Cognizance of Privacy in Indian Healthcare
Privacy of every patient’s health is the practice of maintaining the security and confidentiality of patient records. According to Wikipedia “medical privacy involves both the conversational discretion by health care providers, the security of medical records, physical privacy of patients from other patients and providers while in a medical facility”.
Growing demand for portability, accessibility, availability, mobility, Internet of Things and cloud technology while dealing with health information raised the trepidations about the privacy but it is also evident to yield the advantages of the innovation.
Business intelligence based bench marking solutions and fancy mobile applications collects huge data of the patient across the healthcare organizations at very nominal cost to the healthcare organizations. But the panic among the patients and healthcare providers that exploitation of data by disclosing to insurance companies, employers, and other third parties with the vested interest. The business models for the most of the startups are nothing but building the big data with identifiable / de-identified patient information.
When we analyze the physical privacy of the patients from other patients and providers while in a medical facility in India, situation is unassumingly pathetic. Be it Government hospitals, private multi-specialty hospitals and nursing homes, multiple patients are accommodated inside the consulting room and health conditions of every other patients is being discussed in front of others.
It was disheartening to emphasize the poor awareness of patient privacy with a real-life example where the patient’s unique medical record number, name, photograph and health condition was displayed in a bus stop banner, with the purpose of business promotion of the healthcare provider.
Detailed analysis of the policies and practices in other countries where the patient privacy is a sensitive issue is managed by well-designed acts and governance schemes.
• Europe Union adopted the directive on data protection in 1998 that prevents disclosure of any personal details held by a domestic organization to entities unless they fulfill the EU’s data safeguard guidelines.
• United States organizations comply with the Health Insurance Portability & Accountability Act (HIPAA), which is one of the most popular and complex patient data privacy protection act in the healthcare space.
• Canada government passed an act in 2000, the personal information protection and electronic documents Act (PIPEDA) that governs data privacy of private sector organizations to collect, use and disclose personal information in the course of commercial business. Key aspects of PIPEDA are Freedom of information (personal & EMR data), Consent & Complaints.
• Turkey’s response to protecting the privacy of patient information is ensured by articles 78 and 100 of legal code 5510. Also the Social Security Institution (SGK) regulates selling of patient information after allegedly anonymizing the data.
• Australia is very sensitive about the privacy and it is warranted by the personally controlled Electronic Health Records (PCEHR) Act 2012 and Privacy Act 1988 to govern how eHealth record information is managed and protected. This act also abides by the Information Privacy Principles in the Privacy Act 1988 (Commonwealth).
• New Zealand’s the Health Information Privacy Code (1994), addresses the health information collected, used, held and disclosed by health agencies through information privacy principles.
• Netherlands one of the richest in healthcare management, introduced nationwide exchange of medical information and access to electronic patient records which is totally based on the patient privacy.
• France’s code of conduct article 9 of the French Civil Code states the right to privacy through Penal Code (art. 226-13 and 14). Sharing of personal information and breach of the same is a criminal offence,
• Iceland government worked on health sector database during 1998 to firm up an act to create a centralized health data bank with controlled access to the de-identified clinical data.
• Are there sufficient safeguards for the protection of patient information in India? The legal aspect of Healh privacy (at least in the documentation) is equally well established. Acts such as Indian Medical Council (Professional conduct, Etiquette and Ethics) Regulations, 2002 with following exceptions of sharing the information are as follows:
• during referral
• when demanded by the court or by the police on a written requisition
• when demanded by insurance companies as provided by the Insurance Act when the patient has relinquished his rights on taking the insurance
• Specific provisions of workmen's compensation cases, consumer protection cases, or for income tax authorities
• disease registration
• communicable disease investigations
• vaccination studies
• drug adverse event reporting
Indian’s awareness of physical health and medical privacy is still in a very early stage as there are more serious and basic issues that are yet to be addressed. (Ref: Wikipedia, NCBI, CIS India)