access to phi & emr: indian healthcare-it ecosystem

1

Demonstration of Health - IT Benefits: Access to PHI in India 

Presented by

Mr. Amitava ChakrabortyIPR, Space Law & Health-IT Consultant (India,

US, EU)amitava268111@gmail.com, +1-408-663-7962

& Advocate Bagmisikha Puhan

IPR Consultant, India

2

When a patient gives personal health information to a healthcare provider, that becomes Protected Health Information (PHI)

PHI Includes:• Verbal information • Information on paper• Recorded information • Electronic information (faxes,

e-mails)PHI can be used or disclosed for

• Treatment, payment, and healthcare operations

• With authorization/agreement from patient

• For disclosure to patient PHI can be used/disclosed without authorization for the following reasons:

• To inform appropriate agencies• Public health activities related to disease

prevention/control , • To report victims of abuse, neglect or domestic

violence • To funeral homes, tissue/organ banks• To avert a serious threat to health/safety

3

1

Diagnosed with Depression

2

3

Received free samples of anti-depressant medications via e-mail

Breach of Confidentiality and Patient Privacy

4

Intended Purpose

• PHI is sensitive personal information, the flow of which is to be made for an intended purpose, only after valid consent of the individual.

• The purpose and the usage of the PHI must be clear to the understanding of the individual, and the consent must then be obtained.

• The covered entities must ensure that the individual is aware of the intended recipients of the PHI.

The above are the most the basic security and privacy rules of adherence.

5

Security and Privacy Standards

• Privacy refers to the authorization of the patient for obtaining, retaining, managing, and transmitting of the data.

• Security refers to the encryption of the data, while retaining, managing, and transmitting of the same to the intended recipients.

• The minimum standards of confidentiality requires that the PHI is reduced to de-identified data. – the identity of the owner of the data should not be tied

to the information which flows from one stakeholder to the other.

6

Reasonable Measures

• Sharing and transmitting of the PHI is inevitable in this Health-IT environment.

• Reasonable efforts to safeguard the identifiable information available with the stakeholders is a mandate and a necessity. – Extends over to the handling of the data, and

the transmitting of the data, over a period of time.

7

Solution Includes:• e-PHI implementation on a secure channel

• computer-implemented cloud based EMR

management on a heterogeneous health

environment

• Authentication based PHI sharing b/w

covered entities

• Designing of a Risk Adjusted Payment

model/system in the healthcare network

• Implementation of State defined privacy and

confidentiality clauses.

US2014297320

US2014150077A1

8

US20040078229

9

THANK YOU

Mr. Amitava ChakrabortyIPR, Space Law & Health-IT Consultant (India,

US, EU)amitava268111@gmail.com, +1-408-663-7962

(CA, USA)

&

Advocate Bagmisikha PuhanIPR Consultant, India