DISHA Audit
DISHA (Digital Information Security in Healthcare Act) is poised to facilitate the digital sharing of personal health records within hospitals, clinics, and among different healthcare institutions. This legislation lays the foundation for the establishment of comprehensive digital health records across India.
DISHA (Digital Information Security in Healthcare Act) is poised to revolutionize the digital sharing of personal health records within hospitals, clinics, and across healthcare institutions, serving as the foundation for the establishment of comprehensive digital health records in India. The National Health Policy has endorsed the creation of a National Health Information Network, specifically for sharing Aadhaar-linked Electronic Health Records, further aligning with DISHA’s objectives.
DISHA introduces substantial restrictions on the use of health data, placing individuals firmly in control of their data. The legislation provides robust protection, outlining explicit purposes and processing criteria for health data. It expressly prohibits processing for any other grounds, necessitating either the individual’s consent or legal requirements for such use if specified under DISHA.
Data governance under DISHA adopts a consent-based approach, granting individuals significant rights and establishing them as the rightful owners of their data. Individuals are empowered with a decisive say in the fate of their data. Access to health data under DISHA is limited, allowing governmental departments to seek access through the National Electronic Health Authority, established under the Act, for purposes such as public health activities, research, disease prevention, and academic research. Additionally, access for investigation is permissible via a court order.
DISHA grants explicit rights to individuals, enabling them to give or refuse consent at every stage of data processing. They possess the right to withdraw consent for data storage and transmission. Noteworthy consent-related rights include the requirement for explicit, prior permission for every identifiable use of data and the assurance that refusal of consent at any stage will not result in denial of healthcare.
Why Work with us?
CERT-IN Empaneled Security Auditor
CEREIV is empaneled by CERT-In, offering digital security verification services to validate organizational readiness and system security.
Flexible Delivery
The CEREIV team understands the necessity for flexibility in test scheduling, ensuring that customers can achieve optimal results tailored to their specific requirements.
Are you ready for the next steps?
Related Insights
Navigating the Path to CERT-IN Compliance: A Step-by-Step Guide
Ensuring the security of India's internet infrastructure hinges significantly on the...
GST Suvidha Providers System Audit: A wholesome Approach
Who is a GST Suvidha Provider or GSP? GST Suvidha Provider or GSP focuses to an...
Process Guidelines For CERT-In Empanelled Information Security Auditing Organizations
Introduction to CERT-In CERT-In (the Indian Computer Emergency Response Team) is a...