[Reader-list] India: Privacy fears before telemedicine debut

[Harsh Kapoor]

The Telegraph [India]
September 10, 2003

Privacy fears before telemedicine debut

M. RAJENDRAN

New Delhi, Sept. 9: India took an ambitious step towards the practice 
of telemedicine amid fears that the data collected from citizens 
could be misused in the absence of a law to protect it.

The information and technology ministry, which is working on a 
telemedicine project in collaboration with the Calcutta-based School 
of Tropical Medicine, today submitted a draft to the communications 
and information technology ministry.

It will be discussed with the health ministry and state governments 
before implementation of the telemedicine project.

"We have set up a project in association with the School of Tropical 
Medicine in Calcutta. This hospital is connected with three health 
centres at Cooch Behar and Howrah through a high-speed network. 
Patients can be checked by doctors from the school and get 
prescriptions at a normal fee to be charged by the service provider," 
said B.S. Bedi, senior director in the department of information and 
technology, ministry of communications and information technology.

A special project for the Northeast in association with the Naga 
Hospital at Kohima has been proposed.

Among the suggestions is a network with a data speed of 384 kilobytes 
per second for telemedicine. At this speed, doctors at a specialised 
hospital anywhere in the country can examine patients even in 
far-flung areas of the Northeast or Jammu and Kashmir and prescribe 
medicines within a short span.

Another recommendation for "minimum data sets" - health records that 
an individual may not like to be made public for fear of commercial 
or security risk, but is absolutely essential for the practice of 
telemedicine - could stir a hornet's nest.

Sources in the IT ministry committee that submitted the draft said: 
"We had problems in finalising the details of minimum data sets. It 
is a controversial issue, as has been witnessed in the US and other 
European countries where telemedicine and health record keeping are 
at an advanced stage."

The key problem in India is the lack of a data protection law. "In 
India, we do not have any data protection law. There is need for such 
a law as the data would be of immense commercial value to companies 
and the government. It is a sad situation where the Information 
Technology Act, 2000, defines the word 'data', but is silent on data 
protection," said Pavan Duggal, advocate and an expert on cyber law.

A minimum data set is a widely accepted set of terms and definitions 
making up the core of data acquired for medical records. The panel 
has suggested that they should be based on two formats - one, common 
for all diseases and another, specific to some diseases.

In the first format, the data collected is standard across all 
diseases and conditions such as referrals and demographics.

Referral information includes details such as source of referral, 
referrer's code, while demographic information will contain one's 
family name, surname, permanent address, literary status, annual 
income and so on.

In the second, the data collected would be for specific diseases and 
conditions such as disease assessment, disease stage, risk factors, 
complications, treatment and outcomes.

Personal data is a very delicate issue and can be misused by anybody, 
like narrow religious outfits or by fly-by-night operators. Sensitive 
data can be classified as identification of racial and ethnic origin 
of an individual, political opinions, religious beliefs, membership 
of a trade union, physical or mental health conditions, sex life, 
criminal offences, criminal proceedings and convictions.

Communications and information technology minister Arun Shourie 
recently said: "We have formulated a draft on data protection and it 
would be circulated to the ministries concerned. We do not wish to 
hurry up as this is being examined by many countries in Europe."

In the US, the Enactment of Data Protection Act, 1978, and the Health 
Insurance Portability And Accountability Act, 1996, not only 
stipulate the way for standardisation of format to maintain health 
records, but also lay down penalties for those misusing the data.