Digital India Project Needs Urgent Regulatory Framework And Procedural Safeguards

Praveen-DalalMuch has been discussed about the Digital India project of Narendra Modi Government from time to time. Some have considered Digital India a landmark project while others have labeled it as mere gimmick. However, it is premature to predict the future and efficacy of Digital India project at this stage as like National E-Governance Plan (NeGP) of Congress Government, even Digital India project must be given at least 5 years to work.

Perry4Law Organisation (P4LO) has been providing its techno legal inputs, opinions and suggestions regarding Digital India project since the very inception. We support the Digital India project of Narendra Modi Government just like we supported the NeGP of Congress Government. However, we also have some apprehensions about Digital India just like its predecessor NeGP.

Surprisingly, both NeGP and Digital India are suffering from same shortcomings despite being launched by two different Governments separated by a gap of many years. The logical conclusion is that either the mentality and work style of both Congress and BJP Governments is same or NeGP has been renamed as Digital India with some active administrative push from the Prime Minister’s Office (PMO). However, if the shortcomings of Digital India are not removed urgently, it may have limited success just like its predecessor NeGP.

We would discuss these critical issues separately and in great detail in our individual articles. In this article we would discuss some of the apprehensions that we have raised from time to time since the launch of Digital India project. We request that the Narendra Modi Government to consider various suggestions given by Perry4Law Organisation (P4LO) from time to time.

To better coordinate the efforts of Perry4Law Organisation (P4LO) with Indian Government, we have launched the first ever Centre of Excellence for Digital India Laws and Regulations in India (CEDILRI). The CEDILRI would provide techno legal opinions and suggestions to various stakeholders associated with the Digital India project of Indian Government. Digital India stakeholders may also find our Digital India Laws Daily useful in this regard.

The first suggestion that P4LO and CEDILRI would provide to Indian Government is that the Digital India project needs an urgent regulatory framework and adequate procedural safeguards so that digital information and data are safe and secure. We do not have dedicated laws for Privacy and Data Protection (PDF) in India and Digital India may face troubles in future. Presently India is not in a position to ensure Civil Liberties Protection in Cyberspace for Indian masses. Narendra Modi Government’s push to club Digital India with Aadhaar has also given rise to complicated and Constitutional Censorship and Surveillance issues in India.

The second suggestion of P4LO and CEDILRI pertains to Cyber Security Infrastructure of India that needs urgent rejuvenation. Cyber Security in India is still evolving and this is a problematic issue. When Laws are always much behind the technology, absence of Cyber Security can be catastrophic. As on date the Digital Indian Cyber Security is not at all convincing. If we are plugging everything into a digital environment and are not focusing upon its Cyber Security, this is a bad Policy decision. Before launching projects we must ensure robust and resilient Cyber Security for them. We also need dedicated Cyber Security Laws in India for projects like Digital India and for protection of Indian Cyberspace.

The third suggestion of P4LO and CEDILRI pertains to formulation of Techno Legal Policies regarding Cyber Security and National Security. We have been stressing since 2008 that issues like Cyber Terrorism, National Security and Cyber Security must be taken seriously by Indian Government. We even made some representations to both Congress and BJP Governments in this regard from time to time. We have also suggested to Indian Government that Cyber Security must be part of National Security Policy of India. In short, the National Security Policy of India needs a techno legal boost while duly incorporating the Cyber Security related aspects.

The fourth suggestion of P4LO and CEDILRI pertains to formulation of National Cyber Security Policy of India 2016 by Narendra Modi Government. This is because the existing National Cyber Security Policy of India 2013 (NCSP 2013) is not only inadequate but is also suffering from many shortcomings.

Actual implementation of existing Policies and Laws is the biggest hurdle before the Indian Government. For instance, it is of no use to formulate even the best Laws and Policies if they are or cannot be implemented in a timely manner. Through this blog and other web resources of Perry4Law Organisation (P4LO) we would contribute our Techno Legal Expertise for formulation and implementation of Digital India Laws and Regulations in India. We hope national and international stakeholders would find our initiatives useful.

Advertisements
Posted in Uncategorized | Tagged , , , , , , , ,

Digital Payments And Cashless Economy Trends In India 2017

Digital Payments And Cashless Economy Trends In India 2017

Indian Government is presently engaged in making Digital India a success. Many good initiatives have already been taken under Digital India and its predecessor National E-Governance Plan (NeGP). After the Demonetisation process, Indian Government is also stressing upon grand usage of digital payments in India.

