Digital Information Security Healthcare Act (DISHA) Compliance Audit

DISHA (Digital Information Security in Healthcare Act) will enable the digital sharing of personal health records with hospitals and clinics, and between hospitals and clinics; it will be the basis for the creation of digital health records in India.

The National Health Policy has green-lit the creation of a National Health Information Network, for sharing Aadhaar linked Electronic Health Records. DISHA appears to lay the groundwork for many health exchanges.

DISHA imposes significant restrictions on the use of health data and places an individual squarely in control of his data. DISHA clearly offers stronger protection to an individual vis-à-vis his data. In fact, DISHA clearly specifies the purposes and processing that health data can be put to, and disallows processing under any other grounds, including consent. If a purpose or processing is specified under DISHA, then additionally, there is a requirement of either the individual’s consent or a law requiring such use.

Data governance under DISHA takes an entirely consent-based approach, giving the individual significant rights and putting him squarely as the owner of his data. Under DISHA, an individual has been given an actual say in what happens with his data. Firstly, he has been given explicit rights to give or refuse consent at every stage of processing- generation, collection, storage, transmission, access and disclosure. He also has the right to withdraw consent for storage and transmission of his data. Two very significant consent-related rights in addition to these are the need for explicit, prior permission for every use of his data in an identifiable form, and the right not to be refused health-care if he refuses consent at any stage.

Under DISHA, access to health data is restricted to permitting governmental departments to seek access from the National Electronic Health Authority established under the Act for the following purpose:

  • For public health activities or to deal with public health threats
  • To facilitate health and clinical research.
  • To promote detection, prevention and management of chronic diseases.
  • To carry out public health research and analysis, and
  • To undertake academic research.


Why Xiarch ?

Xiarch is an ISO 9001:2015 | ISO 27001-2013 licensed Cyber Security Company and IT Services Company with solutions providers in Information Security like VAPT Services, Penetration Testing Services, Vulnerability Assessment Services, Among our consumers we proudly work for Government Organizations, Fortune one thousand Companies and countless start-up companies. We are additionally Value Added Partners, Authorized Re-sellers & Distributor of Leading Web Application Security Testing Tools.

We are headquartered in Delhi and have branch presence in Gurugram, Mumbai and Chennai - India

Contact our sales team @ +91 11-45510033 for further clarifications on above stated service, you can also reach us by an email at [email protected]. We’ll be great full to serve you. Happy Security.

Interested in our Digital Information Security Healthcare Act (DISHA) Compliance Audit?


New Delhi - Head Office

Xiarch Solutions Private Limited

Mumbai - Branch Office

Xiarch Solutions Private Limited