SlideShare a Scribd company logo

Sandbox guidelines v6

Manish Nachnani
Manish Nachnani

https://ndhm.gov.in//assets/uploads/Sandbox_Guidelines_v6.pdf

Healthcare
1 of 15
Download to read offline
National Digital Health Mission NDHM Sandbox Enabling Framework V1.0 18 August 2020
GLOSSARY CDS Clinical Decision Support CIA Confidentiality, Integrity, Availability EMR Electronic Medical Record HIP Health Information Provider HIU Health Information User HTC Health Tech Committee IDS Intrusion Detection System IPS Intrusion Prevention System IT Information Technology KYC Know Your Customer LLP Limited Liability Partnership NDHE National Digital Health Ecosystem NDHM National Digital Health Mission NHA National Health Authority NS National Digital Health Mission Sandbox PDP Personal Data Protection PHR Personal Health Record SSH Secure Shell SSL Secure Socket Layer STQC Standardization Testing and Quality Certification VPN Virtual Private Network
Leverage the components using open standards and open APIs to expand your products; give choice to individuals on their choice of healthcare, promoting inclusivity 03 Build products and components integrating with Building Blocks of National Digital Health Mission 02 Be a part of the journey to create National Digital Health Ecosystem 01 How does the sandbox work? Subject to these guidelines and other guidelines and rules of Government of India, the sandbox access is open to all upon request. If your request is approved, you will get an access to the sandbox to build or/and expand your products in the healthcare / health tech industry. This is your chance to partner with NDHM, by enabling and empowering the products with the core building blocks of the Mission. For Government sector as well, APIs and platforms shall be available for integration with NDHM ecosystem. Why should you partner? The National Digital Health Mission is creating the core building blocks of healthcare. These building blocks include: Health ID - a health identifier to every individual DigiDoctor - a unique identifier to every doctor of every stream of medicine in the country and have his/her qualification/ occupation/ certification updated Health Facility Registry - enabling all health facilities like hospitals, clinics, labs, pharmacies to have a unique identifier and have standardized single point of updated information PHR system - that gives a choice to every individual to have their personal health records under their control. Thus, NDHM is creating building blocks enabling a highly efficient and effective healthcare experience and promoting inclusivity – taking healthcare to every corner of the country. The Sandbox allows you to utilize the services and build products that shall contribute to the betterment of healthcare in the country. It paves the way for an institution/system to become a Health Information Provider or a Health Information User utilizing the NDHM technologies. Where to go to apply and be a part of NDHM Sandbox? Apply online. Go to https://ndhm.gov.in for more details. NDHM Sandbox is a framework that will allow technologies or products to be tested in the contained environment in compliance with NDHM standards and judge the consumer and market reactions to the same. This will help organizations intending to be a part of the National Digital Health Ecosystem to become a Health Information Provider or Health Information User or efficiently link with building blocks of NDHM. Because there are boundary conditions – the risk is minimized and the emphasis is on feedback, learning and compliance to defined standards required to become a part of NDHM. This will provide an opportunity to “identify, understand, adapt, and respond to these disruptive new products and services” in a timely and appropriate fashion. The environment will allow for both alpha as well as beta testing of the products, and accesses to NDHM ecosystem shall be primarily through the sandbox. NDHM Sandbox
1. Background 1.1. The Ministry of Health and Family Welfare has conceived the idea of the National Digital Health Mission (NDHM). This visionary initiative of the Government of India, stemming from the National Health Policy, 2017 intends to digitize healthcare in India. This would be done by creating digital health records and creating and maintaining registries for healthcare professionals and health facilities, to ensure a smooth, interoperable framework for the multiple stakeholders in the healthcare ecosystem in India. 1.2. The National Digital Health Blueprint, 2019 recommends that a federated architecture be adopted, instead of a centralized architecture for the management of health data to ensure interoperability, technological flexibility, and independence across the National Digital Health Ecosystem (NDHE). The data collected across NDHE will be stored at three levels, i.e. at a Central level, at a State or Union Territory level and lastly, at the health facility level, adopting the principle of minimality at each level. The federated structure necessitates the development of a framework that can be utilized throughout the NDHE by public as well as private players to safeguard the privacy of individuals and confidentiality of health data that has been collected from individuals in India. This would be essential to build a trust quotient across the NDHE as well as to ensure that the personal and health data of all individuals in India is adequately protected, across the set of applications, platforms and systems that are a part of the ecosystem. 1.3. It will act as a guidance document across the NDHE and will set out the compliance, technical integrations, testing, scalability and minimum standard for data privacy protection that should be followed across the board in order to ensure compliance with relevant and applicable technological and healthcare standards, laws, rules and regulations. 1.4. The NDHM Sandbox usage is not to be interpreted or construed as giving any entity or individual rights which are greater than those that such entity or individual would be entitled to under applicable laws. NDHM will investigate and report on the granular aspects of health tech and its implications to review the framework and respond to the dynamics of the rapidly evolving health tech scenario. The Mission is introducing an appropriate framework for a NDHM Sandbox (NS) within a well-defined space and duration where the health sector will come onboard to increase efficiency, manage risks, and create new opportunities for consumers. 1.5. Accordingly, a structure highlighting the clear principles and role of the proposed NS including the reasons for setting up the NS and the expectations of the NDHM, are detailed hereunder. 2. The NDHM Sandbox: Principles and Objectives 2.1. The NDHM Sandbox: NS for NDHM refers to live testing of the core building blocks and components of the Mission, and integrating them with new products or services in a controlled environment for which the NDHM shall provide access limited purpose of the testing. The NS will allow the Mission, the innovators, the healthcare service providers (as potential deployers of the technology) and the customers (as final users) to conduct
alpha/beta/field tests of products integrated with NDHM building blocks and new healthcare/health tech innovations, while carefully monitoring and containing their risks. It can provide a structured avenue for the Mission to engage with partners and to develop innovation-enabling or innovation-responsive delivery of relevant health tech products. The NS is an important tool which will enable more dynamic, evidence-based systems which learn from, and evolve with, emerging technologies. 2.2. Objectives: The objective of the NS is to foster integration of current systems and IT platforms in healthcare to be integrated with NDHM building blocks, and also enable responsible innovation in health tech services, promote efficiency and bring benefit to consumers. The NS is, at its core, a formal programme for market participants to come forward to partner and integrate their current and new products, , services, or business models with customers in a near-live environment, subject to certain safeguards and oversight. The proposed health tech service to be launched under the NS should include the building blocks of NDHM mandatorily with new or emerging technology or use of existing technology in an innovative way and bring benefits to consumers. 3. NDHM Sandbox: Benefits The setting up of an NS can bring several benefits, some of which are significant and are delineated below: 3.1. First and foremost, the NS fosters ‘learning by doing’ on all sides. The Mission will obtain first-hand empirical evidence on the benefits and risks of emerging technologies and their implications, enabling to take a considered view on supporting useful innovation, while containing the attendant risks. Incumbent healthcare / health tech service providers, including public health programs at centre and States, software providers, hospitals, labs, healthcare aggregators, and health tech companies and so on , also improve their understanding of how new healthcare / health tech technologies along
with NDHM building blocks might work, which helps them to appropriately integrate such new technologies with their implementation / business plans. 3.2. Second, users of an NS can test the product’s viability without the need for a larger and more expensive roll-out, if the product appears to have the potential to be successful. If any concerns arise, during the sandbox period, appropriate modifications can be made before the product is launched in the broader market. 3.3. Third, healthcare / health tech organizations provide solutions that can further inclusion and utilization of the NDHM in a significant way. The NS will go a long way in not only improving the pace of innovation and technology absorption but also in healthcare and health tech inclusion and in improving healthcare outreach. 3.4. Fourth, the NS will lead to better outcomes for consumers through an increased range of products and services, reduced costs, and improved access to healthcare services. 3.5. Finally, the NS will help developers and technical community of NDHM to get a first-hand feel of specifications, tools, technologies and building block of NDHM. It will provide an opportunity to the community to test their ideas and concepts and allow experimentation. 3.6. The data sharing shall be allowed based on approved Health Data Management Policy, Information Security Policy and any other policies as notified and applicable, and Data Protection Bill. 4. NDHM Sandbox: Risks and Limitations 4.1. The NDHM or its sandbox cannot provide any legal waivers. 4.2. Post-sandbox testing, a successful experimenter may still require necessary approvals before the product/services/technology can be permitted for wider application. 4.3. There is potential for some legal issues coming up, such as those relating to consumer losses in case of failed experimentation. Such instances may not have much legal ground if the NS framework and processes are transparent and have clear entry and exit criteria. Upfront clarity that liability for customer or business risks shall devolve on the entity entering the NS will be important in this context. 5. NDHM Sandbox: Eligibility Criteria 5.1. The target applicants for entry to the NS, are healthcare / health tech service providers, including public health programs at centre and States, software providers, hospitals, labs, healthcare aggregators, and health tech companies and so on and any other company partnering with or providing support to healthcare / health tech services businesses, subject to the sandbox criteria laid down in these guidelines. The focus of the NS will be to encourage innovations intended for use in the Indian market in areas where proposed innovation shows promise of easing/effecting delivery of healthcare / health tech services in a significant way.
6. Design Aspects of the NDHM Sandbox The NDHM shall consider the following key design features for the NS: 6.1. NDHM Sandbox and Product/Services/Technology: The NS shall run an end-to-end sandbox process testing the products added to the sandbox during a defined period. The NS shall be based on adoption of NDHM, healthcare / health tech inclusion with NDHM building blocks, promotion, and usage of NDHM in an expansive manner, etc. The utilization of sandbox for different products may run for varying time periods as finalized by Health Tech Committee (HTC) under NDHM but should ordinarily be completed within six months. An indicative list of products/services/technology which could be considered for testing under NS is given below: 6.1.1. Products/Services • Utilization of o Health ID o DigiDoctor Registry o Health Facility Registry o Personal Health Records o Telemedicine and Teleconsultation o e-Pharmacy o Health Clouds • Convergence and expansion of NDHM for o Retail healthcare o Health Insurance and Health Assurance services o Healthcare Marketplace and aggregation o Digital KYC for healthcare o Healthcare / Health tech advisory services o Health management services o Digital health related identification services o Smart contracts o Healthcare inclusion products o Cyber security products • Products like Clinical Decision Support System (CDS), Research- Medical & Policy, Anonymization-as-a-service, Consent Management as-a-service. 6.1.2. Technology • Mobile technology applications • Data Analytics • Application Program Interface (APIs) services • Applications under block chain technologies • Artificial Intelligence and Machine Learning applications 6.1.3. Becoming a • Health Information Provider (HIP): Any healthcare provider who creates health information in the context of treating a patient and agrees to share
the same digitally with the patient using the consent framework adopted by the National Digital Health Mission (NDHM) is called a health information provider (HIP). Any Hospital, diagnostic centre, clinic, etc. will be able to become HIP by ▪ Signing up with the NDHM facility registry to confirm they are a healthcare provider ▪ Adopting EMR software that is certified to be compliant with NDHM standards. ▪ The HIP should adopt identifiers maintained by NDHM (Health ID, DigiDoctor etc.) ▪ The HIP must share anonymized data as per policy laid down by NDHM/NHA in this regard. • Health Information User (HIU): Any entity that would like to access health records of a user will be called Health Information Users. This would include hospitals / doctors who would like to access medical history of patients, mobile applications that want to display health data to users including Personal Health Record applications. No record will be accessible to HIUs without the consent of the user. • Health Repository Providers: HIPs are expected to store digital records of both outpatient and inpatient treatments in a long-term storage and make them accessible by the health information provider service. For HIPs that do not have the infrastructure in house, they are expected to partner with Health Repository Providers who will help them in implementing this obligation. This shall also cover health lockers and health data storage facility systems. These may act as Health Information Providers as well as Health Information Users. Detailed guidelines for an organization to become HIP/HIU/Health Repository Provider shall be separately issued. 6.2. Quality Principles: The NS will need the following requirements to be mandatorily complied with by the applicants: i. Customer privacy and data protection ii. Secure storage of and access to data of all stakeholders, including health data iii. Compliance to PDP 2019: The domain as well as technology/security audit is a mandatory component of getting an organization onboarded and going live with the NDHM ecosystem. The check on all compliances shall be a part of the audit. iv. Compliance to medico-legal rules, regulations, and guidelines v. Security of transactions vi. NDHM core principles and related requirements vii. Statutory restrictions viii. Rules and regulations as finalized by MoHFW and MeitY
6.3. Exclusion from Sandbox Testing: Any product/services/companies/organizations which have been banned by the Government of India shall be strictly prohibited. 6.4. Fit and Proper Criteria for Selection of Participants in NS 6.4.1. Every applicant shall satisfy the following conditions: a) It should either be a company/ proprietorship firm/ LLP/ firm/ institution/ organization incorporated and registered in India or licensed to operate in India. Further, healthcare / health tech institutions constituted under a statute in India would also be eligible. b) The entity must demonstrate arrangements to ensure compliance with the existing regulations/laws on consumer data protection and privacy as well as PDP 2019. c) There should be adequate safeguards built in its IT systems to ensure that it is protected against unauthorized access, alteration, destruction, disclosure or dissemination of records and data. d) The test scenarios and expected outcomes of the NS experimentation should be clearly defined, and the sandbox entity should report to the Mission on the test progress, based on proposed schedule. e) The appropriate boundary conditions (refer to section 6.7) should be clearly defined for the NS to be meaningfully executed while sufficiently protecting consumers’ privacy. f) An acceptable exit and transition strategy should be clearly defined in the event, that the proposed healthcare / health tech-driven service must be discontinued or can proceed to be deployed on a broader scale after exiting the NS. g) The applicants shall be required to share the results of Proof of Concept (PoC)/testing of use cases including any relevant prior experiences before getting admission into NS for testing, wherever applicable. h) Significant risks arising from the proposed healthcare / health tech solution or service should be assessed and mitigation plan shall be submitted. 6.4.2. The NS is an initiative to foster onboarding with NDHM, and responsible innovation in healthcare / health tech services, while carefully monitoring and containing their risks. 6.5. Extending or Exiting the NS 6.5.1. At the end of the sandbox period, the sandbox entity must exit the NS. In the event, that the sandbox entity requires an extension of the sandbox period, it should apply to the Mission at least one month before the expiration thereof and with valid reasons to support the application for extension. The Mission shall take an informed decision to allow extension or otherwise based on the stage of the testing, the results of the testing till then, justification for its continuance and the expected outcome in the extended period.
6.5.2. The sandbox testing will be discontinued any time at the discretion of the Mission: a) if the sandbox entity does not achieve its intended purpose, based on the latest test scenarios, expected outcomes and schedule mutually agreed by the sandbox entity with the Mission. b) if the sandbox entity is unable to fully comply with the relevant requirements and other conditions specified at any stage during the sandbox process. c) if the sandbox entity has not acted in the best interest of consumers due to negligence or deliberate malicious practices 6.5.3. The sandbox entity may also exit from the NS at its own discretion by informing the Mission one month in advance. The sandbox entity shall ensure that any existing obligation to its customers of the healthcare / health tech service under experimentation is fully addressed before exiting the NS or discontinuing the NS. 6.6. Boundary Conditions: When the NS operates in the production environment, it must have a well-defined space and duration for the proposed healthcare / health tech service to be launched, within which the consequences of failure can be contained. The appropriate boundary conditions should be clearly defined for the NS to be meaningfully executed while sufficiently protecting the interests of consumers. The boundary conditions for the NS may include the following: 6.6.1. Start and end date of the NS 6.6.2. Target customer type 6.6.3. Limit on the number of customers involved if any 6.6.4. Security and privacy of data related conditions 6.6.5. Compliance to standards and processes for each building block of NDHM 6.7. Consumer Protection Sandbox will require the applicant to present a plan which adequately protects its consumers. This may include marketplace disclosures, a risk management plan, safeguarding procedures, incident reporting and dispute resolution, redress mechanisms, or insurance (such as a fund for victim compensation). In addition, the applicant should have a plan with key milestones identifying key performance indicators to plot the trajectory on whether key objectives were met and associated learnings. 6.7.1. The sandbox entity will be required to ensure that any existing obligations to the customers of the healthcare / health tech service under experimentation are fulfilled or addressed before exiting or discontinuing the NS. It may be noted that entering the NS does not limit the sandbox entity’s liability towards its customers. 6.7.2. The entities entering the NS must, in an upfront and transparent way, notify test customers of potential risks and the available compensation and obtain their explicit consent in this regard. There should be an appropriate arrangement for customers to withdraw from the test. 6.7.3. Sandbox entities shall be required to take liability/indemnity insurance of an adequate amount and period to safeguard the interest of the customers. The
adequacy of indemnity cover shall depend on determination of the maximum liability based on, among others, (i) maximum exposure to a single customer (ii) the number of claims that could arise from a single event (potential for multiple claims); and (iii) number of claims that might be expected during the policy period. The policy cover shall begin with the start of testing stage and end three months after exit of the sandbox entity from the NS. 6.8. For a Participant, which is a regulated entity operating in India under a license, the terms and conditions of that license would continue to apply during the test to all non-Sandbox approved activities. The Sandbox would permit a product, solution or service to be tested by the Mission in accordance with a test plan and without requiring a separate or modified license or authorization for the purposes of the test, once the Mission approves the application submitted by the participating entity and the security audit is successfully completed. 7. The NDHM Sandbox Process and its Stages 7.1. End-to-End Sandbox Process: A detailed end-to-end sandbox process, including the testing of the products/innovations by healthcare / health tech entities, shall be overseen by the NDHM Health Tech Committee (HTC) under overall guidance of the Mission Director, NDHM with participation of domain experts. 7.2. The Sandbox Process: Each product on NS shall have the following five stages and timeline: 7.2.1. Preliminary Screening: The application submission shall be always open and all applications shall be processed on FIFO basis. The applications shall be received by the HTC and evaluated to shortlist applicants meeting the eligibility criteria. The HTC shall ensure that the applicant clearly understands the objective and principles of the NS and conforms to them. 7.2.2. Test Design: This phase may last for 4 weeks. The HTC shall finalize the test design through an iterative engagement with the applicants and identify quantitative and/or qualitative outcome metrics for evaluating evidence of benefits and risks. 7.2.3. Application Assessment This phase may last for 3 weeks. The HTC shall vet the test design and propose modifications, if any. 7.2.4. Testing: This phase may last for a maximum of 12 weeks. The HTC shall assess by close monitoring. 7.2.5. Evaluation: This phase may last for 4 weeks. The outcome of the testing of products/services/technology as per the expected parameters including viability/ acceptability under the NS shall be confirmed by the NDHM. The HTC shall assess the outcome reports on the test and decide on whether the product/service is compliant with various NDHM guidelines. 8. Certification Process 8.1.1. With new global demands for Security and Quality, the need for software product assurance is becoming more important. There are essentially two
approaches that can be followed to ensure product quality, one being assurance of the process by which the product is developed, and the other being the evaluation of the quality of the end-product. Both approaches are important, and both require the presence of a system for managing quality. 8.1.2. NDHM has engaged with Ministry of Electronics and Information Technology, Government of India to verify, validate and certify products/solutions who have onboarded with the NDHM Sandbox and shall be going live with the products, with mandatory integration of NDHM building blocks through APIs. 8.1.3. Standardization Testing and Quality Certification Directorate (STQC) shall be the organization responsible for ensuring the certification of the software/product with NDHM before it is rolled out in the open market. The certification/audit of the product shall be mandatory and shall be undertaken by STQC/empanelled vendors under STQC. 8.1.4. STQC offers testing for IT products and a variety of Software verification and Validation services. They are provided with well-trained manpower, state- of- the-art testing laboratories including software testing tools and office infrastructure. They act as a single point focus to provide third party validation services. 8.1.5. The following process shall be followed: a) The organizations receiving clearance certificate from the HTC at NDHM shall reach out to STQC/empanelled vendor for certification/audit of the solution/product. b) The STQC/empanelled vendor shall complete the audit within reasonable period from the date of receipt of access/credentials. c) Once the audit report is shared by STQC/empanelled vendor, any changes asked for shall be done by the concerned organization and re-submit the solution/product for second level of audit. d) If any functional/policy level issues are highlighted, or issues are highlighted which may have an impact on the components/building blocks of NDHM, STQC shall inform NDHM and it will be taken up by the HTC/product teams at NDHM. e) The process as mentioned in point b and c as mentioned above shall be followed for each iteration of audit, till 5 iterations. f) If a product does not clear the audit in 5 iterations, it will be deemed rejected, and a new application needs to be filed in each such case by the organization. g) The cost of audit shall be borne by the organization. The maximum cost /ceiling shall be pre-defined, jointly finalized by MeitY and NDHM. h) A certification/audit checklist shall be issued by STQC with the exact steps defined for the certifications/audits. The following is a non-exhaustive list of items that shall be checked during the audit:
1. The application/software/product has been placed in protected zones with implementation of firewalls and IDS (Intrusion Detection System) and high availability solutions. 2. Before launch of the application/software/product, simulated penetration tests have been conducted. Penetration testing has also been conducted <x times> after the launch of the application/software/product. 3. The application/software/product has been audited for known application level vulnerabilities before the launch and all the known vulnerability has been addressed. 4. Hardening (as and where needed) of servers has been done before the launch of the application/software/product. 5. Access to web servers hosting the application/software/product is restricted both physically and through the network as far as possible, the servers reside in India, and no data is shared out of India. 6. Logs at <x number> different locations are maintained for authorized physical access of application/software/product servers. 7. Web servers hosting the application/software/product are configured behind IDS, IPS (Intrusion Prevention System) and with system firewalls on them. 8. Encryption is enabled wherever required 9. Secure storage devices are utilized 10. Enablement of automatic wiping of lost or stolen devices 11. Secure Sockets Layer (SSL) in place when using the Internet to ensure secure data transfers 12. Secure email gateways ensuring data is emailed securely 13. All the development work is done on separate development environment and is well tested on staging server before updating it on the production server. 14. After testing properly on the staging server, the applications are uploaded to the production server using SSH and VPN through a single point. 15. The content contributed by/from remote locations is duly authenticated & is not published on the production server directly. Any content contributed to go through the moderation process before final publishing to the production server. 16. All contents/data of the pages are checked for intentional or unintentional malicious content before final upload to web server pages. 17. Audit and Log of all activities involving the operating system, access to the system, and access to applications are maintained and archived. All
rejected accesses and services are logged and listed in exception reports for further scrutiny. 18. Help Desk staff at the HTC monitor the application/software/ product at intervals of <frequency> to check the system to confirm that the application is up and running, that no unauthorized changes have been made, and that no unauthorized links have been established. 19. All newly released system software patches; bug fixes and upgrades are expeditiously and regularly reviewed and installed on the web/application server. 20. On Production servers, Internet browsing, mail and any other desktop applications are disabled. Only server administration related task is performed. 21. Server passwords are changed at the interval of <x number> months and are shared by <y number> persons <a name> and <b name>. 22. <a name> and <b name> have been designated as Administrator for the application/software/product and shall be responsible for implementing certification requirements for each of the servers. The administrator shall also coordinate with the Audit Team for required auditing of the server(s). 23. The application/software/ product has been re-audited for the application level vulnerability after major modification in application development [Not applicable at first launch]. 24. CIA Model: i. Confidentiality: Ensures that information is not accessible to unauthorized people—usually by enabling encryption—which is available in many forms. ii. Integrity: Protects data and systems from being modified by unauthorized people; making sure that data has integrity and was not changed between the time you created it and the time it arrives at its intended party. iii. Availability: Ensures that authorized people can access the information when needed and that all hardware and software is maintained and updated when necessary. 25. Preventive security controls, designed to prevent cyber security incidents 26. Detective security controls, aimed at detecting a cyber security breach attempt (“event”) or successful breach (“incident”) while it is in progress, and alerting cyber security personnel 27. Corrective security controls, used after a cyber security incident to help minimize data loss and damage to the system or network, and restore critical business systems and processes as quickly as possible (“resilience”)
28. Technical controls such as multi-factor user authentication at login (login) and logical access controls, antivirus software, firewalls 29. Compliance controls such as privacy laws and cyber security frameworks and standards. 8.1.6. The Audit for the organizations participating in the sandbox shall be done as per the checklist finalized by NDHM. 9. Statutory and Legal Issues 9.1. Upon approval, the applicant becomes the sandbox entity responsible for operating in the NS. The NDHM will provide the appropriate support by relaxing specific requirements (which the sandbox entity will otherwise be subject to), where necessary, for the duration of the NS. The NDHM shall bear no liability arising from sandbox process and any liability arising from the experiment will be borne by the applicant as a sandbox entity. 9.2. Upon successful experimentation and on exiting the NS, the sandbox entity must fully comply with the relevant requirements. The applicant should clearly understand the objective and principles of the NS. It must be emphasized that the NS is not intended and cannot be used as means to circumvent legal and regulatory requirements. 9.3. At the end of the sandbox period, the sandbox entity must exit the NS, and start utilizing the production services of NDHM ecosystem to be continuing for live implementation. 10. Transparency and Disclosure 10.1.Outreach with stakeholders and clear and adequate information dissemination on the NS is important. The NDHM will communicate the entire sandbox process including its launch, successful applicants selected for NS, entry and exit criteria and products/services found viable and acceptable under the NS through its official website. 10.2.The NDHM shall reserve the right to publish any relevant information about the NS applicants on its website, including for the purpose of knowledge transfer and collaboration with other international agencies, without revealing any proprietary/intellectual property rights related information.

Recommended

Hip hiu policy
Hip hiu policyHip hiu policy
Hip hiu policyManish Nachnani
 
MDDS & NDHB Principles
MDDS & NDHB PrinciplesMDDS & NDHB Principles
MDDS & NDHB PrinciplesACCESS Health Digital
 
Startup bootcamp 3
Startup bootcamp 3Startup bootcamp 3
Startup bootcamp 3ACCESS Health Digital
 
NHS strategy-and-approach-document-for-consultation
NHS strategy-and-approach-document-for-consultationNHS strategy-and-approach-document-for-consultation
NHS strategy-and-approach-document-for-consultationTrinity Care Foundation
 
Health+care 2015 event briefing
Health+care 2015 event briefingHealth+care 2015 event briefing
Health+care 2015 event briefingHSCIC12
 
Meaningful Use of EHRs for the Eligible Professional
Meaningful Use of EHRs for the Eligible ProfessionalMeaningful Use of EHRs for the Eligible Professional
Meaningful Use of EHRs for the Eligible ProfessionalMcKesson Physician Practice
 
Improving Efficiency and Outcomes in Healthcare using Internet of Things
Improving Efficiency and Outcomes in Healthcare using Internet of ThingsImproving Efficiency and Outcomes in Healthcare using Internet of Things
Improving Efficiency and Outcomes in Healthcare using Internet of ThingsCitiusTech
 
hitech act
hitech acthitech act
hitech actpadler01
 

Recommended

Hip hiu policy
Hip hiu policyHip hiu policy
Hip hiu policyManish Nachnani
 
MDDS & NDHB Principles
MDDS & NDHB PrinciplesMDDS & NDHB Principles
MDDS & NDHB PrinciplesACCESS Health Digital
 
Startup bootcamp 3
Startup bootcamp 3Startup bootcamp 3
Startup bootcamp 3ACCESS Health Digital
 
NHS strategy-and-approach-document-for-consultation
NHS strategy-and-approach-document-for-consultationNHS strategy-and-approach-document-for-consultation
NHS strategy-and-approach-document-for-consultationTrinity Care Foundation
 
Health+care 2015 event briefing
Health+care 2015 event briefingHealth+care 2015 event briefing
Health+care 2015 event briefingHSCIC12
 
Meaningful Use of EHRs for the Eligible Professional
Meaningful Use of EHRs for the Eligible ProfessionalMeaningful Use of EHRs for the Eligible Professional
Meaningful Use of EHRs for the Eligible ProfessionalMcKesson Physician Practice
 
Improving Efficiency and Outcomes in Healthcare using Internet of Things
Improving Efficiency and Outcomes in Healthcare using Internet of ThingsImproving Efficiency and Outcomes in Healthcare using Internet of Things
Improving Efficiency and Outcomes in Healthcare using Internet of ThingsCitiusTech
 
hitech act
hitech acthitech act
hitech actpadler01
 
Telehealth Secrets 2019: How to Navigate FDA's Evolving Digital Health Requir...
Telehealth Secrets 2019: How to Navigate FDA's Evolving Digital Health Requir...Telehealth Secrets 2019: How to Navigate FDA's Evolving Digital Health Requir...
Telehealth Secrets 2019: How to Navigate FDA's Evolving Digital Health Requir...VSee
 
Regulation of health apps -A practical guide january 2012
Regulation of health apps -A practical guide january 2012Regulation of health apps -A practical guide january 2012
Regulation of health apps -A practical guide january 2012Sam Walmsley
 
RapidValue White Paper on Regulations and compliance for enterprise mHealth a...
RapidValue White Paper on Regulations and compliance for enterprise mHealth a...RapidValue White Paper on Regulations and compliance for enterprise mHealth a...
RapidValue White Paper on Regulations and compliance for enterprise mHealth a...Nageena Vijayan
 
Wifi for Long Term Care
Wifi for Long Term CareWifi for Long Term Care
Wifi for Long Term CareScott Morrison
 
VN-Enablement is a Learning Healthcare System
VN-Enablement is a Learning Healthcare SystemVN-Enablement is a Learning Healthcare System
VN-Enablement is a Learning Healthcare SystemLarry Sitka
 
E objects implementation
E objects implementationE objects implementation
E objects implementationACCESS Health Digital
 
Health delivery information system [HDIS] MVP
Health delivery information system [HDIS] MVPHealth delivery information system [HDIS] MVP
Health delivery information system [HDIS] MVPACCESS Health Digital
 
Road Map for Telemedicine
Road Map for TelemedicineRoad Map for Telemedicine
Road Map for TelemedicineProf. Rajendra Pratap Gupta
 
Real-time Clinical Communication and Care Coordination
Real-time Clinical Communication and Care CoordinationReal-time Clinical Communication and Care Coordination
Real-time Clinical Communication and Care CoordinationiCareQuality.us
 
DoctorsHello Medical Ecosystem
DoctorsHello Medical Ecosystem DoctorsHello Medical Ecosystem
DoctorsHello Medical Ecosystem Doctors Hello
 
Challenges of Deploying Unified Communications and Integrated Collaborations ...
Challenges of Deploying Unified Communications and Integrated Collaborations ...Challenges of Deploying Unified Communications and Integrated Collaborations ...
Challenges of Deploying Unified Communications and Integrated Collaborations ...idescitation
 
Healthcare in Digital Age
Healthcare in Digital Age Healthcare in Digital Age
Healthcare in Digital Age ict moph
 
Patient relationship management on the cloud
Patient relationship management on the cloudPatient relationship management on the cloud
Patient relationship management on the cloudComidor
 
2016 IBM Interconnect - medical devices transformation
2016 IBM Interconnect - medical devices transformation2016 IBM Interconnect - medical devices transformation
2016 IBM Interconnect - medical devices transformationElizabeth Koumpan
 
ls-thought-leadership
ls-thought-leadershipls-thought-leadership
ls-thought-leadershipKaren Iris Tucker
 
Fico unleashes new analytics for fighting america's $700+ billion healthcare ...
Fico unleashes new analytics for fighting america's $700+ billion healthcare ...Fico unleashes new analytics for fighting america's $700+ billion healthcare ...
Fico unleashes new analytics for fighting america's $700+ billion healthcare ...aldrencarlo
 
Growth of Healthcare Industry Kindled by Cloud Solutions
Growth of Healthcare Industry Kindled by Cloud SolutionsGrowth of Healthcare Industry Kindled by Cloud Solutions
Growth of Healthcare Industry Kindled by Cloud SolutionsKaty Slemon
 
Understanding Meaningful Use - 26Feb2010
Understanding Meaningful Use - 26Feb2010Understanding Meaningful Use - 26Feb2010
Understanding Meaningful Use - 26Feb2010Shelton Koskie
 
Ayushman Bharat Digital Mission
Ayushman Bharat Digital MissionAyushman Bharat Digital Mission
Ayushman Bharat Digital MissionVinothini Jayaraj
 
IEEE DEST CEE 2013 - Paper 4 (1) (1)
IEEE DEST CEE 2013 - Paper 4 (1) (1)IEEE DEST CEE 2013 - Paper 4 (1) (1)
IEEE DEST CEE 2013 - Paper 4 (1) (1)Hans A. Kielland Aanesen
 
IEEE DEST 2013 tGov paper eHealth - The Future Service Model for Home & Co...
IEEE DEST 2013 tGov paper eHealth - The Future Service Model for Home & Co...IEEE DEST 2013 tGov paper eHealth - The Future Service Model for Home & Co...
IEEE DEST 2013 tGov paper eHealth - The Future Service Model for Home & Co...Hans A. Kielland Aanesen
 
Professor George Crooks - ECO 19: Care closer to home
Professor George Crooks - ECO 19: Care closer to homeProfessor George Crooks - ECO 19: Care closer to home
Professor George Crooks - ECO 19: Care closer to homeInnovation Agency
 

More Related Content

What's hot

Telehealth Secrets 2019: How to Navigate FDA's Evolving Digital Health Requir...
Telehealth Secrets 2019: How to Navigate FDA's Evolving Digital Health Requir...Telehealth Secrets 2019: How to Navigate FDA's Evolving Digital Health Requir...
Telehealth Secrets 2019: How to Navigate FDA's Evolving Digital Health Requir...VSee
 
Regulation of health apps -A practical guide january 2012
Regulation of health apps -A practical guide january 2012Regulation of health apps -A practical guide january 2012
Regulation of health apps -A practical guide january 2012Sam Walmsley
 
RapidValue White Paper on Regulations and compliance for enterprise mHealth a...
RapidValue White Paper on Regulations and compliance for enterprise mHealth a...RapidValue White Paper on Regulations and compliance for enterprise mHealth a...
RapidValue White Paper on Regulations and compliance for enterprise mHealth a...Nageena Vijayan
 
Wifi for Long Term Care
Wifi for Long Term CareWifi for Long Term Care
Wifi for Long Term CareScott Morrison
 
VN-Enablement is a Learning Healthcare System
VN-Enablement is a Learning Healthcare SystemVN-Enablement is a Learning Healthcare System
VN-Enablement is a Learning Healthcare SystemLarry Sitka
 
Health delivery information system [HDIS] MVP
Health delivery information system [HDIS] MVPHealth delivery information system [HDIS] MVP
Health delivery information system [HDIS] MVPACCESS Health Digital
 
Real-time Clinical Communication and Care Coordination
Real-time Clinical Communication and Care CoordinationReal-time Clinical Communication and Care Coordination
Real-time Clinical Communication and Care CoordinationiCareQuality.us
 
DoctorsHello Medical Ecosystem
DoctorsHello Medical Ecosystem DoctorsHello Medical Ecosystem
DoctorsHello Medical Ecosystem Doctors Hello
 
Challenges of Deploying Unified Communications and Integrated Collaborations ...
Challenges of Deploying Unified Communications and Integrated Collaborations ...Challenges of Deploying Unified Communications and Integrated Collaborations ...
Challenges of Deploying Unified Communications and Integrated Collaborations ...idescitation
 
Healthcare in Digital Age
Healthcare in Digital Age Healthcare in Digital Age
Healthcare in Digital Age ict moph
 
Patient relationship management on the cloud
Patient relationship management on the cloudPatient relationship management on the cloud
Patient relationship management on the cloudComidor
 
2016 IBM Interconnect - medical devices transformation
2016 IBM Interconnect - medical devices transformation2016 IBM Interconnect - medical devices transformation
2016 IBM Interconnect - medical devices transformationElizabeth Koumpan
 
Fico unleashes new analytics for fighting america's $700+ billion healthcare ...
Fico unleashes new analytics for fighting america's $700+ billion healthcare ...Fico unleashes new analytics for fighting america's $700+ billion healthcare ...
Fico unleashes new analytics for fighting america's $700+ billion healthcare ...aldrencarlo
 
Growth of Healthcare Industry Kindled by Cloud Solutions
Growth of Healthcare Industry Kindled by Cloud SolutionsGrowth of Healthcare Industry Kindled by Cloud Solutions
Growth of Healthcare Industry Kindled by Cloud SolutionsKaty Slemon
 
Understanding Meaningful Use - 26Feb2010
Understanding Meaningful Use - 26Feb2010Understanding Meaningful Use - 26Feb2010
Understanding Meaningful Use - 26Feb2010Shelton Koskie
 

What's hot (18)

Telehealth Secrets 2019: How to Navigate FDA's Evolving Digital Health Requir...
Telehealth Secrets 2019: How to Navigate FDA's Evolving Digital Health Requir...Telehealth Secrets 2019: How to Navigate FDA's Evolving Digital Health Requir...
Telehealth Secrets 2019: How to Navigate FDA's Evolving Digital Health Requir...
 
Regulation of health apps -A practical guide january 2012
Regulation of health apps -A practical guide january 2012Regulation of health apps -A practical guide january 2012
Regulation of health apps -A practical guide january 2012
 
RapidValue White Paper on Regulations and compliance for enterprise mHealth a...
RapidValue White Paper on Regulations and compliance for enterprise mHealth a...RapidValue White Paper on Regulations and compliance for enterprise mHealth a...
RapidValue White Paper on Regulations and compliance for enterprise mHealth a...
 
Wifi for Long Term Care
Wifi for Long Term CareWifi for Long Term Care
Wifi for Long Term Care
 
VN-Enablement is a Learning Healthcare System
VN-Enablement is a Learning Healthcare SystemVN-Enablement is a Learning Healthcare System
VN-Enablement is a Learning Healthcare System
 
E objects implementation
E objects implementationE objects implementation
E objects implementation
 
Health delivery information system [HDIS] MVP
Health delivery information system [HDIS] MVPHealth delivery information system [HDIS] MVP
Health delivery information system [HDIS] MVP
 
Road Map for Telemedicine
Road Map for TelemedicineRoad Map for Telemedicine
Road Map for Telemedicine
 
Real-time Clinical Communication and Care Coordination
Real-time Clinical Communication and Care CoordinationReal-time Clinical Communication and Care Coordination
Real-time Clinical Communication and Care Coordination
 
DoctorsHello Medical Ecosystem
DoctorsHello Medical Ecosystem DoctorsHello Medical Ecosystem
DoctorsHello Medical Ecosystem
 
Challenges of Deploying Unified Communications and Integrated Collaborations ...
Challenges of Deploying Unified Communications and Integrated Collaborations ...Challenges of Deploying Unified Communications and Integrated Collaborations ...
Challenges of Deploying Unified Communications and Integrated Collaborations ...
 
Healthcare in Digital Age
Healthcare in Digital Age Healthcare in Digital Age
Healthcare in Digital Age
 
Patient relationship management on the cloud
Patient relationship management on the cloudPatient relationship management on the cloud
Patient relationship management on the cloud
 
2016 IBM Interconnect - medical devices transformation
2016 IBM Interconnect - medical devices transformation2016 IBM Interconnect - medical devices transformation
2016 IBM Interconnect - medical devices transformation
 
ls-thought-leadership
ls-thought-leadershipls-thought-leadership
ls-thought-leadership
 
Fico unleashes new analytics for fighting america's $700+ billion healthcare ...
Fico unleashes new analytics for fighting america's $700+ billion healthcare ...Fico unleashes new analytics for fighting america's $700+ billion healthcare ...
Fico unleashes new analytics for fighting america's $700+ billion healthcare ...
 
Growth of Healthcare Industry Kindled by Cloud Solutions
Growth of Healthcare Industry Kindled by Cloud SolutionsGrowth of Healthcare Industry Kindled by Cloud Solutions
Growth of Healthcare Industry Kindled by Cloud Solutions
 
Understanding Meaningful Use - 26Feb2010
Understanding Meaningful Use - 26Feb2010Understanding Meaningful Use - 26Feb2010
Understanding Meaningful Use - 26Feb2010
 

Similar to Sandbox guidelines v6

Ayushman Bharat Digital Mission
Ayushman Bharat Digital MissionAyushman Bharat Digital Mission
Ayushman Bharat Digital MissionVinothini Jayaraj
 
IEEE DEST 2013 tGov paper eHealth - The Future Service Model for Home & Co...
IEEE DEST 2013 tGov paper eHealth - The Future Service Model for Home & Co...IEEE DEST 2013 tGov paper eHealth - The Future Service Model for Home & Co...
IEEE DEST 2013 tGov paper eHealth - The Future Service Model for Home & Co...Hans A. Kielland Aanesen
 
Professor George Crooks - ECO 19: Care closer to home
Professor George Crooks - ECO 19: Care closer to homeProfessor George Crooks - ECO 19: Care closer to home
Professor George Crooks - ECO 19: Care closer to homeInnovation Agency
 
Ndhm presentation-for-stakeholder-consultation-hospitals-diagnostic-centres-i...
Ndhm presentation-for-stakeholder-consultation-hospitals-diagnostic-centres-i...Ndhm presentation-for-stakeholder-consultation-hospitals-diagnostic-centres-i...
Ndhm presentation-for-stakeholder-consultation-hospitals-diagnostic-centres-i...Manish Nachnani
 
How Can a Healthcare Software Development Company Change the Healthcare Industry
How Can a Healthcare Software Development Company Change the Healthcare IndustryHow Can a Healthcare Software Development Company Change the Healthcare Industry
How Can a Healthcare Software Development Company Change the Healthcare IndustryDashTechnologiesInc
 
Andrew fenton ehi 31.10 Population Health Management & Target Architecture
Andrew fenton ehi 31.10 Population Health Management & Target ArchitectureAndrew fenton ehi 31.10 Population Health Management & Target Architecture
Andrew fenton ehi 31.10 Population Health Management & Target ArchitectureAndrew Fenton
 
Unit VI Case StudyAnimal use in toxicity testing has long been .docx
Unit VI Case StudyAnimal use in toxicity testing has long been .docxUnit VI Case StudyAnimal use in toxicity testing has long been .docx
Unit VI Case StudyAnimal use in toxicity testing has long been .docxdickonsondorris
 
Make sure it is in APA 7 format and at least 3-4 paragraphs and refe.docx
Make sure it is in APA 7 format and at least 3-4 paragraphs and refe.docxMake sure it is in APA 7 format and at least 3-4 paragraphs and refe.docx
Make sure it is in APA 7 format and at least 3-4 paragraphs and refe.docxendawalling
 
Empowering Wellness_ The Ultimate Guide to Healthcare Software Development!.pdf
Empowering Wellness_ The Ultimate Guide to Healthcare Software Development!.pdfEmpowering Wellness_ The Ultimate Guide to Healthcare Software Development!.pdf
Empowering Wellness_ The Ultimate Guide to Healthcare Software Development!.pdfKathy Miller
 
Healthcare Maneuverability: Equipping the mobile clinician of future
Healthcare Maneuverability: Equipping the mobile clinician of futureHealthcare Maneuverability: Equipping the mobile clinician of future
Healthcare Maneuverability: Equipping the mobile clinician of futureVARUN KESAVAN
 
Questions On The Healthcare System
Questions On The Healthcare SystemQuestions On The Healthcare System
Questions On The Healthcare SystemAmanda Gray
 
Health 2.0 Conference Report
Health 2.0 Conference ReportHealth 2.0 Conference Report
Health 2.0 Conference ReportKristin Milburn
 
Building blockchain based Healthcare infrastructure with beyond block labs
Building blockchain based Healthcare infrastructure with beyond block labsBuilding blockchain based Healthcare infrastructure with beyond block labs
Building blockchain based Healthcare infrastructure with beyond block labsBeyond Block Labs
 
Healthcare Information Technology Trends.docx
Healthcare Information Technology Trends.docxHealthcare Information Technology Trends.docx
Healthcare Information Technology Trends.docxwrite4
 
My Health Records Be Helpful To Patients.pdf
My Health Records Be Helpful To Patients.pdfMy Health Records Be Helpful To Patients.pdf
My Health Records Be Helpful To Patients.pdfssuserbed838
 

Similar to Sandbox guidelines v6 (20)

Ayushman Bharat Digital Mission
Ayushman Bharat Digital MissionAyushman Bharat Digital Mission
Ayushman Bharat Digital Mission
 
IEEE DEST CEE 2013 - Paper 4 (1) (1)
IEEE DEST CEE 2013 - Paper 4 (1) (1)IEEE DEST CEE 2013 - Paper 4 (1) (1)
IEEE DEST CEE 2013 - Paper 4 (1) (1)
 
IEEE DEST 2013 tGov paper eHealth - The Future Service Model for Home & Co...
IEEE DEST 2013 tGov paper eHealth - The Future Service Model for Home & Co...IEEE DEST 2013 tGov paper eHealth - The Future Service Model for Home & Co...
IEEE DEST 2013 tGov paper eHealth - The Future Service Model for Home & Co...
 
Professor George Crooks - ECO 19: Care closer to home
Professor George Crooks - ECO 19: Care closer to homeProfessor George Crooks - ECO 19: Care closer to home
Professor George Crooks - ECO 19: Care closer to home
 
Ndhm presentation-for-stakeholder-consultation-hospitals-diagnostic-centres-i...
Ndhm presentation-for-stakeholder-consultation-hospitals-diagnostic-centres-i...Ndhm presentation-for-stakeholder-consultation-hospitals-diagnostic-centres-i...
Ndhm presentation-for-stakeholder-consultation-hospitals-diagnostic-centres-i...
 
How Can a Healthcare Software Development Company Change the Healthcare Industry
How Can a Healthcare Software Development Company Change the Healthcare IndustryHow Can a Healthcare Software Development Company Change the Healthcare Industry
How Can a Healthcare Software Development Company Change the Healthcare Industry
 
Andrew fenton ehi 31.10 Population Health Management & Target Architecture
Andrew fenton ehi 31.10 Population Health Management & Target ArchitectureAndrew fenton ehi 31.10 Population Health Management & Target Architecture
Andrew fenton ehi 31.10 Population Health Management & Target Architecture
 
Mikhaela ripa
Mikhaela ripaMikhaela ripa
Mikhaela ripa
 
Startup bootcamp 2
Startup bootcamp 2Startup bootcamp 2
Startup bootcamp 2
 
Unit VI Case StudyAnimal use in toxicity testing has long been .docx
Unit VI Case StudyAnimal use in toxicity testing has long been .docxUnit VI Case StudyAnimal use in toxicity testing has long been .docx
Unit VI Case StudyAnimal use in toxicity testing has long been .docx
 
Make sure it is in APA 7 format and at least 3-4 paragraphs and refe.docx
Make sure it is in APA 7 format and at least 3-4 paragraphs and refe.docxMake sure it is in APA 7 format and at least 3-4 paragraphs and refe.docx
Make sure it is in APA 7 format and at least 3-4 paragraphs and refe.docx
 
Empowering Wellness_ The Ultimate Guide to Healthcare Software Development!.pdf
Empowering Wellness_ The Ultimate Guide to Healthcare Software Development!.pdfEmpowering Wellness_ The Ultimate Guide to Healthcare Software Development!.pdf
Empowering Wellness_ The Ultimate Guide to Healthcare Software Development!.pdf
 
DHANA FINAL(1)
DHANA FINAL(1)DHANA FINAL(1)
DHANA FINAL(1)
 
Healthcare Maneuverability: Equipping the mobile clinician of future
Healthcare Maneuverability: Equipping the mobile clinician of futureHealthcare Maneuverability: Equipping the mobile clinician of future
Healthcare Maneuverability: Equipping the mobile clinician of future
 
Questions On The Healthcare System
Questions On The Healthcare SystemQuestions On The Healthcare System
Questions On The Healthcare System
 
Ndhm strategy overview
Ndhm strategy overviewNdhm strategy overview
Ndhm strategy overview
 
Health 2.0 Conference Report
Health 2.0 Conference ReportHealth 2.0 Conference Report
Health 2.0 Conference Report
 
Building blockchain based Healthcare infrastructure with beyond block labs
Building blockchain based Healthcare infrastructure with beyond block labsBuilding blockchain based Healthcare infrastructure with beyond block labs
Building blockchain based Healthcare infrastructure with beyond block labs
 
Healthcare Information Technology Trends.docx
Healthcare Information Technology Trends.docxHealthcare Information Technology Trends.docx
Healthcare Information Technology Trends.docx
 
My Health Records Be Helpful To Patients.pdf
My Health Records Be Helpful To Patients.pdfMy Health Records Be Helpful To Patients.pdf
My Health Records Be Helpful To Patients.pdf
 

More from Manish Nachnani

National digital health_blueprint_report_comments_invited
National digital health_blueprint_report_comments_invitedNational digital health_blueprint_report_comments_invited
National digital health_blueprint_report_comments_invitedManish Nachnani
 
