Indian Scenario of Electronic Health Records

The whole world has been struggling to fight against the COVID-19 (SARS CoV-2) since past few months. When such pandemic strikes, the healthcare systems of developed and developing nations come into the limelight wherein differences in basic practices can be seen making a huge difference in quality of services. The healthcare industry is rapidly evolving and healthcare professionals are constantly updating themselves with various tools to provide quality services to patients. Earlier the medical file record was kept in physical files and accordingly both the doctor and patients tried to keep a copy of it for safety (imagine losing medical records!). With changing technology, computers are being used to update the medical files and keeping digital records, commonly known as electronic health records (EHRs) and considered as real time digital version of patient records. They constitute as comprehensive report of an individual’s overall health. EHRs are advantageous in various ways as they help in real time tracking of patients’ clinical progress, facilitate improved health care decisions and provide evidence-based treatment and care.

To understand the complexities of the emerging EHR system, it is essential to know how the health information system has been in the past, how it is now, and what it needs to become in the future. Medical records, either paper-based or electronic, prove to be an effective communication tool that supports clinical decision making, coordination of services, evaluation of the quality of the medicine. Such records are also an essential part for enhancing the efficacy of medical care, research, legal protection, education, accreditation, and regulatory processes. It is a business practice for health care system documented in the normal course of its activities. In the past, medical records were a paper repository of information that was reviewed or used for clinical, research, administrative, and financial purposes by medical staff and was severely limited in terms of accessibility and accountability made available to restricted users. The paper-based records were updated manually, resulting in delays for record completion and difficult to archive for a longer duration. Sole physician used to be in control of the care and documentation processes and authorization for the release of information. Patients rarely viewed their own medical records. The primary limitation of maintaining the paper-based medical record was the lack of security due to controlled access by the conventional techniques such as doors, locks, identification cards, and involved typical sign-out procedures for authorized and restricted users. However, it was also difficult to track if such information has been accessed by the unauthorized means.

Presently, the primary purpose of the documentation remains the same – support mechanism for patient care. Medical and clinical examination is often scanned into an electronic system immediately and is typically completed by the time the patient is discharged. Further, EHR is interactive, and involved many stakeholders, reviewers, and users of the documentation and due to government’s increasing interest in funding for improved health care system, agencies actively review documentation with utmost care. The EHR can be viewed simultaneously by many, utilizing a host of information technology tools such as smartphones. Patients can routinely review their own electronic medical records and are keeping a personal health records (PHR), that contain clinical documentation about their diagnosis (from the physician or health care websites providing support services). Physician, practice, or organization is the owner of the physical medical record because it is their business record and property, while the patient owns the information in the record. There are three major ethical priorities for electronic health records – privacy & confidentiality, security, and data integrity & availability.

There are different forms of EHR viz. AHR (Automated Health Records), CPR (Computer-based Patient Record, EMR (Electronic Medical Record). AHRs are a collection of images stored on a computer. These images contain conventional health record documents. AHRs are typically scanned and stored into a computer’s memory storage. Although they solved the problems associated with paper-based records, they do not analyze patient’s data and the input, or the output is not on patient level such as diseases or age conditions. Similarly, EMRs are automated systems containing images of the documents that has been developed by a specific practice of health care center to manage the records. It tended to be non-uniform with every practice having varied system of storing the document scans. CPRs contained specific patient identifier wherein all the documents related to that specific patient over specified period was included and maintained in such files. Different forms of records thus have different functionalities, that have been changing with technology revolution. The final form which now is being implemented at majority of the places is EHR. Because EHR includes all the information related to a patient that has the potential of developing into the ultimate lifetime file of any patient with time stamps of all health-related incidents.

Security and Privacy Concerns

Like other online digital transactions and services, concerns of breach exist regarding EHRs as well. Concealing of sensitive data is prime and valid concern for the patients which can affect a person’s finances as well as reputation. Therefore, it is essentially required to have a top security system in place to eliminate the risk of breach. In addition, the paper-based data management always have a risk of misplacement of data which can be overcome by ensuring the proper security of digital channels.

Therefore, it is important for an organization to initiate the data management while endorsing that utmost care is taken to ensure a secure transition. Further, it would be helpful if a user guide is provided which has flexibility to update the procedures and policies along with proper privacy and security training to employees and the user. In addition, the companies can safeguard the physical and system monitoring by restricted accessibility. The provisions for regular auditing and monitoring the user-system interface can also control the data encryption.

Initiatives by the Government of India EHR Standards

The Ministry of Health & Family Welfare (hereinafter ‘MoHFW’) first came out with standards for Electronic Health Record (EHR) for India in September 2013, which were based on the recommendations made by the EMR Standards Committee constituted under the MoHFW. The document contained recommendations for developing a uniform system for EHRs creation and maintenance by healthcare providers. These standards were revised and were notified earlier in December 2016 (Mantri 2016). Enforcement of such standards help in keeping the track of privacy, security that can be audited from time to time. Through these standards, the Government has ensured safekeeping of data maintaining legal and ethical practices.

Other Initiatives

The following are some of the other steps taken by the Government of India:

  • National e-health Authority of India (NeHA) was proposed be set up in the year 2015 under the MoHFW with the goal to establish the e-health ecosystem in India. One of the prime objectives of the NeHA is “To lay down data management, privacy and security policies, guidelines and health records of patients in accordance with statutory provisions” (Ministry of Health and Family Welfare, Government of India 2017).
  • MoHFW have put forward a draft for the establishment of an Act called Digital Health Information in Healthcare Security (DISHA) for promotion or adoption of e-health standards. DISHA (2018) is “An Act to provide for establishment of National and State e-Health Authorities and Health Information Exchanges; to standardize and regulate the processes related to collection, storing, transmission and use of digital health data; and to ensure reliability, data privacy, confidentiality and security of digital health data and such other matters related and incidental thereto”.
  • “National Health Stack” a visionary digital framework is proposed by the National Institution for Transforming India (NITI Aayog) with an aim to create digital health records for all the citizens of India by the year 2022 (NITI Aayog 2018).


Medical practice is increasingly information intensive. The combination of physicians’ expertise, decision support tools, and data itself are existent to improve the quality of care sequentially providing the timely response to patients. In addition, details of the service providers are available to the patient and accordingly physicians can be selected and evaluated on both clinical and technological competence. With the help of tools of the information technology physician’s decision-making process with clinical decision support tools can be checked based on the internal and external data and information. The whole process then would be helpful to trust the data for patient care and decision making. Further, maintaining and creating useful EHRs will be helpful to identify the expertise of physicians and other clinicians, information management and technology professionals, clinical agency, administrative personnel, and patients.

EHRs contain an enormous amount of patient information and diagnostic records, most of which is considered for protecting highly sensitive health care information. With the technological progression, the rise of enhanced cyber threats has increased, which hinders the privacy and security of health information systems such as EHRs. As mentioned earlier, privacy and security concerns pose the biggest and most important obstacle to adopting EHRs. While there are numerous security techniques that could be implemented to prevent unauthorized access, it is difficult to say with confidence what techniques should and should not be used, depending on the size and scope of a healthcare organization.

In India, the development of EHRs is in initial stages, however, it is expected that implementing of the draft guidelines and proposed mechanism would be helpful along with strict regulatory norms in implementing these in near future. It appears that the with the improved technology measures, and organizations taking educated steps in strengthening the healthcare systems, EHRs will be evolved to see a better future. One of the positive aspects of it is the population of India gives a vast amount of data thereby providing a platform for analysis of a larger data set. EHRs can be seen contributing towards accurate analytics if progressed in specific needs pertaining to Indian residents.

Article by Pankaj Musyuni & Harshada Wadkar, First published in IPLINK Asia