New Data Protection Law Proposed in India! Flavors of GDPR by TMT Practice Team at Nishith Desai Associates




NEW DATA PROTECTION LAW PROPOSED IN INDIA! FLAVORS OF GDPR 
The much-awaited Personal Data Protection Bill, 2018 (“Draft Bill”) was released by the Committee of Experts entrusted with creating a Data Protection Framework for India (“Committee”) on Friday evening.

The Committee, chaired by retired Supreme Court judge, Justice Srikrishna, was constituted in August 2017 by the Ministry of Electronics & Information Technology, Government of India (“MeitY”) to come up with a draft of a data protection law. After over a year of deliberations and a series of a public consultations followed by release of a white paper with preliminary views, the Committee has released a Draft Bill. The Draft Bill is accompanied by its report titled “A Free and Fair Digital Economy Protecting Privacy, Empowering Indians” (“Report”) which provides context to the deliberations of the Committee.

MeitY as the nodal ministry may accept, reject or alter such Draft Bill. Thereafter, the Draft Bill would need to be approved by the Union Cabinet before it is introduced in the Parliament for deliberations.

Some of the key highlights of the Draft Bill are:


  • Extra-territorial application i.e. the Draft Bill is to apply to foreign data processors in so far as they have a business connection to India or carry on activities involving profiling of individuals in India.
  • Differential obligations imposed based on criticality of data, i.e. differing obligations for Personal Data and Sensitive Personal Data;
  • Obligations of the Data Processor : Notice (that is clear, concise and comprehensible), Purpose Limitation and Collection Limitation, maintaining data quality, storage limitation;
  • Grounds for processing in addition to consent include use for employment purposes as well as emergencies.
  • Intended to be made applicable to the State as well as private parties.
  • Child Rights: Child is defined as someone who is less than 18 years of age. Profiling, tracking or behavioral monitoring of or targeted advertising towards children is not permitted.
  • Rights of the Data Subject: Include Data Portability, Right to be forgotten as well as the right to correction of the data etc.
  • Concept of Privacy by design and a data breach notification have also been introduced;
  • High Risk Data Processors – A mandatory registration requirement has been imposed on data processors who conduct high risk processing. Such processors are required to implement: Trust Scores, Data Audits as well as a Data Protection Impact Assessment
  • Data Localisation: A copy of all Personal Data must be stored in India; additionally the Government may notify certain types of personal data that should be mandatorily be processed only in India. The Government has retained with itself the power to exempt storage of copies of Sensitive Personal Data, in some cases.
  • Cross Border Data Flows: In addition to consent cross border transfers would also require the use of (a) model clauses; and (b) possible adequacy requirements, i.e. transfer to jurisdictions approved by the Government;
  • The Data Protection Authority of India (“Authority”) appointed under the Act will provide or endorse Codes of Practices.
  • GDPR Style Penalties: Upto 4% of global turnover in some cases;
  • Criminal penalties also introduced for limited cases;
  • Phased manner of implementation once the law is implemented.

To summarize, whilst we believe that the Draft Bill does have its share of positives, in several places the Draft Bill is either ambiguous / not clear or imposes excessive obligations on Data Fiduciaries and prescribes disproportionate punishments. Several factors are left to be determined through Codes of Practices or to be determined by the Government at a later stage. Therefore, at this stage the full impact of the proposed law cannot be comprehended in entirety.

In several respects, we note the Draft Bill appears to have borrowed heavily from the recently notified E.U. General Data Protection Regulation (“GDPR”). Given the infancy at which the GDPR is at this stage, it would be imperative that law makers provide for enough flexibility for the law to be altered on the basis of global experiences. Further, we find that even the current basic law under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“2011 Rules”) has yet not been implemented fully even after 7 years. Therefore, implementation will be key to this fairly detailed and somewhat cumbersome law.

We hope that the law is made more balanced by diluting some of the draconian provisions as well as by issuing clarifications on the points that are not clear, after public consultation. Therefore, ideally, once the MeitY finalizes the draft, it should place such law in the public domain and provide stakeholders an opportunity to provide further inputs, before the law is placed before parliament.

We have set out in our detailed analysis below the possible implications that it may have on businesses, including offshore companies doing business in India. As we continue to read, debate and delve deeper into the wording of the law, our views on several of these issues may evolve.

To summarize, while the Draft Bill does have its share of positives, in several places the Draft Bill is either ambiguous / not clear or imposes excessive obligations on Data Fiduciaries and prescribes disproportionate punishments. It also seems to have certain unintended consequences for start ups/non digital businesses in terms of imposing exposing them to excessive compliances. 

