Govt set to bar insurance firms from using health data to sell policies
The draft law makes any breach of health data punishable by up to five years’ imprisonment and a Rs5 lakh fine
New Delhi: Companies hauling out health data of people for selling them health or life insurance policies will be on the government’s radar once the Digital Information Security in Healthcare Act (DISHA) comes into force.
A draft bill prepared by the health ministry aims to maintain electronic health data privacy, confidentiality, security and standardization. “Digital health data, whether identifiable or anonymized, shall not be accessed, used or disclosed to any person for a commercial purpose and in no circumstances be accessed, used or disclosed to insurance companies, employers, human resource consultants and pharmaceutical companies, or any other entity as may be specified by the Central government,” the draft says.
“Insurance companies shall not insist on accessing the digital health data of persons who seek to purchase health insurance policies or during the processing of any insurance claim. Provided that for the purpose of processing of insurance claims, the insurance company shall seek consent from the owner to seek access his or her digital health data from the clinical establishment to which the claim relates,” it adds.
Experts welcomed the move. “Being largely in the unregulated domain, there has been proliferation of unscrupulous business activities around digital health data. With DISHA it would be easy to plug several loopholes that have been plaguing the Indian society as far as misuse of digital health data is concerned,” said Supratim Chakraborty, associate partner, Khaitan & Co., a Delhi-based law firm.
The draft law makes any breach of health data punishable by up to five years’ imprisonment and a Rs5 lakh fine. “The move toward digitalization is a great opportunity to bring about a fundamental change to the way we offer and consume healthcare. But, behind the breakthroughs that digital technology has bought us in the past few years, we have also seen its own set of challenges that come on top of these exciting technologies,” said Sandeep Patel, managing director and chief executive officer, Cigna TTK Health Insurance.
Despite the current climate around data privacy in India, interestingly, globally 45% of people are willing to share health data with third parties, especially with doctors (59%), a national health database (49%) and global bodies such as the World Health Organization (47%), according to Cigna 360° Well-being Research 2017, a survey conducted by Cigna TTK Health Insurance.
But only over a third would trust insurance companies (35%)—the highest trust level is in India (66%) followed by UAE (57%), Indonesia (54%), Thailand (52%) and China (51%). Worldwide, health data of people is at risk. The data is easily available and at risk of being mined by several industries, including insurance.
“Any person who commits a serious breach of health care data shall be punished with imprisonment, which shall extend from three years and up to five years; or fine, which shall not be less than five lakh of rupees,” the draft law states.