wordpress blog stats
Connect with us

Hi, what are you looking for?

Data Security Council of India establishes privacy guidelines for healthcare sector

The DSCI’s guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.

By Bhavana Muralidhar

Health data pertains to information relating to an individual’s mental and physical health. Rapid digitalisation across all sectors has resulted in huge amounts of health data being generated in the healthcare ecosystem.

Thus far, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 recognised health data as sensitive personal information and mandates entities to adopt reasonable security practices to protect such data. The Electronic Health Record Standards, 2016 published by the Ministry of Health and Family Welfare introduced a system for maintenance of Electronic Medical Records/Electronic Health Records (EMR/EHR) by hospitals and healthcare providers in the country.

Now, the Data Security Council of India (DSCI), an industry body that works to establish best practices in cyber security and privacy, has released the DSCI Sectoral Privacy Guide applicable to healthcare. The Guidelines intend to be a simplified blueprint of best practices using which private and public healthcare service providers may revisit their practices for handling health data.

Highlights of the DSCI Privacy Guidelines

The DSCI’s guidelines recognise the various stakeholders a patient has to interact within the process of availing healthcare services. These stakeholders like healthcare providers, pharmacies, and insurance companies, in turn, interact with each other and this results in large amounts of data being continuously exchanged. The need to protect patient privacy becomes increasingly important as data is shared between these stakeholders.

Advertisement. Scroll to continue reading.

In this light, the Guidelines are manifestly patient centric and discuss the essential privacy controls such as notice and consent, and state what would amount to disclosure and processing of such collected data. The objective of the Guidelines is to provide actionable guidance to healthcare service providers to mitigate any type of privacy harm to patients they interact with.

According to the Guidelines, the seven actionable points or standards that entities can use as a checklist are as follows:

  1. Accurate and proportional data collection for patient identification: Healthcare service providers must strive to improve the process of collecting patients’ personal data to ensure that only accurate and necessary information is collected from the patient.
  2. Effective patient communication: Healthcare service providers must provide the patient clear notification with respect to the nature and extent of utilisation, and the relevance of their personal data to the service(s) being provided.
  3. Informed patient consent: Healthcare service providers must take express patient consent through a clear and affirmative action-based manner.
  4. Use or disclosure of patient personal data: Healthcare service providers must use a patient’s personal data only to the extent laid down in the purpose or to the extent of the consent provided by the patient.
  5. Securing patient personal data: Healthcare service providers must ensure the security of the patient’s personal data through administrative and technological controls.
  6. Enabling access to and correction of personal data: Healthcare service providers must allow patients access to their personal data. This must be done without excessive expense or delay. Patients should also be empowered to request amendments to their personal data to ensure that it is accurate, relevant, up to date, complete, and not misleading.
  7. Maintaining patient anonymity: Where lawful and practicable, patients should be given the option of not identifying themselves when dealing with health organisations.

To facilitate the application of these principles to real use cases, the Guidelines provide a comprehensive self-assessment tool that can be used by stakeholders to evaluate adequate compliance. The tool can be accessed here.


Bhavana Muralidhar is with the data privacy team at Quasar Legal. Views expressed are personal.

Also Read:

Have something to add? Subscribe to MediaNama here and post your comment. 

Advertisement. Scroll to continue reading.
Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Studying the 'community' supporting the late Sushant Singh Rajput (SSR) shows how Twitter was gamed through organized engagement


Do we have an enabling system for the National Data Governance Framework Policy (NDGFP) aiming to create a repository of non-personal data?


A viewpoint on why the regulation of cryptocurrencies and crypto exchnages under 2019's E-Commerce Rules puts it in a 'grey area'


India's IT Rules mandate a GAC to address user 'grievances' , but is re-instatement of content removed by a platform a power it should...


There is a need for reconceptualizing personal, non-personal data and the concept of privacy itself for regulators to effectively protect data

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