Mordern Medicare - CNBC TV18 on Healthcare and Social Media
Mordern Medicare - CNBC TV18 on Healthcare and Social MediaMordern Medicare - CNBC TV18 on Healthcare and Social Media
Mordern Medicare - CNBC TV18 on Healthcare and Social MediaManish Nachnani
 
Gamification - The future for Healthcare & Wellness Management
Gamification - The future for Healthcare & Wellness ManagementGamification - The future for Healthcare & Wellness Management
Gamification - The future for Healthcare & Wellness ManagementManish Nachnani
 
Print social media- health it - behavioural finance
Print social media- health it - behavioural financePrint social media- health it - behavioural finance
Print social media- health it - behavioural financeManish Nachnani
 
Impact of social media on india healthcare
Impact of social media on india healthcareImpact of social media on india healthcare
Impact of social media on india healthcareManish Nachnani
 

More from Manish Nachnani (8)

National digital health_blueprint_report_comments_invited
National digital health_blueprint_report_comments_invitedNational digital health_blueprint_report_comments_invited
National digital health_blueprint_report_comments_invited
 
Ndhb
NdhbNdhb
Ndhb
 
Mordern Medicare - CNBC TV18 on Healthcare and Social Media
Mordern Medicare - CNBC TV18 on Healthcare and Social MediaMordern Medicare - CNBC TV18 on Healthcare and Social Media
Mordern Medicare - CNBC TV18 on Healthcare and Social Media
 
Med e-tel
Med e-telMed e-tel
Med e-tel
 
Magik pill box
Magik pill boxMagik pill box
Magik pill box
 
Gamification - The future for Healthcare & Wellness Management
Gamification - The future for Healthcare & Wellness ManagementGamification - The future for Healthcare & Wellness Management
Gamification - The future for Healthcare & Wellness Management
 
Print social media- health it - behavioural finance
Print social media- health it - behavioural financePrint social media- health it - behavioural finance
Print social media- health it - behavioural finance
 
Impact of social media on india healthcare
Impact of social media on india healthcareImpact of social media on india healthcare
Impact of social media on india healthcare
 

Recently uploaded

indian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana Tulsi
indian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana Tulsiindian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana Tulsi
indian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana TulsiHigh Profile Call Girls Chandigarh Aarushi
 
Local Housewife and effective ☎️ 8250192130 🍉🍓 Sexy Girls VIP Call Girls Chan...
Local Housewife and effective ☎️ 8250192130 🍉🍓 Sexy Girls VIP Call Girls Chan...Local Housewife and effective ☎️ 8250192130 🍉🍓 Sexy Girls VIP Call Girls Chan...
Local Housewife and effective ☎️ 8250192130 🍉🍓 Sexy Girls VIP Call Girls Chan...Russian Call Girls Amritsar
 
Call Girl Gurgaon Saloni 9711199012 Independent Escort Service Gurgaon
Call Girl Gurgaon Saloni 9711199012 Independent Escort Service GurgaonCall Girl Gurgaon Saloni 9711199012 Independent Escort Service Gurgaon
Call Girl Gurgaon Saloni 9711199012 Independent Escort Service GurgaonCall Girls Service Gurgaon
 
Russian Escorts Delhi | 9711199171 | all area service available
Russian Escorts Delhi | 9711199171 | all area service availableRussian Escorts Delhi | 9711199171 | all area service available
Russian Escorts Delhi | 9711199171 | all area service availablesandeepkumar69420
 
Basics of Anatomy- Language of Anatomy.pptx
Basics of Anatomy- Language of Anatomy.pptxBasics of Anatomy- Language of Anatomy.pptx
Basics of Anatomy- Language of Anatomy.pptxAyush Gupta
 
Call Girls Kukatpally 7001305949 all area service COD available Any Time
Call Girls Kukatpally 7001305949 all area service COD available Any TimeCall Girls Kukatpally 7001305949 all area service COD available Any Time
Call Girls Kukatpally 7001305949 all area service COD available Any Timedelhimodelshub1
 
Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...
Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...
Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...Call Girls Noida
 
Call Girls Madhapur 7001305949 all area service COD available Any Time
Call Girls Madhapur 7001305949 all area service COD available Any TimeCall Girls Madhapur 7001305949 all area service COD available Any Time
Call Girls Madhapur 7001305949 all area service COD available Any Timedelhimodelshub1
 
VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012
VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012
VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012Call Girls Service Gurgaon
 
Call Girls Secunderabad 7001305949 all area service COD available Any Time
Call Girls Secunderabad 7001305949 all area service COD available Any TimeCall Girls Secunderabad 7001305949 all area service COD available Any Time
Call Girls Secunderabad 7001305949 all area service COD available Any Timedelhimodelshub1
 
No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...
No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...
No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...Vip call girls In Chandigarh
 
hyderabad call girl.pdfRussian Call Girls in Hyderabad Amrita 9907093804 Inde...
hyderabad call girl.pdfRussian Call Girls in Hyderabad Amrita 9907093804 Inde...hyderabad call girl.pdfRussian Call Girls in Hyderabad Amrita 9907093804 Inde...
hyderabad call girl.pdfRussian Call Girls in Hyderabad Amrita 9907093804 Inde...delhimodelshub1
 
pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...
pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...
pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...Call Girls Noida
 
Call Girls Hyderabad Krisha 9907093804 Independent Escort Service Hyderabad
Call Girls Hyderabad Krisha 9907093804 Independent Escort Service HyderabadCall Girls Hyderabad Krisha 9907093804 Independent Escort Service Hyderabad
Call Girls Hyderabad Krisha 9907093804 Independent Escort Service Hyderabaddelhimodelshub1
 
Leading transformational change: inner and outer skills
Leading transformational change: inner and outer skillsLeading transformational change: inner and outer skills
Leading transformational change: inner and outer skillsHelenBevan4
 
Dehradun Call Girls Service ❤️🍑 9675010100 👄🫦Independent Escort Service Dehradun
Dehradun Call Girls Service ❤️🍑 9675010100 👄🫦Independent Escort Service DehradunDehradun Call Girls Service ❤️🍑 9675010100 👄🫦Independent Escort Service Dehradun
Dehradun Call Girls Service ❤️🍑 9675010100 👄🫦Independent Escort Service DehradunNiamh verma
 
Call Girls Hyderabad Kirti 9907093804 Independent Escort Service Hyderabad
Call Girls Hyderabad Kirti 9907093804 Independent Escort Service HyderabadCall Girls Hyderabad Kirti 9907093804 Independent Escort Service Hyderabad
Call Girls Hyderabad Kirti 9907093804 Independent Escort Service Hyderabaddelhimodelshub1
 

Recently uploaded (20)

indian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana Tulsi
indian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana Tulsiindian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana Tulsi
indian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana Tulsi
 
Local Housewife and effective ☎️ 8250192130 🍉🍓 Sexy Girls VIP Call Girls Chan...
Local Housewife and effective ☎️ 8250192130 🍉🍓 Sexy Girls VIP Call Girls Chan...Local Housewife and effective ☎️ 8250192130 🍉🍓 Sexy Girls VIP Call Girls Chan...
Local Housewife and effective ☎️ 8250192130 🍉🍓 Sexy Girls VIP Call Girls Chan...
 
Call Girl Gurgaon Saloni 9711199012 Independent Escort Service Gurgaon
Call Girl Gurgaon Saloni 9711199012 Independent Escort Service GurgaonCall Girl Gurgaon Saloni 9711199012 Independent Escort Service Gurgaon
Call Girl Gurgaon Saloni 9711199012 Independent Escort Service Gurgaon
 
Russian Escorts Delhi | 9711199171 | all area service available
Russian Escorts Delhi | 9711199171 | all area service availableRussian Escorts Delhi | 9711199171 | all area service available
Russian Escorts Delhi | 9711199171 | all area service available
 
Russian Call Girls South Delhi 9711199171 discount on your booking
Russian Call Girls South Delhi 9711199171 discount on your bookingRussian Call Girls South Delhi 9711199171 discount on your booking
Russian Call Girls South Delhi 9711199171 discount on your booking
 
Call Girl Guwahati Aashi 👉 7001305949 👈 🔝 Independent Escort Service Guwahati
Call Girl Guwahati Aashi 👉 7001305949 👈 🔝 Independent Escort Service GuwahatiCall Girl Guwahati Aashi 👉 7001305949 👈 🔝 Independent Escort Service Guwahati
Call Girl Guwahati Aashi 👉 7001305949 👈 🔝 Independent Escort Service Guwahati
 
Basics of Anatomy- Language of Anatomy.pptx
Basics of Anatomy- Language of Anatomy.pptxBasics of Anatomy- Language of Anatomy.pptx
Basics of Anatomy- Language of Anatomy.pptx
 
Call Girls Kukatpally 7001305949 all area service COD available Any Time
Call Girls Kukatpally 7001305949 all area service COD available Any TimeCall Girls Kukatpally 7001305949 all area service COD available Any Time
Call Girls Kukatpally 7001305949 all area service COD available Any Time
 
Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...
Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...
Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...
 
Call Girls Madhapur 7001305949 all area service COD available Any Time
Call Girls Madhapur 7001305949 all area service COD available Any TimeCall Girls Madhapur 7001305949 all area service COD available Any Time
Call Girls Madhapur 7001305949 all area service COD available Any Time
 
VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012
VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012
VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012
 
Call Girls Secunderabad 7001305949 all area service COD available Any Time
Call Girls Secunderabad 7001305949 all area service COD available Any TimeCall Girls Secunderabad 7001305949 all area service COD available Any Time
Call Girls Secunderabad 7001305949 all area service COD available Any Time
 
No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...
No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...
No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...
 
hyderabad call girl.pdfRussian Call Girls in Hyderabad Amrita 9907093804 Inde...
hyderabad call girl.pdfRussian Call Girls in Hyderabad Amrita 9907093804 Inde...hyderabad call girl.pdfRussian Call Girls in Hyderabad Amrita 9907093804 Inde...
hyderabad call girl.pdfRussian Call Girls in Hyderabad Amrita 9907093804 Inde...
 
pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...
pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...
pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...
 
Call Girls Hyderabad Krisha 9907093804 Independent Escort Service Hyderabad
Call Girls Hyderabad Krisha 9907093804 Independent Escort Service HyderabadCall Girls Hyderabad Krisha 9907093804 Independent Escort Service Hyderabad
Call Girls Hyderabad Krisha 9907093804 Independent Escort Service Hyderabad
 
Leading transformational change: inner and outer skills
Leading transformational change: inner and outer skillsLeading transformational change: inner and outer skills
Leading transformational change: inner and outer skills
 
Dehradun Call Girls Service ❤️🍑 9675010100 👄🫦Independent Escort Service Dehradun
Dehradun Call Girls Service ❤️🍑 9675010100 👄🫦Independent Escort Service DehradunDehradun Call Girls Service ❤️🍑 9675010100 👄🫦Independent Escort Service Dehradun
Dehradun Call Girls Service ❤️🍑 9675010100 👄🫦Independent Escort Service Dehradun
 
Call Girl Dehradun Aashi 🔝 7001305949 🔝 💃 Independent Escort Service Dehradun
Call Girl Dehradun Aashi 🔝 7001305949 🔝 💃 Independent Escort Service DehradunCall Girl Dehradun Aashi 🔝 7001305949 🔝 💃 Independent Escort Service Dehradun
Call Girl Dehradun Aashi 🔝 7001305949 🔝 💃 Independent Escort Service Dehradun
 
Call Girls Hyderabad Kirti 9907093804 Independent Escort Service Hyderabad
Call Girls Hyderabad Kirti 9907093804 Independent Escort Service HyderabadCall Girls Hyderabad Kirti 9907093804 Independent Escort Service Hyderabad
Call Girls Hyderabad Kirti 9907093804 Independent Escort Service Hyderabad
 

