Indian healthcare industry has gone digital with respect to their record storage. But are they really safe? A legal framework for data collection and use, or breaches has not been set to match the electronic advancement.

A Maharashtra-based pathology lab which held Electronic Medical Records (EMR) of over 35,000 patients has been the latest victim of healthcare data leak in India. Health Solutions, which also had HIV reports of patients had its website hacked. This points to the lack of adequate safeguards for protecting such sensitive information. And although the issue is global (the recent WannaCry ransomware attack on England hospitals), India lacks in the government policies to handle such situations well.

The EMRs are usually given to private companies for data mining. They, in turn, provide it to private practitioners, insurance companies etc. There are high chances of the data being commercialized misused in this chain of events.

The latest rule to link these records with Aadhar number has only made the situation murkier. Since the legal framework governing the use of Aadhaar is ill-defined, it adds another layer of uncertain privacy implications.

There are no laws in India that mandate hospitals to disclose security breaches. The Health Insurance Portability and Accountability Act (HIPAA) demands a hospital to disclose a breach which has affected more than 500 patients. That leaves an uncertain situation for breached that do not qualify the required number.