Perry4Law Organisation (P4LO) has published the Digital Payments and Cashless Economy Trends of India 2017 that has covered many crucial issues regarding use, adoption and safeguards for using digital payments in India. The year 2017 may see some significant steps in the direction of encouraging more and more use of digital payments. However, there would be many techno legal challenges that have to be tackled by Indian Government before this goal is achieved.

For instance, cyber security, data security, data protection, privacy safeguards, etc are some of the issues that are still vexing Indian Government. Digital payments that are insecure would be more trouble than relief. It would only increase cyber crimes and customers’ disputes in the long run.

As on date, the mobile cyber security is a big challenge for Indian Government and various stakeholders. If mobile security is missing, there is little hope for secure mobile banking as well. Similarly, cyber security of banks in India is also not in a good shape. This is so even when the Reserve Bank of India (RBI) has prescribed a cyber security framework for banks of India.

Digital payments in these circumstances would be really challenging for the Indian Government. The most troublematic part would be use of Aadhaar Enabled Payment System (AEPS) that is not only highly insecure but would also amount to use of an “Unconstitutional Technology”. Cyber security, data security and privacy aspects of Aadhaar have not yet been resolved. It is not a good idea to use AEPS for any purpose, including digital payments purposes.

As we move towards a digital economy, we would face sophisticated and global cyber attacks and cyber crimes. Whether we like it or not, we are not prepared to deal with cyber attacks and cyber crimes. Cyber crimes investigation capabilities of Indian law enforcement agencies must be enhanced through techno legal trainings and skills development. As cyber attacks and cyber crimes are international in nature. It requires good techno legal training to trace, investigate and punish the cyber criminal.

Digital payments infrastructure of India needs to be robust and resilient from cyber security and cyber crimes perspective. Similarly, liability of banks and customers for cyber frauds and cyber thefts must be clearly specified by Indian Government. An effective dispute resolution procedure must also be established by Indian Government to resolve disputes arising out of digital payments.

A test platform named Online Dispute Resolution and Cyber Arbitration has been launched by Techno Legal Centre of Excellence for Online Dispute Resolution (ODR) in India (TLCEODRI) of Perry4Law Organisation (P4LO). The platform is resolving disputes pertaining to digital payments, cyber frauds, ATM frauds, credit card frauds, debit card frauds, online banking frauds, mobile banking frauds, etc. The entire process of dispute resolution is using ODR mechanism and parties can resolve their disputes without even leaving their homes.

Perry4Law Organisation (P4LO) hopes that digital payments would be safe, secure and civil liberties compliant in the year 2017. However, Indian Government must take pro active steps in this regard if it wishes digital payments to be successful in India.

Source: PTLB Blog.

Posted in Uncategorized

National E-Health Authority (NeHA) Of India May Be Constituted In Future

National E-Health Authority (NeHA) Of India May Be Constituted In FutureHealthcare can be significantly improved with the use of information and communication technology (ICT). Examples of combination of healthcare with ICT are e-health, m-health, telemedicine, online pharmacies, etc. However, with the use of ICT there are certain techno legal issues that have to be managed by various stakeholders especially the Indian Government.

As a matter of fact it is absolutely essential to formulate e-health laws in general and Digital India Laws in particular. Similarly, actual implementation of proposed or declared projects and policies is more important as otherwise polices and projects remain mere declarations. For instance, a proposal to constitute an e-health authority of India was mooted in June 2014. However, till August 2016 there is no sign of such an authority.

It is only now that the Union health ministry recently conducted a National Consultation on NeHA under the chairmanship of secretary, ministry of health, to give a final shape to the e-health authority. Obviously, it would take some more time, may be years, for the NeHA to be finally operational. Even then it is not clear whether the Indian Government would be able to provide a techno legal framework for NeHA with adequate procedural safeguards as till now that is missing from all its projects, including the Digital India. Perry4Law Organisation (P4LO) strongly recommends that such a techno legal framework must be formulated by Indian Government as soon as possible.

The Ministry of Health and Family Welfare has released a concept note discussing establishment of the National eHealth Authority (NeHA) for India in the past. According to the note, NeHA will be the nodal authority that will be responsible for development of an Integrated Health Information System (including Telemedicine and mHealth) in India, while collaborating with all the stakeholders, viz., healthcare providers, consumers, healthcare technology industries, and policymakers. It will also be responsible for enforcing the laws and regulations relating to the privacy and security of the patients health information and records.

Healthcare laws and regulatory compliances are long overdue in India. For instance, telemedicine and online pharmacies related regulatory issues are ignored by the e-health and m-healthy entrepreneurs in India. Websites selling medicines online are openly flouting the laws of India. Mobile application developers in India are also required to comply with privacy, data protection and cyber law requirements. These regulatory compliances are not adhered to by healthcare industry and entrepreneurs of India.

Similarly, healthcare cyber security issues in India are still not priority area for businesses and entrepreneurs. Healthcare industry is facing diverse range of cyber attacks these days. The prominent among them is ransomware that encrypts the sensitive healthcare information and decrypts the same only once the ransom is paid. So much is the nuisance these days that the National Institute of Standards and Technology (NIST) has released a guide for IT developers on integrating security measures into the development process, which could influence healthcare cyber security management.

Recently the cabinet approved the draft national IPR policy of India. This would facilitate intellectual property creation in favour of e-health and m-health entrepreneurs in India. This would also ensure that IPRs of others are not violated by the e-health and m-health entrepreneurs of India

Indian government has started ambitious initiatives like Digital India and Internet of Things (pdf) that intend to bridge the digital divide in India on the one hand and enabling e-delivery of services in India on the other. There are many segments of Digital India projects and e-health is one of them. E-health initiatives of India government aim at providing timely, effective and economical healthcare services to Indian population. E-health is particularly relevant for masses that have little access to healthcare services in India.

While the objectives of Digital India are laudable and deserve full support yet we at Perry4Law Organisation (P4LO) also believe that the shortcomings of Digital India project of India cannot be ignored or bypassed by Indian government. Similarly insisting upon Aadhaar number for healthcare services in India would be a terrible idea especially when Aadhaar is not mandatory for government services in India.

As per the concept note, NeHA would be responsible:

(a) To guide the adoption of e-Health solutions at various levels and areas in the country in a manner that meaningful aggregation of health and governance data and storage/exchange of electronic health records happens at various levels in a cost-effective manner,

(b) To facilitate integration of multiple health IT systems through health information exchanges,

(c) To oversee orderly evolution of state-wide and nationwide Electronic Health Record Store/Exchange System that ensures that security, confidentiality and privacy of patient data is maintained and continuity of care is ensured.

In the light of the above, NeHA has been envisaged to support:

(a) Formulation of policies, strategies and implementation plan blueprint (National eHealth Policy / Strategy) for coordinated eHealth adoption in the country by all players; regulation and accelerated adoption of e-health in the country by public and private care providers and other players in the ecosystem; to establish a network of different institutions to promote eHealth and Tele-medicine/remote healthcare/virtual healthcare and such other measures;

(b) Formulation and management of all health informatics standards for India; Laying down data management, privacy & security policies, standards and guidelines in accordance with statutory provisions; and

(c) To promote setting up of state health records repositories and health information exchanges (HIEs);

(d) To deal with privacy and confidentiality aspects of Electronic Health Records (EHR).

Functions of National eHealth Authority

(1) Core Functions

(a) Policy and Promotion

(i) Working out vision, strategy and adoption plans, with timeframes, priorities and road-map in respect of eHealth adoption by all stakeholders, both Public and Private providers, formulate policies for eHealth adoption that are best suited to Indian context and enable accelerated health outcomes in terms of access, affordability, quality and reduction in disease mortality & morbidity

(ii) To engage with stakeholders through various means so that eHealth plans are adopted and other policy, regulatory and legal provisions are implemented by both the public and private sector stakeholders.

(iii) It shall provide thought leadership, in the areas of eHealth and mHealth.

(b) Standards Development

(i) Government of India, MoHFW has published EMR/EHR standards for India in 2013. Similarly, MoHFW has become a member of IHTSDO with a view of widespread adoption of SNOMED-CT in India; MoHFW has also nominated C-DAC (Pune) as interim NRC (iNRC). As such, initial focus of NeHA would be on addressing implementation issues and promoting mechanisms in support of the same.

(ii) Concurrently, NeHA will be nurtured to undertake the role of a standards development, maintenance and support agency in the area of Health Informatics

(c) Legal Aspects including Regulation

(i) NeHA will be setup through an appropriate legislation (Act of Parliament). It is also proposed to address the issues relating to privacy and confidentiality of Patients’ EHR in the legislation. NeHA may act as an enforcement agency with suitable mandate and powers.

(ii) NeHA will be responsible for enforcement of standards and ensuring security, confidentiality and privacy of patient’s health information and records.

(d) Setting up and Maintaining Health Repositories, Electronic Health Exchanges and National Health Information Network

NeHA, while avoiding the implementation role by itself, will prepare documents relating to architecture, standards, policies and guidelines for e-Health stores, HIEs and NHIN; it may also initiate or encourage PoCs, in close consultation with government – centre and states, industry, implementers and users. Later, it would lay down operational guidelines and protocols, policies for sharing and exchange of data, audit guidelines and the like; these shall be guided by experience in operation and use of PoC, global best practices and consultations with stakeholders (MoHFW, State governments and other public and private providers, academia, R&D labs, and others).

(e) Capacity Building

Spreading awareness on Health Informatics / eHealth to healthcare delivery professionals through various educational initiatives and flexible courses according to the background of the learners will form a component of NeHA activities, as it is seen as critical to acceleration of adoption of eHealth.

(f) Other functions may be assigned to NeHA as the situation warrants.

Health being a state subject in India and much depends on the ability /regulatory framework enacted by the State governments, NeHA shall be created through legislation (Act of Parliament) that empowers it to take leadership and strategic role for setting directions for public and private eHealth initiatives, including electronic health records storage and health information exchange capabilities and other related health information technology efforts and regulation of the same.

NeHA shall ensure ongoing interagency cooperation – while engaging with various stakeholders through the Standing Consultative Committee and also through other means, in a structured, open and transparent manner to support successful evolution of national integrated health information system. We at Perry4Law Organisation (P4LO) welcome this initiative of Indian government and wish all the best to it in this regard.

Posted in Uncategorized

E-Health Laws And Regulations In India Are Must For Successful Digital India Implementation

E-Health Laws And Regulations In India Are Must For Successful Digital India ImplementationHealthcare is a priority aspect for governments across the world. However, despite the urgency for an effective healthcare system, timely and cost effective healthcare services are not readily available. This is more so in developing nations where healthcare services are very poor and are available to selective few only.

There are many facets of technology driven healthcare industry in India. These include online pharmacies, telemedicine, e-health, m-health, etc. India is yet to start working on these aspects on the fronts of technology and legal frameworks. We have no dedicated online pharmacy, telemedicine, e-health, m-health, data protection (pdf), privacy and other related techno legal framework in India as on date.

However, some positive steps have been taken by successive governments in India. For instance, the Electronic Health Record (EHR) Standards of India have been prescribed and establishment of a National E-Health Authority (NeHA) of India has also been proposed. Further, if we remove the shortcomings of Digital India project then the same can be used for e-health purposes as well. Digital India is presently suffering from lack of cyber security and absence of civil liberties protection in India. Another limitation of Digital India that it inherited from its predecessor National e-Governance Plan (NeGP) is absence of mandatory e-delivery of services in India. As on date there is no mandatory obligation to provide e-delivery of services in India and this is sufficient to avoid the same.

It has been reported that the health ministry of India has worked out a detailed e-health project under digital India initiative of the government. The project would include hospital information system, electronic health record facilitated with health information exchange, online delivery of services, citizen portal, online monitoring systems for services and others. The health ministry is also developing a digital platform – Integrated Health Information Platform (IHIP) – to enable creation of inter-operable health record which can be made available and accessible nationwide.

Perry4Law Organisation (P4LO) welcomes this initiative of health ministry. However, we also strongly recommend that a techno legal regulatory framework must be urgently formulated by Indian government to manage the complicated issues of Indian cyberspace and Digital India. We also recommend that telemedicine and online pharmacy laws must be complied with by the businesses and entrepreneurs of India that are ignored presently. Similarly, legal issues of cloud computing in India must also be kept in mind by e-health service providers of India. We hope these issues would be considered by Indian government while formulating an e-health related law in India.

Source: Techno Legal Centre of Excellence For Healthcare In India (TLCEHI).

Posted in Uncategorized | 1 Comment