wordpress blog stats
Connect with us

Hi, what are you looking for?

Apply data retention policy to all healthcare entities but gradually, says Practo

Practo’s suggestions largely revolved around the policy’s scope, how it classifies data, implementation, and more.

“The scope of this policy should be applicable for the entire healthcare ecosystem in India,” Healthcare application Practo told the National Health Authority (NHA) in its comments on the proposed Health Data Retention Policy (HDRP).

The HDRP lays down conditions around health data retention and management under the Ayushman Bharat Digital Mission, the Indian government’s multi-tiered project that looks to digitise sensitive health data for citizens, among other functions.

The NHA – which oversees the ABDM – has cited data security concerns from users as well as the healthcare ecosystem’s need for reliable, long-term data as reasons for such a policy. The policy has the potential of becoming applicable to the larger healthcare ecosystem, beyond the ABDM.

What Practo said in its submission

  • NHA: How should the policy be implemented and if it should cover only ABDM-enrolled entities or the entire health ecosystem?

Widen scope and stagger the implementation of policy: Practo said that the policy should be implemented in a staggered manner on the basis of locations – metro, tier-1/2/3, rural areas – and remain voluntary. The NHA should do this “given the importance, impact, the changes that it [the policy] will make to the existing healthcare infrastructure and functioning, and the humongous task in rolling-out this policy,” it added. It also suggested that the scope of the policy be expanded to all healthcare entities, as it would ensure a uniform approach, covering the entire ‘health spectrum’ and adaptability for future changes.

  • NHA: Classifying health records into different categories, a 10-year retention period for in-patient, out-patient, and deceased patients’ records, was proposed.

Set parameters for extension of retention periods: For internal use, companies should be allowed to further classify the data into subcategories, Practo said. Further extensions should be allowed, however, ‘appropriate parameters’ should be laid down to assess the requirement for such an extension, the startup added.

  • NHA: How can business continuity be ensured in case of fall of the establishment, platform, or service providers?

Create an ecosystem of archivers: A central archival model, to which healthcare entities can transfer their data when they go out of business, was suggested. “This will help a new industry (healthcare data archival) to grow around it,” Practo added.

Multiple guidelines lead to ambiguity and confusion: Practo urged the NHA to clarify the existing guidelines for health data retention and how they would apply. It listed 5 pre-existing policies:

  1. Data Protection Bill
  2. Digital Information Security in Healthcare Act (DISHA)
  3. The Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2002,
  4. The Clinical Establishments (Registration and Regulation) Draft Rules 2010
  5. EHR Standards 2016

“Once this policy comes into effect, there will be a lot of confusion in the industry as to which policy to comply with and which is relevant for the sector.” — Practo.

Questions on which Practo did not comment

Here are the questions posed by the NHA to all stakeholders, on which Practo didn’t have anything to say:

Advertisement. Scroll to continue reading.
  1. Will the governance model as per Health Data Management Policy be sufficient for the retention policy?
  2. How will the policy regulation be enforced and what should be the structure across relevant entities responsible for retaining the health data?
  3. Who shall have the apex authority to oversee and implement health data retention? Which entity as part of the ecosystem should be rolling out this policy at the macro-level?
  4. How can smaller clinics or centers, both public and private, build capability in a timely and cost-efficient manner to take responsibility for data retention for long time periods?
  5. What should be the ideal duration for these different health data types?
  6. While ABDM proposes that all entities opting to join NDHE must be able to retain health data in electronic format, and other entities of the healthcare ecosystem may consider physical or original formats, what options should be made allowable as part of the policy being proposed? Health data records can be only digital, only physical, or combination in any hospital. Accordingly, the question arises whether all the above considerations should fall under one policy or under separate/independent policies?
  7. As ABDM has a provision for opt-out, in such a scenario what may be the possible implications from the perspective of health data retention?
  8. Should a blanket retention duration be adopted for all health records in India or different schedules be defined as per a classification? Which is a better approach to retention?

Other ABDM building blocks

The ABDM is proposed to have multiple tech components like a Unified Health Interface for teleconsultations, Unique Health IDs, Healthcare Professionals Registry, Health Facility Registry, Health Claims Platform for insurance disbursements, analytics platform, etc. As part of this project, the NHA has also released policies to regulate entities, such as the Health Data Management Policy and the HDRP.

Also Read:

Have something to add? Post your comment and gift someone a MediaNama subscription.

Written By

I cover health technology for MediaNama, among other things. Reach me at anushka@medianama.com

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