DISHA (Digital Information Security in Healthcare Act)

The Digital Information Security in Healthcare Act (DISHA) is an act proposed to establish National and State eHealth Authorities and Health Information Exchanges.
It aims to standardize and regulate the processes related to the collection, storage, transmission, and use of digital health data, ensuring reliability, data privacy, confidentiality, and security.



Overview

DISHA regulates two primary types of information:

  1. Digital Health Data (DHD)
  2. Personally Identifiable Information (PII)

If enacted, DISHA will govern the generation, collection, access, storage, transmission, and use of both DHD and PII.



Digital Health Data (DHD)

DISHA defines Digital Health Data as:

“An electronic record of health-related information about an individual,” including:

  • Information concerning the physical or mental health of the individual
  • Information on health services provided to the individual
  • Data on organ or body part donations by the individual
  • Information derived from testing or examination of body parts or bodily substances
  • Information collected during healthcare provision
  • Information about the clinical establishment accessed by the individual


Personally Identifiable Information (PII)

DISHA defines Personally Identifiable Information as:

“Any information that can be used to uniquely identify, contact, or locate an individual, or used with other sources to uniquely identify a person.”

Examples of PII include:

  • Name, Address, Date of Birth
  • Telephone Number, Email Address, Password
  • Financial Information (bank account, credit/debit card details, etc.)
  • Physical, Physiological, and Mental Health Condition
  • Sexual Orientation
  • Medical Records and History
  • Biometric Information
  • Vehicle Number
  • Government-issued identifiers: Aadhaar, Voter ID, PAN, Passport, Ration Card, BPL Card


DISHA Patient Rights

Under DISHA, owners of digital health data are granted specific rights to ensure privacy, consent, and transparency.

Rights include:

  • Right to Privacy, Confidentiality, and Security
    Digital health data must be collected, stored, and transmitted securely.

  • Right to Consent
    Patients may give or refuse consent for data generation, collection, storage, or disclosure.

  • Right to Know and Access
    Patients can know which entities have access to their data and can view consent and access details.

  • Right to Rectification
    Patients can request correction of inaccurate or incomplete digital health data.

  • Right to Be Informed
    Patients must be notified each time their data is accessed by any clinical establishment.

  • Right to Prevent Disclosure
    Sensitive health data cannot be shared if it may cause damage or distress to the owner.

  • Right to Compensation
    Individuals may seek compensation for damages resulting from a data breach.

  • Right to Refuse Services
    Patients have the right to refuse health services if they do not consent to data handling.



Permitted Purposes for Data Use

DISHA allows Digital Health Data to be used for specific, legitimate purposes, including:

  • Improving patient-centered medical care
  • Guiding medical decisions at the time and place of treatment
  • Enhancing coordination among healthcare providers
  • Improving public health activities and early detection of threats
  • Supporting health and clinical research
  • Promoting prevention and management of chronic diseases
  • Conducting public health research and policy analysis
  • Facilitating academic and related research


Information Security

DISHA mandates that organizations must:

“Ensure data protection and prevent breach or theft of digital health data, establishing data security measures for all stages of data handling.”

Minimum requirements include:

  • Access Controls – Restricting access to authorized personnel only
  • Encryption – Protecting data during storage and transmission
  • Audit Trails – Maintaining records of access and modifications


DISHA Breaches

A data breach under DISHA occurs when:

  • Digital health data is generated, collected, or disclosed in violation of the Act
  • A person violates the exclusive rights of the data owner
  • Digital health data is not secured as per prescribed standards
  • Any person damages, destroys, deletes, or tampers with digital health data


Implementing DISHA Principles at GHO

At Global Health Opinion (GHO), we uphold DISHA’s core principles to ensure the privacy, security, and ethical use of DHD and PII.
Our practices are designed to foster patient trust while advancing responsible healthcare innovation.



1. Safeguarding Digital Health Data

GHO follows DISHA’s standards for secure handling of DHD, which includes medical records, diagnostics, and health services.
We ensure confidentiality through:

  • Secure generation and storage
  • Encrypted transmission
  • Controlled access and integrity checks


2. Protection of Personally Identifiable Information (PII)

GHO recognizes PII as highly sensitive and uses:

  • Advanced encryption protocols
  • Strict access management
  • Compliance with national and international data security frameworks

This ensures that all PII remains confidential and protected against unauthorized use.



3. Respecting Patient Rights

GHO supports all patient rights defined under DISHA:

  • Privacy and Consent: Explicit consent is obtained before accessing or generating any health data.
  • Access and Rectification: Patients can access and correct their records through secure interfaces.
  • Transparency: Patients are informed whenever their data is accessed or shared.
  • Compensation for Breach: GHO has mechanisms to investigate breaches and compensate affected users.


4. Purpose-Limited Data Usage

GHO uses digital health data strictly for permitted purposes:

  • Enhancing patient care and clinical decision-making
  • Supporting telemedicine and healthcare coordination
  • Promoting research for better healthcare outcomes

Data is never repurposed beyond user consent.



5. Information Security and Breach Management

GHO employs comprehensive data protection measures, including:

  • Access Controls – Restricting data access to authorized users
  • Encryption – Protecting sensitive data both in transit and at rest
  • Audit Trails – Maintaining logs for traceability and accountability

In case of a breach, GHO:

  • Immediately investigates the incident
  • Notifies affected individuals and authorities
  • Implements corrective actions in line with DISHA requirements


6. Compliance with Data Usage Purposes

GHO ensures all digital health data usage aligns with legal and ethical standards to:

  • Deliver patient-centered healthcare
  • Support public health and research initiatives
  • Foster data-driven clinical innovation


7. Proactive Approach to Data Security

GHO integrates DISHA’s data protection standards across all operations through:

  • Regular security audits and system checks
  • Employee training on data privacy and ethics
  • Adoption of advanced cybersecurity frameworks

These proactive measures minimize risks and reinforce patient trust.



The GHO Advantage in DISHA Compliance

By adhering to DISHA, Global Health Opinion (GHO) ensures:

  • Responsible and secure data handling
  • Transparency in healthcare operations
  • Ethical use of medical information
  • Compliance with national health data protection laws

GHO’s approach to DISHA compliance strengthens its position as a trusted leader in patient-centered, secure, and innovative healthcare services.