No legal compliance activity in India involving electronic documents
can be complete without addressing the requirements of the Information
Technology Act 2000 as amended in 2008 (ITA 2008).
ITA 2000 which was
notified on 17th October 2000 and amended with effect from 27th October
2009 considers "Health Related Information" as "Sensitive Personal
Information" that requires to be secured under a "Reasonable Security
Reasonable Security Practice under ITA 2008 is such
security practice that provides adequate security against unauthorized
access, modification or denial of access to the information.
Additionally the Health Ministry has provided guidelines on EHR which
includes directions on Privacy and Security. Under these considerations,
many progressive companies consider that "HIPAA-HITECH Privacy and
Information Security Standards" are to be considered as a globally
recognized standard "Reasonable Security".
Hence many Indian Companies try to undertake a "HIPAA Audit" though
they are technically not bound by HIPAA as a legislation, as part of
their ITA 2008 compliance activity.
Naavi.org is already providing
information on ITA 2008 and this will continue to support the activities
of HIPAA For India.