Digital Information Security Health Care Act (DISHA) Compliance Assessment
DISHA (Digital Information Security in Healthcare Act) will enable the digital sharing of personal health records with hospitals and clinics, and between hospitals and clinics; it will be the basis for the creation of digital health records in India.
Sharing of health records
Health and clinical research
Undertake academic research
Digital Information Security Health Care Act (DISHA) Compliance Assessment

DISHA (Digital Information Security in Healthcare Act) will enable the digital sharing of personal health records with hospitals and clinics, and between hospitals and clinics; it will be the basis for the creation of digital health records in India. The National Health Policy has green-lit the creation of a National Health Information Network, for sharing of Aadhaar linked Electronic Health Records. DISHA appears to lay the groundwork for many health exchanges.
DISHA imposes significant restrictions on the use of health data and places an individual squarely in control of his data. DISHA clearly offers stronger protection to an individual vis-à-vis his data. In fact, DISHA clearly specifies the purposes and processing that health data can be put to, and disallows processing under any other grounds, including consent. If a purpose
Data governance under DISHA takes an entirely consent-based approach, giving the individual significant rights and putting him squarely as the owner of his data. Under DISHA, an individual has been given an actual say in what happens with his data.
Under DISHA, access to health data is restricted to permitting governmental departments to seek access from the National Electronic Health Authority established under the Act for the following purpose:
- For public health activities or to deal with public health threats
- To facilitate health and clinical research.
- To promote detection, prevention
and management of chronic diseases. - To carry out public health research and analysis, and
- To undertake academic research.
Apart from this, DISHA permits access for an investigation via a court order.
Firstly, he has been given explicit rights to give or refuse consent at every stage of processing- generation, collection, storage, transmission, access