DISHA Act Needs drastic modifications: Viren Shetty, Sr.VP- Strategy and Planning, NH Hospitals

We need technology companies to design better software, but they must be given the freedom to tinker and fail with health data

On March 21, Ministry of Health and Family Welfare published a draft of the Digital Security in Healthcare Act (DISHA) and invited comments from the public. They plan to create a national digital health authority as a statutory body to drive the adoption of digital health records as well as regulate the privacy and storage of this data. The healthcare and technology industry has been waiting on this act for a long time, but the draft has been quite disappointing. The act (available at https://www.nhp.gov.in/NHPfiles/R_4179_1521627488625_0.pdf) has 7 chapters, but only 1 chapter is dedicated to defining the roles and responsibilities of clinical establishments and the process for handling and transferring data. The rest of the act describes, in minute detail, the constitution of national and state health authorities, the powers of those regulatory committees and the penalties for any violations. In its current form, the DISHA Act will overlay a first world regulatory structure on top our third world infrastructure. Without drastic modifications, this act will completely dissuade any clinic, hospital or independent practitioner from ever adopting electronic health records.

The biggest omission of the draft act is any enabling regulation that could drive the growth of the digital health industry. In the US, the federal government offered $44,000 in cash incentives to doctors and clinics to drive the adoption of electronic health records. $20 billion later, the programme is widely acknowledged to be a failure and hasn’t led to universal EHR adoption. This is simply because their government never simplified the onerous regulations around healthcare data and privacy. The compliance costs of maintaining a digital health management software were so high that most doctors simply returned the cash incentive and went back to using paper. The DISHA act mustn’t repeat the mistakes of the west by burdening clinical establishments with compliance requirements so costly that doctors turn down free money.

The draft act details many regulations around patient privacy and the punishment for violating the same. This is unfortunate because it’s trying to address a problem that does not exist yet. It is easy to anonymise patient data but very difficult to implement a process that ensures data privacy. If patient data becomes more sacred than the patient’s life, that will stop all further development in the digital health space. No software developer will want to build software for doctors if there’s a chance he can get imprisoned when a file gets sent to the wrong person. The act must allow for experimentation and failure at this nascent stage, while pushing for standards that encourage a privacy-first approach.

Fortunately, or unfortunately, Indian healthcare record-keeping is non-existent, and we have the rare opportunity to build our digital health ecosystem from the ground up. Doctors will gladly adopt any technology that is affordable, responsive, and simplifies the clinical workflow. We know this because most doctors in India use Whatsapp as a tool for following up with patients, keeping track of their medications, and receiving laboratory and diagnostic reports. If this draft act became a law, any doctor using Whatsapp to communicate with his patients would risk going to prison.

India has a massive shortage of doctors, nurses and hospital beds. Digital health is the only way we can bridge the gap in providing healthcare to a billion Indians at an affordable price. We will need to develop smart AI that can diagnose symptoms, but those algorithms need to be fed with millions of patient records. To generate those records, we need to encourage our doctors towards electronic medical records. However, doctors won’t use electronic records if they are cumbersome or increase their workload. We need technology companies to design better software, but they must be given the freedom to tinker and fail with health data. India can leapfrog over technology shortcomings that plague healthcare in developed countries. We mustn’t miss this opportunity by strangling the sector in its infancy with excessive regulation.