Student Dissertation

Agency : Comparative Study; Patient Data Safety; Patient Data Security; Indian Standard; US Standards; HIPAA Guideline; Data Security Standards

Objective : • To understand the differences between patient data safety standards between U.S and Indian Hospitals. • To study Indian hospital’s perspective on application of data security standards. • To study the scope for implementing HIPAA guidelines in Indian hospitals.

Background : The health information system is evolving day by day. Preserving health information is very important so as to maintain privacy and confidentiality of patients’ health information from any harm and misuse. Importance of health information access is a complicated process as relevant workforce should be appointed for the purpose. There are many opportunities if the importance of patient data safety is understood at the right time. The methods generally used are basic data entry in paper files and very limited use of local health information systems in the hospitals. Still traditional methods like paper records are being used even if any healthcare organisation can afford it.

Methodology : The study was descriptive and cross-sectional and conducted in NTT data services, Bangalore from February to April 2017.Six Indian hospitals were identified on the basis of convenient sampling, considering single speciality, super specialty and multispecialty hospitals as per their availability and accessibility. Open-ended questionnaire was designed to capture information on perception about various safeguards used by the hospital staff. A checklist was developed to observe and record certain administrative, physical, and technical data safety processes/ practices in Indian hospitals for protecting patient data. A total of 105 respondents, 15 from each hospital (six nurses, three doctors or physicians, four administrative and two IT staff) were interviewed.

Findings : Administrative and physical safeguards were followed in appropriate manner, but technical safeguards were not looked upon very well even if proper HIS system is established in the hospitals. Secondary data analysis revealed that there were appropriate rules and regulations for handling patient data safety which helps to govern the US hospitals. There were stringent rules mandating the US hospitals to disclose data breaches whereas such provisions were lacking in India. Lack of monitoring of application of laws and regulations was found poor. The results revealed that there was less awareness of the significance of patient data safety protocols being followed in the hospitals among the staff members. About one-third of the physicians and nurses responded that HIS is necessary to secure patient for medical legal purposes and continuity of care. To manage patient data in the hospitals 73 per cent nurses and 42 per cent physicians consider both paper records and HIS as the means of data handling in which medical records department plays the major role. One of the major barriers was lack of human resources.

Recommendations :US healthcare is well equipped with rules and India too is on the way of improvement towards sensitive patient health data. Technical, administrative and physical safeguards are adopted in Indian hospitals to some extent to secure patient data. There was a lot of scope in Indian health care to develop better patient data safety standards through skilled human resources, correct knowledge of rules and regulations, and adoption of technical safeguards can lead to streamlined and modern way of data handling.