HIPAA For India

Let's Make India a HIPAA Compliant Nation

Home About Us Activities Audits Training Self Regulation Information ITA 2000/8 Data Protection Law Privacy law in India Contact Forums






ITA 2008

No legal compliance activity in India involving electronic documents can be complete without addressing the requirements of the Information Technology Act 2000 as amended in 2008 (ITA 2008).

ITA 2000 which was notified on 17th October 2000 and amended with effect from 27th October 2009 considers "Health Related Information" as "Sensitive Personal Information" that requires to be secured under a "Reasonable Security Practice".

Reasonable Security Practice under ITA 2008 is such security practice that provides adequate security against unauthorized access, modification or denial of access to the information. Additionally the Health Ministry has provided guidelines on EHR which includes directions on Privacy and Security. Under these considerations, many progressive companies consider that "HIPAA-HITECH Privacy and Information Security Standards" are to be considered as  a globally recognized standard "Reasonable Security".

Hence many Indian Companies try to undertake a "HIPAA Audit" though they are technically not bound by HIPAA as a legislation, as part of their ITA 2008 compliance activity.

Naavi.org is already providing information on ITA 2008 and this will continue to support the activities of HIPAA For India.


The website is owned by Ujvala Consultants Pvt Ltd, promoted by  Naavi, a pioneer in many aspects of Cyber Law related developments in India.