Sunday, February 21, 2016

The Indian National EHR Standards and some interpretations in the context of an 'anonymized online case-records system'

The National EHR Standards have already addressed the issues of privacy, ownership, secrecy, anonymisation and de-identification here: since Nov 2013.

At that time we took a look at the document and made some interpretations in the context of an 'anonymized online case-records system' (non-standardized but thriving on open-online-low-resources environment to serve the purpose of shared decision making, an alternative to replacing all humans). 

Below are some of the thoughts shared as soon as the National EHR Standards were released at that time (Nov 2013).


The Ethical, Legal, Social Issues (ELSI) guidelines for Electronic Medical Record (EMR) are
recommended as follows.

For the purposes of these recommendations, the term “privacy” shall mean that only those person or person(s) including organisations duly authorized by the patient may view the recorded data or part thereof. 

Privacy would refer to authorization by the owner of the data (the patient)

Page 39
For data ownership,a distinction is to be made between
a.The physical or electronic records, which are owned by the healthcare provider.These are held in trust on behalf of the patient, and
b.The contained data which are the sensitive personal data of the patient is owned by the patient itself.

Interpretation in context of  the anonymized online case-records system: We are not touching/recording the "sensitive personal data of the patient" right at the stage of 'data capture' by the patient/caregiver-social worker/health professional. However we do have some of the patient/relative emails at the moment and these will have to be protected as per: “security” defined in Page 38 to mean that all recorded personally identifiable data will at all times be protected from any unauthorized access.

Page 41:

Disclosures can be performed without individual authorization in the following
With Identifiers, on production of court order
However, as far as possible, and where appropriate, the data so provided should
be anonymised to remove information that will allow identification of the
patient. (Removing identifiers as indicated in Table 1 below)

Interpretation in context of an 'anonymized online case-records system:' This means we can by no means release without authorization by our individual patient user 'authorization.'

Can these digital signature guidelines improve an 
'anonymized online case-records system' workflow?

Digital signatures are to be used to prevent non-repudiation (establishing authenticity of author of the
document) and trust by the recipient.

Follow e-Pramaan National e-Authentication service offered by DeitY, Govt. Of India
Reference Framework for e-authentication–ePramaan

Reference Guidelines for Digital Signatures, available at

(Page 48) informed-consent-form/authorization form:

: Any document designating any permission. Authorization or waiver of authorization for the 
use or disclosure of identifiable health information for research (among other activities) is 
required. The authorization must indicate ifthe health information used or disclosed is existing 
information and/or new information that will be created.

The authorization form may be combined with the informed consent form, so that a patient 
need sign only one form.
An authorization must include the following specific elements:
1) a description of what information will be used and disclosed and for what purposes; a 
description of any information that will not be disclosed,

2)if applicable; a list of who will disclose the information and to whom it will be disclosed; an expiration date for the disclosure; a statement that the authorization can be revoked; a statement that disclosed information may be re-disclosed and no longerprotected; a statement that if the individual does not provide an authorization, she/he may not be able to receive the intended treatment; the subject’s signature and date.

Of some relevance to anonymized online case-records systems:

Alternate UHID 

As per institution/ vendor's specifications/Mandatory if no other concomitant ID is used in the 
system, else optional
Wherever Adhaar Number is unavailable and the healthcare provider wishes to use their own 
ID system, this field should be used; this ID may be used in addition to the UHID above

Sensitive Data: (Page 39)

Interpretation in context of 
anonymized online case-records system: below 
information means that Medical Case History is also a sensitive information): So in 
effect while requesting 'authorization' from the patient (this fact needs to be added in 
the consent form) to allow the anonymized-online-records manager to share PART 
(marked in bold see below number iii and v) of their 'sensitive information' which is As 
per the Information Technology Act 2000, Data Privacy Rules, refer to ‘sensitive personal data or information’ (Sensitive Data) as the subject of protection, but also refer, with respect to certain obligations, to ‘personal information’. Sensitive Data is defined as a subset of ‘personal information’. Sensitive Data is 
defined as personal information that relates to:
ii.Financial information such as bank account or credit card or
debit card or other payment instrument details;
iii.Physical, psychological and mental health condition;
iv.Sexual orientation;
v.Medical records and history;
vi.Biometric information;
vii.Any detail relating to (1)–(6) above received by the body
corporate for provision of services; or
viii.Any information relating to (1)–(7) that is received, stored or
processed by the body corporate under a lawful contract

No comments: