Privacy Compliance under HIPAA-HITECH Act
HIPAA ( Health Insurance Portability And Accountability Act-1996) of USA as fortified by the HITECH Act (Health Information Technology for Economic and Clinical health Act-2009) impose strict Privacy and Information Security obligations for Covered Entities and Business Associates in USA applicable for the handling of Health Information.
If a “Covered Entity or Business Associates” established in USA but is maintaining data processing facilities in India, they are anyway covered under the Act as part of the US establishments.
When health data is processed in India by “Sub Contractors” under a “Business Associate Contract” the obligations under HIPAA-HITECH Act get tranferred to the Indian Sub Contractor. These are contractual obligations with enforcement of penalties which might have been provided in indemnity contracts.
Since such contracts are also blessed under the ITA 2000/8 which is the data protection legislation in India, the Covered Entities or Business Associates in USA using Indian facilities are adequately secured with an ability to impose the same privacy and information security obligations that they follow in US even in the Indian facilities.
P.S: This page may be updated from time to time with additional information. Discussions on this may also be covered in the articles on the site.