The Main Reason of Complying to Compliances and Standards are to
1) Ensure Confidentiality, Integrity and Availability of the Data they create, transmit, receive and maintain
2) To protect against threats and integrity violations
3) Usage Policy and Disclosures standards
4) Ensuring Their Workforce will comply with their Security policies and procedures.
Here we are going to discuss about the Health Information Security.
Does India really Have a Standard like HIPPA or how its helping us? What will happen if you don’t comply to HIPPA if you are one of the Health Sector Business Associates and Organizations.
What is HIPPA?
HIPPA stands for Health Insurance Portability and Accountability Act. Passed in 1996 by United States of America. A standard to protect sensitive patient Health Information from Being Disclosed without any patient’s consent or knowledge.
So what’s for India then?
“India don’t have any HIPPA Compliance particularly but we have another Data Protection Law”
It has two Legislations in this regard:
the Personal Data Protection (PDP)
Digital Information Security In Healthcare ACT (DISHA)
So What are all the Information is Considered as Sensitive Personal Data or Information (SDPI).
- Financial Information
- Physical, physiological and mental Health Conditions
- Medical Records and History
- Biometric Information
- Sexual Orientation
- Any of the above information stored, processed by corporate.
We still have HIPPA’s influence in Indian Health Sector business associates. Organizations are ready to invest in India in the Health Sector under one condition; if India is an HIPPA Compliant country.
If your Health Sector organizations or clinics are not furnished and secured according to HIPPA compliance, you won’t be eligible to use U.S Products, services and Devices. You should comply with HIPPA standard for legal Working under conditions
Though Penalties are there but not properly implemented in India because people are unaware of these things.
Think about Small and Medium Level General Medical Clinics, Labs, Imaging Stations. They don’t have idea they need to comply with such standards.
We are about to discuss on PDP and DISHA in the Upcoming Blogs, Stay tuned with the HIPPA Series to get more information on it.
Until then Bye Bye.
Security Analyst & InfoSec Trainer