The act's broad nature and the challenges it presents in terms of granting necessary exemptions. Aggarwal emphasised that widespread implementation of the DPDP Act across the industry would take time, considering its intricacies

In the realm of digital health, where personal information and medical data intertwine, the need for robust data protection is more critical than ever. At the BW Festival Of HealthTech, industry leaders convened to shed light on the multifaceted aspects of safeguarding patient information and the path forward.

Viren Aggarwal, COO of MyDigiRecords, delved into the Digital Personal Data Protection Act (DPDP Act), a pivotal framework for data protection in the healthcare sector. He highlighted the act's broad nature and the challenges it presents in terms of granting necessary exemptions. Aggarwal emphasised that widespread implementation of the DPDP Act across the industry would take time, considering its intricacies.

Harsh Parikh, Co-Founder of Driefcase, weighed in on the pressing need for data protection, emphasising the twin pillars of privacy and security. He zoomed in on the aspect of privacy, underscoring the necessity for transparency in the operations of healthcare entities. Parikh highlighted the sensitivity surrounding certain healthcare information, such as mental health or reproductive health data, where individuals often seek confidentiality.

Furthermore, Parikh raised concerns about monetization models in the healthcare startup ecosystem. He pointed out that startups often rely on data to reduce customer acquisition costs, which can lead to data misuse. He stressed the urgency of establishing laws and practices to protect this valuable data resource.

Turning to the perennial challenge of security breaches, Parikh acknowledged the evolving nature of the threat landscape. He questioned the feasibility of creating entirely hack-proof systems, suggesting that staying ahead of the game should be the goal.

“In terms of loopholes, in the current DPDP Act, there are a lot of exemptions. What I hope is that when the board is constituted and starts laying down more detailed rules, it will iron out all of the nuances. For example, a lot of data is collected from chemists and doctors during prescription audits. That data is collected by companies and is eventually sold to pharma companies for their sales and marketing purposes. This is a grey area when it comes to data consent, even in the current DPDP Act, there’s not a lot of detail regarding something like this,” said Parikh, highlighting the current DPDP Act's exemptions.

Aggarwal added his insights, highlighting the lack of standardised security practices in the healthcare sector. 

He observed, “There is a lack of standardised security in the sector; the providers and facilitators are working in fragments. Everyone is recording records at different levels and in different places. There needs to be a certain level of awareness and transparency as to how healthcare organisations store and use patient data. Today, even if you have digital healthcare, you’re not aware where your personal health data is going or how many organisations are able to access it.”

He added, “We are taking the necessary steps with data encryption and cloud storage. We make sure the data stays with the consumer at all times, rather than us or a provider.”

Looking ahead to the future of data protection and privacy, Aggarwal expressed optimism about advancements at various levels, from individual to global. He noted that the widespread use of smartphones is ushering in an era of information technology, empowering individuals to take charge of their health records.

In conclusion, Harsh Parikh outlined potential solutions to the complex challenges of data protection and privacy in healthcare. He pointed to the combined strength of the DPDP Act and the increased adoption of the Ayushman Bharat Digital Mission (ABDM). Together, these measures can put patients in control of their health data. 

The ABDM network empowers patients to determine who can access their health information, curbing data fiduciaries' unilateral data movements. Parikh expressed confidence that with the right framework from the DPDP board, India can lead the way in data protection, aligning itself with global standards.