.

Thus far, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 recognised health data as sensitive personal information and mandates entities to adopt reasonable security practices to protect such data. The Electronic Health Record Standards, 2016 published by the Ministry of Health and Family Welfare introduced a system for maintenance of Electronic Medical Records/Electronic Health Records (EMR/EHR) by hospitals and healthcare providers in the country.

Now, the Data Security Council of India (DSCI), an industry body that works to establish best practices in cyber security and privacy, has released the DSCI Sectoral Privacy Guide applicable to healthcare. The Guidelines intend to be a simplified blueprint of best practices using which private and public healthcare service providers may revisit their practices for handling health data.

Highlights of the DSCI Privacy Guidelines

The DSCI’s guidelines recognise the various stakeholders a patient has to interact within the process of availing healthcare services. These stakeholders like healthcare providers, pharmacies, and insurance companies, in turn, interact with each other and this results in large amounts of data being continuously exchanged. The need to protect patient privacy becomes increasingly important as data is shared between these stakeholders.

In this light, the Guidelines are manifestly patient centric and discuss the essential privacy controls such as notice and consent, and state what would amount to disclosure and processing of such collected data. The objective of the Guidelines is to provide actionable guidance to healthcare service providers to mitigate any type of privacy harm to patients they interact with.

According to the Guidelines, the seven actionable points or standards that entities can use as a checklist are as follows:

  1. Accurate and proportional data collection for patient identification: Healthcare service providers must strive to improve the process of collecting patients’ personal data to ensure that only accurate and necessary information is collected from the patient.
  2. Effective patient communication: Healthcare service providers must provide the patient clear notification with respect to the nature and extent of utilisation, and the relevance of their personal data to the service(s) being provided.
  3. Informed patient consent: Healthcare service providers must take express patient consent through a clear and affirmative action-based manner.
  4. Use or disclosure of patient personal data: Healthcare service providers must use a patient’s personal data only to the extent laid down in the purpose or to the extent of the consent provided by the patient.
  5. Securing patient personal data: Healthcare service providers must ensure the security of the patient’s personal data through administrative and technological controls.
  6. Enabling access to and correction of personal data: Healthcare service providers must allow patients access to their personal data. This must be done without excessive expense or delay. Patients should also be empowered to request amendments to their personal data to ensure that it is accurate, relevant, up to date, complete, and not misleading.
  7. Maintaining patient anonymity: Where lawful and practicable, patients should be given the option of not identifying themselves when dealing with health organisations.

To facilitate the application of these principles to real use cases, the Guidelines provide a comprehensive self-assessment tool that can be used by stakeholders to evaluate adequate compliance. The tool can be accessed here.


Bhavana Muralidhar is with the data privacy team at Quasar Legal. Views expressed are personal.

Also Read:

Have something to add? Subscribe to MediaNama here and post your comment. 

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Factors like Indus not charging developers any commission for in-app payments and antitrust orders issued by India's competition regulator against Google could contribute to...


Is open-sourcing of AI, and the use cases that come with it, a good starting point to discuss the responsibility and liability of AI?...


RBI Deputy Governor Rabi Shankar called for self-regulation in the fintech sector, but here's why we disagree with his stance.


Both the IT Minister and the IT Minister of State have chosen to avoid the actual concerns raised, and have instead defended against lesser...


The Central Board of Film Certification found power outside the Cinematograph Act and came to be known as the Censor Board. Are OTT self-regulating...

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