Our detailed analysis of the Draft Bill is available here.

Please do join us this Tuesday (31Jul 2018) and / or Wednesday (01 Aug 2018) at our Webinar where we discuss the impact that the Draft Bill may have. The registration link for the same is available here.

Email the Technology & Privacy Law Team and You can direct your queries or comments to the authors

The article was first published here,  its been republished on the HCITExperts Blog with the authors permission. 

Additional Reading:
1. Regulatory Essentials for eHealth in India by Dr. Milind Antani, Nishith Desai Associates: 
https://blog.hcitexpert.com/2018/03/regulatory-essentials-for-e-health-in-india-Dr-milind-antani.html
Author
TMT Practice Team at Nishith Desai Associates
Nishith Desai Associates is a research-based Indian law firm with offices in Mumbai, Silicon Valley, Bangalore, Singapore, Mumbai BKC, Delhi, Munich and New York that aims at providing strategic, legal and tax services across various sectors; some of which are IP, pharma and life-sciences, corporate, technology and media
Read more »

#Blockchain for HealthCare Equity by Arnab Paul, @iArnabPaul

In a digital Age when cars drive themselves and CEOs hold meetings across continents in virtual reality conference rooms, engagement of the disenfranchised is a less attractive endeavor than the sleek apps, making it an outlier in the realm of tech solutions.

In our endeavour to promote digital india it should be our collective effort to bring healthcare to the disenfranchised and to the people who slip out of the cracks.

Most of us just don't bother to take care of the elephant in the room, its time all the stakeholders joined hands and come up with a solution. For me personally Equity is of paramount importance in healthcare.The lack of focus on vulnerable populations in patient safety discounts the significance of the many lives lost, all precious to those who love them. we have yet to place strategic emphasis on the need to protect all. A man’s life lost to medical error then disguised as a heart attack, either intentionally or because of unconscious prejudice about the depth of his pocket, is more than a patient safety event. 
For the millions of people who have been exposed to discrimination based on their spending capacity and limited access to resources and denial of equality in humanity, such an event adds insult to tragic injury.We must connect in ridding our health system of all forms of inequality and ensuring that all people are protected from harm equally.
As hospitals and care systems work to improve quality of care and prepare for coming changes in the health care field, the ability to fully understand their patient populations and communities is critical. Collecting and using ethnicity, language, spending capacity data will help hospitals and care systems understand their patient populations and address health care disparities. While many hospitals are successfully collecting REAL data, fewer are effectively stratifying the data to shed light on health care disparities,
We need to systematically collect REAL preference data on all patients. We need to use REAL data to look for variations in clinical outcomes, resource utilization, length of stay and frequency of readmissions within our hospital. We need to compare patient satisfaction ratings among diverse groups and act on the information. Above all we need to actively use REAL data for strategic and outreach planning for the underprivileged.
Patient satisfaction is not a clearly defined concept, although it is identified as an important quality outcome indicator to measure success of the services delivery system
There is no clear consensus between the literatures on how to define the concept of patient satisfaction in healthcare.
In Donabedian's quality measurement model
patient satisfaction is defined as patient-reported outcome measure while the structures and processes of care can be measured by patient-reported experiences
For everything in life we need some kind of metrics, some tools to measure the clinical outcome and the patient satisfaction. So to make up for it may I suggest we incorporate Tech enabled, Blockchain optimized patient feedback mechanism.
So what is the solution, how do we propose to go about it, well unlike Press Ganey & HCAHPS (the Hospital Consumer Assessment of Healthcare Providers and Systems), Press Ganey has stated that a minimum of 30 survey responses is necessary to draw meaningful conclusions from the data it receives and that it will not stand behind statistical analysis when less than 30 responses are received. 
If we all incorporate a blockchain Ecosystem & go truly real time in the patient feedback mechanism it would greatly enhance the whole patient experience and maybe help to manage solve some of the issues in real time. Wouldn’t it be just great if we incorporate Blockchain in the patient feedback loop, we wouldn’t have to wait for 30 odd surveys to be analyzed we could just go ahead and fix the situation right away if it warrants an action.
Another major issue is NO show and Missed Appointments
One study estimates, in US alone missed appointments cost US healthcare providers up to $150 billion a year.There have been instances that a Clinic loses money because of No Showand missed appointments.Patients not showing up can be costly to the health-care system. Offices lose out on revenue, and delaying care can lead to more expensive treatments later on.
"We very much believe it's going to take a collaborative effort, and we think that this kind of technology integration is going to be a critical path for being successful in terms of breaking down those barriers for access to transportation for the patient community."  David Baga, CBO, Lyft
Allscripts, Lyft and few other companies have joined hands to address this problem. The companies said they hope working together will reduce the number of people who miss medical appointments because of transportation issues.
But interesting it was found in another study giving poor people free use of ridesharing services like Uber and Lyft for doctor appointments doesn’t make them any less likely to become no-shows than patients who have to find their own way there, a U.S. study suggests.
So what are we missing here, I believe incentivising ( tokens ) is the key and Blockchain could play a major role. Blockchain in itself is not a panacea for all things healthcare but it certainly holds the key to transform the current healthcare service delivery mechanism and make it more transparent and efficient.
Ehealth or no ehealth, if its not able to solve the issues of equity & empathy than its no value prop only noise, maybe it would help become a excellent facilitator in healthcare delivery but it sadly would not be able to solve the core issue of equity and empathy.
The concluding part follows:
How Blockchain could be a gamechanger for healthcare

