Unlike in the financial sector where RBI keeps an eagle eye on compliance and security measures, there is no single regulatory agency yet for the health sector. The scale of RBI advisories in banking and digital payments will help sustain the growth of the digital ecosystem in the financial sector. Likewise, healthcare providers must spruce up best practices, including regular cybersecurity audits, secure firewalls, security operations centres, trained manpower and robust oversight on vendors.
Setting up special purpose vehicles (SPVs) to handle hospital IT information systems is a good idea now that technology provides for centralising infrastructure through cloud and other means to service multiple facilities. The health ministry, in consultation with the IT ministry, CERT-In, National Health Authority, state governments and industry must prepare a list of sector-specific guidelines on policy, practices and oversight mechanisms.