Close this search box.

We are creating some awesome events for you. Kindly bear with us.

Indian Government plans to set up National and State Digital Health Authorities

Indian Government plans to set up National and State Digital Health Authorities

The Indian Government’s Ministry of Health and Family
Welfare (MoHFW) has released
a draft “Digital Information Security in Healthcare Act”.

Through the Act, the Ministry plans to set up a nodal body
in form of "National Digital Health Authority", as a statutory body
for promotion/ adoption of e-Health standards, to enforce privacy &
security measures for electronic health data, and to regulate storage &
exchange of Electronic Health Records. The Government also plans to establish State
eHealth Authorities and Health Information Exchanges.

The Government is seeking feedback on the draft Act till 21
April, 2018.

The National Electronic Health Authority of India will formulate
standards, operational guidelines and protocols for the generation, collection,
storage and transmission of the digital health data. These will be applicable
to clinical establishments generating and collecting digital health data for
their own use or for further transmission to the health information exchanges
and to health information exchanges storing and transmitting digital health
data to clinical establishments, or to other exchanges, or to State or National
Electronic Health Authorities. The State and National Authorities themselves, as
well as any entity having custody of any digital health data will be subject to
the requirements.

To ensure data protection and prevent breach or theft of
digital health data, the National Authroity will establish data security
measures for all stages of the data chain, which shall at the minimum include
access controls, encrypting and audit trails. It will also create protocols for
exchange of digital health data with other countries.

The National and State Authorities shall have the right to
inspect all records; or access the premises, including virtual premises of the
health information exchange or exchanges at any time to carry out the functions
in the Act.

Digital health data maybe be collected, stored and
transmitted by health information exchanges for the following purposes: 1) To
advance the delivery of patient centered medical care; 2) To provide
appropriate information to help guide medical decisions at the time and place
of treatment; 3) To improve the coordination of care and information among
hospitals, laboratories, medical professionals, and other entities through an
effective infrastructure for the secure and authorized exchange of digital
health data; 4) Improve public health activities and facilitate the early
identification and rapid response to public health threats and emergencies,
including bioterror events and infectious disease outbreaks; 5) facilitate
health and clinical research and health care quality; 6) promote early
detection, prevention, and management of chronic diseases; 7) carry out public
health research, review and analysis, and policy formulation; 8) undertake
academic research and other related purposes.

Government departments can submit requests for digital
health data in deidentified/anonymised form to the National Electronic Health
Authority for the purposes numbered 4 to 8 in the above list.

According to the Act, the digital health data shall be owned
by the individual whose health data has been digitised. A clinical
establishment or exchange holds the data in trust for the owner.

An owner shall have the right to privacy, confidentiality,
and security of their digital health data. Digital health data, whether
identifiable or anonymised, would not be accessed, used or disclosed to any
person for a commercial purpose and to insurance companies, employers, human
resource consultants and pharmaceutical companies, or any other entity as may
be specified by the Central Government.

It is specified that insurance companies shall not insist on
accessing the digital health data of persons who seek to purchase health
insurance policies or during the processing of any insurance claim.

The digital health data shall be transmitted by a clinical
establishment or entity or health information exchange only upon the consent of
the owner, after being informed of the rights of the owner. A health
information exchange shall maintain a register containing all details of the
transmission of the digital health data between a clinical establishment and
health information exchange, and between exchanges.

In the event of an emergency, certain digital health data can
immediately be made accessible to a clinical establishment, upon a request,
including information related to allergies, drug interactions etc.

The Act also lays out penalties for breaches of digital
health data.  Any person who breaches
digital health data shall be liable to pay damages by way of compensation to
the owner of the data.

Any person who commits a serious breach of health care data
shall be punished with imprisonment, which shall extend from three years and up
to five years; or fine, which shall not be less than 500,000 rupees (US$ 7675).

A serious breach is defined as occurring when a breach is
committed intentionally, dishonestly, fraudulently or negligently, it occurs in
relation to data which is not anonymised or de-identified, where the person
failed to secure the data, the data was used for commercial gain, or in the
case of repeated breaches.

The Central Government and the State Governments will
appoint a Central and State Adjudication Authorities respectively, to exercise
jurisdiction, powers and authority conferred by or under this Act.

In September 2013,
MoHFW notified the Electronic Health Record (EHR) Standards for India to
introduce a uniform standard-based system for creation and maintenance of EHRs
by healthcare providers. The standards were revised in line with developments,
as seen from this December 2016 release,
Standards Set Recommendations v2.0.

Read the draft Act here.


Qlik’s vision is a data-literate world, where everyone can use data and analytics to improve decision-making and solve their most challenging problems. A private company, Qlik offers real-time data integration and analytics solutions, powered by Qlik Cloud, to close the gaps between data, insights and action. By transforming data into Active Intelligence, businesses can drive better decisions, improve revenue and profitability, and optimize customer relationships. Qlik serves more than 38,000 active customers in over 100 countries.


As a Titanium Black Partner of Dell Technologies, CTC Global Singapore boasts unparalleled access to resources.

Established in 1972, we bring 52 years of experience to the table, solidifying our position as a leading IT solutions provider in Singapore. With over 300 qualified IT professionals, we are dedicated to delivering integrated solutions that empower your organization in key areas such as Automation & AI, Cyber Security, App Modernization & Data Analytics, Enterprise Cloud Infrastructure, Workplace Modernization and Professional Services.

Renowned for our consulting expertise and delivering expert IT solutions, CTC Global Singapore has become the preferred IT outsourcing partner for businesses across Singapore.


Planview has one mission: to build the future of connected work. Our solutions enable organizations to connect the business from ideas to impact, empowering companies to accelerate the achievement of what matters most. Planview’s full spectrum of Portfolio Management and Work Management solutions creates an organizational focus on the strategic outcomes that matter and empowers teams to deliver their best work, no matter how they work. The comprehensive Planview platform and enterprise success model enables customers to deliver innovative, competitive products, services, and customer experiences. Headquartered in Austin, Texas, with locations around the world, Planview has more than 1,300 employees supporting 4,500 customers and 2.6 million users worldwide. For more information, visit


SIRIM is a premier industrial research and technology organisation in Malaysia, wholly-owned by the Minister​ of Finance Incorporated. With over forty years of experience and expertise, SIRIM is mandated as the machinery for research and technology development, and the national champion of quality. SIRIM has always played a major role in the development of the country’s private sector. By tapping into our expertise and knowledge base, we focus on developing new technologies and improvements in the manufacturing, technology and services sectors. We nurture Small Medium Enterprises (SME) growth with solutions for technology penetration and upgrading, making it an ideal technology partner for SMEs.


HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. 


IBM is a leading global hybrid cloud and AI, and business services provider. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,000 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently and securely. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM’s legendary commitment to trust, transparency, responsibility, inclusivity and service.