HIPAA Compliance or equivalent law

By Raunak Jhunjhunwala on April 5, 2015 14 Comments / 1588 views

Hi All,

I have a startup in healthcare and wellness sector, where in the users will be sharing the health related data. In this regard just wanted to check if someone is aware of the complete process of complying with HIPPA of USA. Also, if there is any similar law in India for protection of health related data.

I will be thankful for any help in this direction.

Many thanks

Best regards

Raunak

Comments

Raunak Jhunjhunwala

14 Comments

Puneet Nirogam Aggarwal April 6, 2015, 6:26 am

Hi Raunak,

While I might not be the best person to answer this, but have you looked at : https://www.hipaa-india.com/
I can put you in touch with consultants who can help you comply in the Healthcare Data domain. You can reach out to me at puneet@nirogam.com
asha chaudhry April 6, 2015, 6:29 am

i’ve pinged asha satapathy of DocEngage who will respond 🙂

https://www.therodinhoods.com/profile/AshaSatapathy
Ashish Katkar April 6, 2015, 8:08 am

Raunak,

My answer on HIPAA is dependent on answer to below question:

1. As part of the health related data being captured/handled by your company, would you be handling healthcare information of American Nationals?

Currently, while India does not have a specific law for Healthcare data, it does have a law for the protection of Personal Information. If your company handles personal data of Indian nationals, then it has to follow the Indian IT Act 2000 New rules.

Regards – Ashish
Raunak Jhunjhunwala April 6, 2015, 6:21 pm

Thanks Puneet for your reference. I will go through the link and touch base with you.
Raunak Jhunjhunwala April 6, 2015, 6:22 pm

Thanks Asha for the quick revert and help.
Raunak Jhunjhunwala April 6, 2015, 6:43 pm

Thanks Ashish!

Currently we plan to cater to Indian market, however given the virtual nature of the business, we may have US nationals as our customers.

Will go through the IT ACT and HIPAA.

Thanks atone!
Sanket Rajadhyaksha April 7, 2015, 4:46 am

HIPAA does not apply to services provided in the Indian jurisdiction. The health ministry is working on some EMR/EHR standards though. You can find them here: https://www.mohfw.gov.in/index1.php?lang=1&level=1&sublinkid=1714&lid=1607

My understanding is that even if you are catering to US nationals, since you are a registered provider in India; HIPAA would not apply. You will fall under the generic IT acts of protecting personal information.

If you start working with healthcare providers in the US though by providing them with services, they might mandate some HIPAA compliance due to the nature risks involved.
asha chaudhry April 7, 2015, 6:05 am

hey raunak – check out this TiE event – https://www.therodinhoods.com/events/technology-as-an-enabler-for-healthcare-host-tie-mumbai

will it help you?
Kaizad Patel April 7, 2015, 10:46 pm

Hi Raunak,

Based on what I know…

HIPAA regulations are mandated by the US government for Healthcare companies to ensure that companies comply with the necessary information that can only be utilized by authorized companies.

There are only a few allowable data elements that can be utilized ie provider name, notification identification number, member name, member id number, date of birth, medical record number, diagnosis.

In the Philippines – Companies need to partner with healthcare companies in the United States to get approval from the state / federal insurance department and federal / state government.

Best of luck with you venture.

Kaiz
Asha Satapathy April 8, 2015, 7:39 am

Raunak Jhunjhunwala, DocEngage is HIPPA compliance and it is not mandated by India as we are cloud based CRM and process millions of data we have done the compliance by our self. Usually it will be done in the product and also by the process compliance by the users as well…

We have EMR standard released by Gov of India but they upgraded every year. It is not rolled out yet as mandate…

We have in-house HIPPA experts as we are all from Healthcare US so it did help a lot when we implement in India…. You do have HIPPA consultants who can help you on the compliance process…

Let me know if you need any help….

(Thanks Asha for pinging me)
Raunak Jhunjhunwala April 8, 2015, 12:01 pm

Thanks Sanket for your revert. Basically we foresee users from USA on our website though we will be headquartered in India. In that case, because we are handling data of users from USA there could be a potential cover of the company under HIPAA.

Other than above, more from credibility perspective, I guess this will add value.

Thanks

Best regards

Raunak
Raunak Jhunjhunwala April 8, 2015, 12:03 pm

Thanks Asha for sending across the link for the event . This seems to be a good event for us. However unfortunately I am travelling till tomorrow, therefore won’t be able to attend it.

Thank alot anywz for so many referrals and help

Best regards

Raunak
Raunak Jhunjhunwala April 8, 2015, 12:12 pm

Thank you Kaiz for the response and wishes. It is really useful. Just wanted one clarification in the your response ” There are only afew…..” are these items which can be displayed without HIPAA or what is it?

Thanks

Best regards

Raunak
Kaizad Patel April 10, 2015, 3:14 am

Raunak,

I believe even with HIPAA there are only a few data / information that can be displayed i.e provider name, notification identification number, member name, member id number, date of birth, medical record number, diagnosis.

Regards,

Kaiz