Regulatory Agencies under DISHA 2018

DISHA 2018 is the proposed law for India applicable to the Privacy and Data Protection related to the Health Care sector in India. At a time there is discussion on GDPR all around the industry and anticipation of the Justice Srikrishna Committee’s recommendation on the General Data Protection Act for India, DISHA 2018 has been proposed by the Health Ministry in a draft form for public comments. The Act is likely to be named as “Digital Information Security in Health care Act 2018”. Public comments are expected to be provided before April 21, 2018 to be sent to .

In order to enable stake holders to form their views and forward to the ministry, Naavi is providing here his own views. I suppose this would be helpful in triggering thoughts in others to send their own comments.


This is the continuation of the earlier article on this subject

 Any new legislation brings with it a proposal for creating new regulatory authorities and new executive positions for influential Delhi bureaucrats often unmindful of the costs involved and the inefficiency which the multiplicity of regulatory authorities breed. DISHA 2018 is not an exception to this. In the light of the action taken in the last budget to abolish some Tribunals such as the Cyber Appellate Tribunal, at some point of time, the authorities created by one law may get abolished for some reason or the other. Some times authorities get created but there will be no activity.We have seen this happen with the Adjudicating authorities under ITA 2000.

Despite this experience, DISHA 2018 also tries to create many authorities for regulation of the proposed act.

The first such authority is the National Electronic Health Authority of India (NeHA). A Chairman assisted by a board of representatives from different ministries and some ex-officio members would constitute NeHA.

NeHA will be assisted by a “National Executive Committee”  with more members from the Bureaucrats.

These  regulatory body will be supported by the “State Electronic Health Authority” and  “State Executive Committee” creating more jobs for bureaucrats in all the States and Union Territories.

These bodies will then appoint there own staff, invest in Building, Cars, Hefty Salaries and Pensions all at the expense of the tax payer’s money increasing the cost of living.

Whether these regulatory bodies are aware of IT, aware of IT Security, aware of Data Protection etc., will be the last consideration.


Similarly, for Dispute resolution, State and Central Adjudicating authorities have been proposed.

For breach of digital health data by a clinical establishment or any entity an aggrieved person or owner may complain to the State Adjudicatory Authority

For breach of digital health data by a health information exchange or State Electronic Health Authority or the National Electronic Health Authority of India, an aggrieved person or owner may complain to the Central Adjudicatory Authority

The Adjudicating authorities will be a multi member body and consist of a Chairperson and two other members which is welcome since our experience with the Adjudicating Authorities under ITA 2000 had thrown up the need for such multi member body. Central Adjudicating authority will also be the appeal authority against the orders of the State Adjudicating authorities.

Appeal from the Central Adjudicating authority will go to the High Court.

Otherwise the Adjudicating authorities will be like in the case of ITA 2000, authorities which will not be required to be bound by Civil Procedure Code.

No specific compensatory limit is also indicated in the proposed Act.

However, no civil court shall have jurisdiction to entertain any suit or proceeding in respect of any matter which the Central Adjudicatory Authority or the State Adjudicatory Authority is empowered by or under this Act to determine and no injunction shall be granted by any court or other authority in respect of any action taken or to be taken in pursuance of any power conferred by or under this Act.

We need to await the detailed procedural notification at a later stage for more details on the functioning of the Adjudicating authorities and the appointment of people for the different positions in the Adjudicating authorities.

If two successive Governments at the Center were unable to find a Chair Person to the Cyber Appellate Tribunal since 2011 and the Ministry of Mr Arun Jaitely decided to merge the tribunal as a solution with another Tribunal unmindful of the consequences on the society, we need to observe how the proposed Adjudicating authorities under this Act would be set up.

If there was lack of work for Cyber Appellate Tribunal under ITA 2000, will there be sufficient work with these tribunals? or can these tribunals can also handle the ITA 2000 complaints, will be questions to which answers may be expected from the Government.


This entry was posted in Uncategorized and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *