Monday, August 29, 2016

National E-Health Authority (NeHA) Of India May Be Constituted In Future

Healthcare can be significantly improved with the use of information and communication technology (ICT). Examples of combination of healthcare with ICT are e-health, m-health, telemedicine, online pharmacies, etc. However, with the use of ICT there are certain techno legal issues that have to be managed by various stakeholders especially the Indian Government.

As a matter of fact it is absolutely essential to formulate e-health laws in general and Digital India Laws in particular. Similarly, actual implementation of proposed or declared projects and policies is more important as otherwise polices and projects remain mere declarations. For instance, a proposal to constitute an e-health authority of India was mooted in June 2014. However, till August 2016 there is no sign of such an authority.

It is only now that the Union health ministry recently conducted a National Consultation on NeHA under the chairmanship of secretary, ministry of health, to give a final shape to the e-health authority. Obviously, it would take some more time, may be years, for the NeHA to be finally operational. Even then it is not clear whether the Indian Government would be able to provide a techno legal framework for NeHA with adequate procedural safeguards as till now that is missing from all its projects, including the Digital India. Perry4Law Organisation (P4LO) strongly recommends that such a techno legal framework must be formulated by Indian Government as soon as possible.

The Ministry of Health and Family Welfare has released a concept note discussing establishment of the National eHealth Authority (NeHA) for India in the past. According to the note, NeHA will be the nodal authority that will be responsible for development of an Integrated Health Information System (including Telemedicine and mHealth) in India, while collaborating with all the stakeholders, viz., healthcare providers, consumers, healthcare technology industries, and policymakers. It will also be responsible for enforcing the laws and regulations relating to the privacy and security of the patients health information and records.

Healthcare laws and regulatory compliances are long overdue in India. For instance, telemedicine and online pharmacies related regulatory issues are ignored by the e-health and m-healthy entrepreneurs in India. Websites selling medicines online are openly flouting the laws of India. Mobile application developers in India are also required to comply with privacy, data protection and cyber law requirements. These regulatory compliances are not adhered to by healthcare industry and entrepreneurs of India.

Similarly, healthcare cyber security issues in India are still not priority area for businesses and entrepreneurs. Healthcare industry is facing diverse range of cyber attacks these days. The prominent among them is ransomware that encrypts the sensitive healthcare information and decrypts the same only once the ransom is paid. So much is the nuisance these days that the National Institute of Standards and Technology (NIST) has released a guide for IT developers on integrating security measures into the development process, which could influence healthcare cyber security management.

Recently the cabinet approved the draft national IPR policy of India. This would facilitate intellectual property creation in favour of e-health and m-health entrepreneurs in India. This would also ensure that IPRs of others are not violated by the e-health and m-health entrepreneurs of India
Indian government has started ambitious initiatives like Digital India and Internet of Things (pdf) that intend to bridge the digital divide in India on the one hand and enabling e-delivery of services in India on the other. There are many segments of Digital India projects and e-health is one of them. E-health initiatives of India government aim at providing timely, effective and economical healthcare services to Indian population. E-health is particularly relevant for masses that have little access to healthcare services in India.

While the objectives of Digital India are laudable and deserve full support yet we at Perry4Law Organisation (P4LO) also believe that the shortcomings of Digital India project of India cannot be ignored or bypassed by Indian government. Similarly insisting upon Aadhaar number for healthcare services in India would be a terrible idea especially when Aadhaar is not mandatory for government services in India.

As per the concept note, NeHA would be responsible:

(a) To guide the adoption of e-Health solutions at various levels and areas in the country in a manner that meaningful aggregation of health and governance data and storage/exchange of electronic health records happens at various levels in a cost-effective manner,
(b) To facilitate integration of multiple health IT systems through health information exchanges,
(c) To oversee orderly evolution of state-wide and nationwide Electronic Health Record Store/Exchange System that ensures that security, confidentiality and privacy of patient data is maintained and continuity of care is ensured.

In the light of the above, NeHA has been envisaged to support:

(a) Formulation of policies, strategies and implementation plan blueprint (National eHealth Policy / Strategy) for coordinated eHealth adoption in the country by all players; regulation and accelerated adoption of e-health in the country by public and private care providers and other players in the ecosystem; to establish a network of different institutions to promote eHealth and Tele-medicine/remote healthcare/virtual healthcare and such other measures;
(b) Formulation and management of all health informatics standards for India; Laying down data management, privacy & security policies, standards and guidelines in accordance with statutory provisions; and
(c) To promote setting up of state health records repositories and health information exchanges (HIEs);
(d) To deal with privacy and confidentiality aspects of Electronic Health Records (EHR).

Functions of National eHealth Authority

(1) Core Functions

(a) Policy and Promotion

(i) Working out vision, strategy and adoption plans, with timeframes, priorities and road-map in respect of eHealth adoption by all stakeholders, both Public and Private providers, formulate policies for eHealth adoption that are best suited to Indian context and enable accelerated health outcomes in terms of access, affordability, quality and reduction in disease mortality & morbidity
(ii) To engage with stakeholders through various means so that eHealth plans are adopted and other policy, regulatory and legal provisions are implemented by both the public and private sector stakeholders.
(iii) It shall provide thought leadership, in the areas of eHealth and mHealth.

(b) Standards Development

(i) Government of India, MoHFW has published EMR/EHR standards for India in 2013. Similarly, MoHFW has become a member of IHTSDO with a view of widespread adoption of SNOMED-CT in India; MoHFW has also nominated C-DAC (Pune) as interim NRC (iNRC). As such, initial focus of NeHA would be on addressing implementation issues and promoting mechanisms in support of the same.
(ii) Concurrently, NeHA will be nurtured to undertake the role of a standards development, maintenance and support agency in the area of Health Informatics

(c) Legal Aspects including Regulation

(i) NeHA will be setup through an appropriate legislation (Act of Parliament). It is also proposed to address the issues relating to privacy and confidentiality of Patients’ EHR in the legislation. NeHA may act as an enforcement agency with suitable mandate and powers.
(ii) NeHA will be responsible for enforcement of standards and ensuring security, confidentiality and privacy of patient’s health information and records.

(d) Setting up and Maintaining Health Repositories, Electronic Health Exchanges and National Health Information Network

NeHA, while avoiding the implementation role by itself, will prepare documents relating to architecture, standards, policies and guidelines for e-Health stores, HIEs and NHIN; it may also initiate or encourage PoCs, in close consultation with government – centre and states, industry, implementers and users. Later, it would lay down operational guidelines and protocols, policies for sharing and exchange of data, audit guidelines and the like; these shall be guided by experience in operation and use of PoC, global best practices and consultations with stakeholders (MoHFW, State governments and other public and private providers, academia, R&D labs, and others).

(e) Capacity Building

Spreading awareness on Health Informatics / eHealth to healthcare delivery professionals through various educational initiatives and flexible courses according to the background of the learners will form a component of NeHA activities, as it is seen as critical to acceleration of adoption of eHealth.

(f) Other functions may be assigned to NeHA as the situation warrants.
Health being a state subject in India and much depends on the ability /regulatory framework enacted by the State governments, NeHA shall be created through legislation (Act of Parliament) that empowers it to take leadership and strategic role for setting directions for public and private eHealth initiatives, including electronic health records storage and health information exchange capabilities and other related health information technology efforts and regulation of the same.

NeHA shall ensure ongoing interagency cooperation – while engaging with various stakeholders through the Standing Consultative Committee and also through other means, in a structured, open and transparent manner to support successful evolution of national integrated health information system. We at Perry4Law Organisation (P4LO) welcome this initiative of Indian government and wish all the best to it in this regard.