DISHA and HIPAA, How Do They Compare?


The Digital Information Security in Healthcare Act (DISHA) of India seeks to establish a National Digital Health Authority and Health Information Exchanges. The purpose behind the potential law is to facilitate electronic health data privacy, confidentiality, security, and standardization. There are many similarities between DISHA and HIPAA which are discussed in detail below.

What is DISHA?

The Digital Information Security in Healthcare Act (DISHA) is an, “Act to provide for establishment of National and State eHealth Authorities and Health Information Exchanges; to standardize and regulate the processes related to collection, storing, transmission and use of digital health data; and to ensure reliability, data privacy, confidentiality and security of digital health data and such other matters related and incidental thereto.”

The proposed health information law is set to regulate two types of information, Digital Health Data (DHD) and associated personally identifiable information (PII). If enacted, DISHA will regulate the generation, collection, access, storage, transmission and use of DHD and associated PII.  

DISHA and HIPAA, Protected Information

The information regulated by DISHA is similar to that of HIPAA, as they both regulate personal health data. DISHA makes two distinctions between the types of data they regulate known as Digital Health Data (DHD) and associated personally identifiable information (PII), while HIPAA regulates protected health information (PHI) and PHI stored electronically (ePHI).

Digital Health Data

Digital Health Data is defined by DISHA as, “an electronic record of health related information about an individual and shall include the following:

  • Information concerning the physical or mental health of the individual;
  • Information concerning any health service provided to the individual;
  • Information concerning the donation by the individual of any body part or any bodily substance;
  • Information derived from the testing or examination of a body part or bodily substance of the individual;
  • Information that is collected in the course of providing health services to the individual; or
  • Information relating to details of the clinical establishment accessed by the individual.”

Personally Identifiable Information

Personally Identifiable Information is defined by DISHA as ,“any information that can be used to uniquely identify, contact or locate an individual, or can be used with other sources to uniquely identify a person.” 

Under DISHA, PII includes:

  1. Name
  2. Address
  3. Date of Birth
  4. Telephone Number
  5. Email Address
  6. Password
  7. Financial information such as bank account or credit card or debit card or other payment instrument details
  8. Physical, physiological and mental health condition
  9. Sexual orientation
  10. Medical records and history
  11. Biometric Information
  12. Vehicle number
  13. Any government number, including Aadhar, Voter’s Identity, Permanent Account Number (‘PAN’), Passport, Ration Card, Below Poverty Line (‘BPL’).

Protected Health Information

HIPAA regulates the use and disclosure of “individually identifiable” health information, known as protected health information (PHI), including electronic PHI (ePHI). 

PHI includes:

  1. Name
  2. Address
  3. Any dates (except years) that are directly related to an individual, including birth date, date of admission or discharge, date of death, or the exact age of individuals older than 89
  4. Telephone number
  5. Fax number
  6. Email address
  7. Social Security number
  8. Medical record number
  9. Health plan beneficiary number
  10. Account number
  11. Certificate/license number
  12. Vehicle identifiers, serial numbers, or license plate numbers
  13. Device identifiers or serial numbers
  14. Web URLs
  15. IP address
  16. Biometric identifiers such as fingerprints or voice prints
  17. Full-face photos
  18. Any other unique identifying numbers, characteristics, or codes

Let’s Simplify Compliance

Do you need help with HIPAA? Compliancy Group can help!

Learn More!
HIPAA Seal of Compliance