Author

[tab]
[content title="About Arnab Paul"]
Arnab Paul, CEO, Patient Planet
Globally-minded systems thinker, action-oriented and inspired toward optimizing health outcomes through innovation, creativity, cooperation. Passionate about facilitating the alignment among technology, people and processes to ultimately improve patient experience and the functioning of healthcare.
[/content]
[content title="Latest Articles"]
[/content] [/tab]

Read more »

Zen Clinicals: An Activity & Workflow based solution (2 of 4)



Part 2 of 4

Now that we have defined the various actors and the activities that they could be performing. It becomes to important to define the guidance as to how these activities will be delivered to their respective audiences. 

In the Zen Clinical System 











Read more »

Zen Clinicals: An Activity & Workflow based solution (3 of 4)



Part 3 of 4

Sharing some of the UI screens that I had envisaged for the Zen Clinicals system. The core premise of the system is to be data driven and workflow driven and NOT BE a transactional system wherein a sequential set of activities or tasks are carried out.

Zen Clinicals ensures there are actionable insights that are presented to the right care providers at the right time. 

Welcome you to review the first two parts of this blog: 

Part 1: https://blog.hcitexpert.com/2015/12/zen-clinicals-1of3.html

Part 2: https://blog.hcitexpert.com/2018/07/zen-clinicals-patient-care-pathways-by-manish-sharma.html

Read more »

Zen Clinicals: A Patient Care Pathways Solution (4 of 4)


A Clinical Care Pathways Workflow & Activity Orchestration

Overview

Clinical pathways are structured multidisciplinary care plans which address specific clinical scenarios and help to standardize and coordination of care.
Read more »

Artificial Intelligence #AI can help address current healthcare challenges in India, Dr Sandeep Reddy @docsunny50

Earlier this year, while making a keynote speech at an Artificial Intelligence (AI) in Health conference in Dubai, I mentioned that AI techniques can be used to address some of the intractable health issues in developing countries. 


Read more »

The Integrated Disease Surveillance Program (IDSP ) of India story by Dr. Pramod Jacob

Considering the Nipah virus containment story recently, I thought it would be appropriate to write about the IDSP program in India, as it had a major role in this containment.

The Integrated Disease Surveillance Project (IDSP) was launched in November 2004 with the assistance of the World Bank, to identify and respond to disease outbreaks and epidemics at an early stage, preferably before an event becomes an epidemic. 

Read more »

4 hints to get started with #AI in your company by Devesh Rajadhyax @deveshrajadhyax

Most companies are working on Digital Transformation today, and Artificial Intelligence is a critical part of that transformation.

Two questions immediately present themselves-
1.    What is Digital Transformation and how it is different from the IT/ICT transformation that is happening since for than four decades?
2.    Why is AI a critical part of this transformation?

Read more »

Why should standalone Hospitals in India focus on IT enabled productivity by Tirupathi Karthik, @TirupathiKarthi CEO at @NapierHealthit



Fresh out of HIMSS India’s inaugural Digital Healthcare Summit, (2015) in Gurgaon, I lamented over the state of healthcare IT in the country. At the time, we were showcasing our hospital information system and launching our telehealth and patient referral management solutions. I should have been proud to be a part of the innovation on display at the event, and understandably so. But what struck me harder than pride at the event and left me with a lingering sense of disappointment was something else. And that was just how far some parts of India lagged behind the rest of the developed world in terms of healthcare delivery and quality.

Read more »



POPULAR POSTS

Popular Posts