Sandbox guidelines v6

  • 2. GLOSSARY CDS Clinical Decision Support CIA Confidentiality, Integrity, Availability EMR Electronic Medical Record HIP Health Information Provider HIU Health Information User HTC Health Tech Committee IDS Intrusion Detection System IPS Intrusion Prevention System IT Information Technology KYC Know Your Customer LLP Limited Liability Partnership NDHE National Digital Health Ecosystem NDHM National Digital Health Mission NHA National Health Authority NS National Digital Health Mission Sandbox PDP Personal Data Protection PHR Personal Health Record SSH Secure Shell SSL Secure Socket Layer STQC Standardization Testing and Quality Certification VPN Virtual Private Network
  • 3. Leverage the components using open standards and open APIs to expand your products; give choice to individuals on their choice of healthcare, promoting inclusivity 03 Build products and components integrating with Building Blocks of National Digital Health Mission 02 Be a part of the journey to create National Digital Health Ecosystem 01 How does the sandbox work? Subject to these guidelines and other guidelines and rules of Government of India, the sandbox access is open to all upon request. If your request is approved, you will get an access to the sandbox to build or/and expand your products in the healthcare / health tech industry. This is your chance to partner with NDHM, by enabling and empowering the products with the core building blocks of the Mission. For Government sector as well, APIs and platforms shall be available for integration with NDHM ecosystem. Why should you partner? The National Digital Health Mission is creating the core building blocks of healthcare. These building blocks include: Health ID - a health identifier to every individual DigiDoctor - a unique identifier to every doctor of every stream of medicine in the country and have his/her qualification/ occupation/ certification updated Health Facility Registry - enabling all health facilities like hospitals, clinics, labs, pharmacies to have a unique identifier and have standardized single point of updated information PHR system - that gives a choice to every individual to have their personal health records under their control. Thus, NDHM is creating building blocks enabling a highly efficient and effective healthcare experience and promoting inclusivity – taking healthcare to every corner of the country. The Sandbox allows you to utilize the services and build products that shall contribute to the betterment of healthcare in the country. It paves the way for an institution/system to become a Health Information Provider or a Health Information User utilizing the NDHM technologies. Where to go to apply and be a part of NDHM Sandbox? Apply online. Go to https://ndhm.gov.in for more details. NDHM Sandbox is a framework that will allow technologies or products to be tested in the contained environment in compliance with NDHM standards and judge the consumer and market reactions to the same. This will help organizations intending to be a part of the National Digital Health Ecosystem to become a Health Information Provider or Health Information User or efficiently link with building blocks of NDHM. Because there are boundary conditions – the risk is minimized and the emphasis is on feedback, learning and compliance to defined standards required to become a part of NDHM. This will provide an opportunity to “identify, understand, adapt, and respond to these disruptive new products and services” in a timely and appropriate fashion. The environment will allow for both alpha as well as beta testing of the products, and accesses to NDHM ecosystem shall be primarily through the sandbox. NDHM Sandbox
  • 4. 1. Background 1.1. The Ministry of Health and Family Welfare has conceived the idea of the National Digital Health Mission (NDHM). This visionary initiative of the Government of India, stemming from the National Health Policy, 2017 intends to digitize healthcare in India. This would be done by creating digital health records and creating and maintaining registries for healthcare professionals and health facilities, to ensure a smooth, interoperable framework for the multiple stakeholders in the healthcare ecosystem in India. 1.2. The National Digital Health Blueprint, 2019 recommends that a federated architecture be adopted, instead of a centralized architecture for the management of health data to ensure interoperability, technological flexibility, and independence across the National Digital Health Ecosystem (NDHE). The data collected across NDHE will be stored at three levels, i.e. at a Central level, at a State or Union Territory level and lastly, at the health facility level, adopting the principle of minimality at each level. The federated structure necessitates the development of a framework that can be utilized throughout the NDHE by public as well as private players to safeguard the privacy of individuals and confidentiality of health data that has been collected from individuals in India. This would be essential to build a trust quotient across the NDHE as well as to ensure that the personal and health data of all individuals in India is adequately protected, across the set of applications, platforms and systems that are a part of the ecosystem. 1.3. It will act as a guidance document across the NDHE and will set out the compliance, technical integrations, testing, scalability and minimum standard for data privacy protection that should be followed across the board in order to ensure compliance with relevant and applicable technological and healthcare standards, laws, rules and regulations. 1.4. The NDHM Sandbox usage is not to be interpreted or construed as giving any entity or individual rights which are greater than those that such entity or individual would be entitled to under applicable laws. NDHM will investigate and report on the granular aspects of health tech and its implications to review the framework and respond to the dynamics of the rapidly evolving health tech scenario. The Mission is introducing an appropriate framework for a NDHM Sandbox (NS) within a well-defined space and duration where the health sector will come onboard to increase efficiency, manage risks, and create new opportunities for consumers. 1.5. Accordingly, a structure highlighting the clear principles and role of the proposed NS including the reasons for setting up the NS and the expectations of the NDHM, are detailed hereunder. 2. The NDHM Sandbox: Principles and Objectives 2.1. The NDHM Sandbox: NS for NDHM refers to live testing of the core building blocks and components of the Mission, and integrating them with new products or services in a controlled environment for which the NDHM shall provide access limited purpose of the testing. The NS will allow the Mission, the innovators, the healthcare service providers (as potential deployers of the technology) and the customers (as final users) to conduct
  • 5. alpha/beta/field tests of products integrated with NDHM building blocks and new healthcare/health tech innovations, while carefully monitoring and containing their risks. It can provide a structured avenue for the Mission to engage with partners and to develop innovation-enabling or innovation-responsive delivery of relevant health tech products. The NS is an important tool which will enable more dynamic, evidence-based systems which learn from, and evolve with, emerging technologies. 2.2. Objectives: The objective of the NS is to foster integration of current systems and IT platforms in healthcare to be integrated with NDHM building blocks, and also enable responsible innovation in health tech services, promote efficiency and bring benefit to consumers. The NS is, at its core, a formal programme for market participants to come forward to partner and integrate their current and new products, , services, or business models with customers in a near-live environment, subject to certain safeguards and oversight. The proposed health tech service to be launched under the NS should include the building blocks of NDHM mandatorily with new or emerging technology or use of existing technology in an innovative way and bring benefits to consumers. 3. NDHM Sandbox: Benefits The setting up of an NS can bring several benefits, some of which are significant and are delineated below: 3.1. First and foremost, the NS fosters ‘learning by doing’ on all sides. The Mission will obtain first-hand empirical evidence on the benefits and risks of emerging technologies and their implications, enabling to take a considered view on supporting useful innovation, while containing the attendant risks. Incumbent healthcare / health tech service providers, including public health programs at centre and States, software providers, hospitals, labs, healthcare aggregators, and health tech companies and so on , also improve their understanding of how new healthcare / health tech technologies along
  • 6. with NDHM building blocks might work, which helps them to appropriately integrate such new technologies with their implementation / business plans. 3.2. Second, users of an NS can test the product’s viability without the need for a larger and more expensive roll-out, if the product appears to have the potential to be successful. If any concerns arise, during the sandbox period, appropriate modifications can be made before the product is launched in the broader market. 3.3. Third, healthcare / health tech organizations provide solutions that can further inclusion and utilization of the NDHM in a significant way. The NS will go a long way in not only improving the pace of innovation and technology absorption but also in healthcare and health tech inclusion and in improving healthcare outreach. 3.4. Fourth, the NS will lead to better outcomes for consumers through an increased range of products and services, reduced costs, and improved access to healthcare services. 3.5. Finally, the NS will help developers and technical community of NDHM to get a first-hand feel of specifications, tools, technologies and building block of NDHM. It will provide an opportunity to the community to test their ideas and concepts and allow experimentation. 3.6. The data sharing shall be allowed based on approved Health Data Management Policy, Information Security Policy and any other policies as notified and applicable, and Data Protection Bill. 4. NDHM Sandbox: Risks and Limitations 4.1. The NDHM or its sandbox cannot provide any legal waivers. 4.2. Post-sandbox testing, a successful experimenter may still require necessary approvals before the product/services/technology can be permitted for wider application. 4.3. There is potential for some legal issues coming up, such as those relating to consumer losses in case of failed experimentation. Such instances may not have much legal ground if the NS framework and processes are transparent and have clear entry and exit criteria. Upfront clarity that liability for customer or business risks shall devolve on the entity entering the NS will be important in this context. 5. NDHM Sandbox: Eligibility Criteria 5.1. The target applicants for entry to the NS, are healthcare / health tech service providers, including public health programs at centre and States, software providers, hospitals, labs, healthcare aggregators, and health tech companies and so on and any other company partnering with or providing support to healthcare / health tech services businesses, subject to the sandbox criteria laid down in these guidelines. The focus of the NS will be to encourage innovations intended for use in the Indian market in areas where proposed innovation shows promise of easing/effecting delivery of healthcare / health tech services in a significant way.
  • 7. 6. Design Aspects of the NDHM Sandbox The NDHM shall consider the following key design features for the NS: 6.1. NDHM Sandbox and Product/Services/Technology: The NS shall run an end-to-end sandbox process testing the products added to the sandbox during a defined period. The NS shall be based on adoption of NDHM, healthcare / health tech inclusion with NDHM building blocks, promotion, and usage of NDHM in an expansive manner, etc. The utilization of sandbox for different products may run for varying time periods as finalized by Health Tech Committee (HTC) under NDHM but should ordinarily be completed within six months. An indicative list of products/services/technology which could be considered for testing under NS is given below: 6.1.1. Products/Services • Utilization of o Health ID o DigiDoctor Registry o Health Facility Registry o Personal Health Records o Telemedicine and Teleconsultation o e-Pharmacy o Health Clouds • Convergence and expansion of NDHM for o Retail healthcare o Health Insurance and Health Assurance services o Healthcare Marketplace and aggregation o Digital KYC for healthcare o Healthcare / Health tech advisory services o Health management services o Digital health related identification services o Smart contracts o Healthcare inclusion products o Cyber security products • Products like Clinical Decision Support System (CDS), Research- Medical & Policy, Anonymization-as-a-service, Consent Management as-a-service. 6.1.2. Technology • Mobile technology applications • Data Analytics • Application Program Interface (APIs) services • Applications under block chain technologies • Artificial Intelligence and Machine Learning applications 6.1.3. Becoming a • Health Information Provider (HIP): Any healthcare provider who creates health information in the context of treating a patient and agrees to share
  • 8. the same digitally with the patient using the consent framework adopted by the National Digital Health Mission (NDHM) is called a health information provider (HIP). Any Hospital, diagnostic centre, clinic, etc. will be able to become HIP by ▪ Signing up with the NDHM facility registry to confirm they are a healthcare provider ▪ Adopting EMR software that is certified to be compliant with NDHM standards. ▪ The HIP should adopt identifiers maintained by NDHM (Health ID, DigiDoctor etc.) ▪ The HIP must share anonymized data as per policy laid down by NDHM/NHA in this regard. • Health Information User (HIU): Any entity that would like to access health records of a user will be called Health Information Users. This would include hospitals / doctors who would like to access medical history of patients, mobile applications that want to display health data to users including Personal Health Record applications. No record will be accessible to HIUs without the consent of the user. • Health Repository Providers: HIPs are expected to store digital records of both outpatient and inpatient treatments in a long-term storage and make them accessible by the health information provider service. For HIPs that do not have the infrastructure in house, they are expected to partner with Health Repository Providers who will help them in implementing this obligation. This shall also cover health lockers and health data storage facility systems. These may act as Health Information Providers as well as Health Information Users. Detailed guidelines for an organization to become HIP/HIU/Health Repository Provider shall be separately issued. 6.2. Quality Principles: The NS will need the following requirements to be mandatorily complied with by the applicants: i. Customer privacy and data protection ii. Secure storage of and access to data of all stakeholders, including health data iii. Compliance to PDP 2019: The domain as well as technology/security audit is a mandatory component of getting an organization onboarded and going live with the NDHM ecosystem. The check on all compliances shall be a part of the audit. iv. Compliance to medico-legal rules, regulations, and guidelines v. Security of transactions vi. NDHM core principles and related requirements vii. Statutory restrictions viii. Rules and regulations as finalized by MoHFW and MeitY
  • 9. 6.3. Exclusion from Sandbox Testing: Any product/services/companies/organizations which have been banned by the Government of India shall be strictly prohibited. 6.4. Fit and Proper Criteria for Selection of Participants in NS 6.4.1. Every applicant shall satisfy the following conditions: a) It should either be a company/ proprietorship firm/ LLP/ firm/ institution/ organization incorporated and registered in India or licensed to operate in India. Further, healthcare / health tech institutions constituted under a statute in India would also be eligible. b) The entity must demonstrate arrangements to ensure compliance with the existing regulations/laws on consumer data protection and privacy as well as PDP 2019. c) There should be adequate safeguards built in its IT systems to ensure that it is protected against unauthorized access, alteration, destruction, disclosure or dissemination of records and data. d) The test scenarios and expected outcomes of the NS experimentation should be clearly defined, and the sandbox entity should report to the Mission on the test progress, based on proposed schedule. e) The appropriate boundary conditions (refer to section 6.7) should be clearly defined for the NS to be meaningfully executed while sufficiently protecting consumers’ privacy. f) An acceptable exit and transition strategy should be clearly defined in the event, that the proposed healthcare / health tech-driven service must be discontinued or can proceed to be deployed on a broader scale after exiting the NS. g) The applicants shall be required to share the results of Proof of Concept (PoC)/testing of use cases including any relevant prior experiences before getting admission into NS for testing, wherever applicable. h) Significant risks arising from the proposed healthcare / health tech solution or service should be assessed and mitigation plan shall be submitted. 6.4.2. The NS is an initiative to foster onboarding with NDHM, and responsible innovation in healthcare / health tech services, while carefully monitoring and containing their risks. 6.5. Extending or Exiting the NS 6.5.1. At the end of the sandbox period, the sandbox entity must exit the NS. In the event, that the sandbox entity requires an extension of the sandbox period, it should apply to the Mission at least one month before the expiration thereof and with valid reasons to support the application for extension. The Mission shall take an informed decision to allow extension or otherwise based on the stage of the testing, the results of the testing till then, justification for its continuance and the expected outcome in the extended period.
  • 10. 6.5.2. The sandbox testing will be discontinued any time at the discretion of the Mission: a) if the sandbox entity does not achieve its intended purpose, based on the latest test scenarios, expected outcomes and schedule mutually agreed by the sandbox entity with the Mission. b) if the sandbox entity is unable to fully comply with the relevant requirements and other conditions specified at any stage during the sandbox process. c) if the sandbox entity has not acted in the best interest of consumers due to negligence or deliberate malicious practices 6.5.3. The sandbox entity may also exit from the NS at its own discretion by informing the Mission one month in advance. The sandbox entity shall ensure that any existing obligation to its customers of the healthcare / health tech service under experimentation is fully addressed before exiting the NS or discontinuing the NS. 6.6. Boundary Conditions: When the NS operates in the production environment, it must have a well-defined space and duration for the proposed healthcare / health tech service to be launched, within which the consequences of failure can be contained. The appropriate boundary conditions should be clearly defined for the NS to be meaningfully executed while sufficiently protecting the interests of consumers. The boundary conditions for the NS may include the following: 6.6.1. Start and end date of the NS 6.6.2. Target customer type 6.6.3. Limit on the number of customers involved if any 6.6.4. Security and privacy of data related conditions 6.6.5. Compliance to standards and processes for each building block of NDHM 6.7. Consumer Protection Sandbox will require the applicant to present a plan which adequately protects its consumers. This may include marketplace disclosures, a risk management plan, safeguarding procedures, incident reporting and dispute resolution, redress mechanisms, or insurance (such as a fund for victim compensation). In addition, the applicant should have a plan with key milestones identifying key performance indicators to plot the trajectory on whether key objectives were met and associated learnings. 6.7.1. The sandbox entity will be required to ensure that any existing obligations to the customers of the healthcare / health tech service under experimentation are fulfilled or addressed before exiting or discontinuing the NS. It may be noted that entering the NS does not limit the sandbox entity’s liability towards its customers. 6.7.2. The entities entering the NS must, in an upfront and transparent way, notify test customers of potential risks and the available compensation and obtain their explicit consent in this regard. There should be an appropriate arrangement for customers to withdraw from the test. 6.7.3. Sandbox entities shall be required to take liability/indemnity insurance of an adequate amount and period to safeguard the interest of the customers. The
  • 11. adequacy of indemnity cover shall depend on determination of the maximum liability based on, among others, (i) maximum exposure to a single customer (ii) the number of claims that could arise from a single event (potential for multiple claims); and (iii) number of claims that might be expected during the policy period. The policy cover shall begin with the start of testing stage and end three months after exit of the sandbox entity from the NS. 6.8. For a Participant, which is a regulated entity operating in India under a license, the terms and conditions of that license would continue to apply during the test to all non-Sandbox approved activities. The Sandbox would permit a product, solution or service to be tested by the Mission in accordance with a test plan and without requiring a separate or modified license or authorization for the purposes of the test, once the Mission approves the application submitted by the participating entity and the security audit is successfully completed. 7. The NDHM Sandbox Process and its Stages 7.1. End-to-End Sandbox Process: A detailed end-to-end sandbox process, including the testing of the products/innovations by healthcare / health tech entities, shall be overseen by the NDHM Health Tech Committee (HTC) under overall guidance of the Mission Director, NDHM with participation of domain experts. 7.2. The Sandbox Process: Each product on NS shall have the following five stages and timeline: 7.2.1. Preliminary Screening: The application submission shall be always open and all applications shall be processed on FIFO basis. The applications shall be received by the HTC and evaluated to shortlist applicants meeting the eligibility criteria. The HTC shall ensure that the applicant clearly understands the objective and principles of the NS and conforms to them. 7.2.2. Test Design: This phase may last for 4 weeks. The HTC shall finalize the test design through an iterative engagement with the applicants and identify quantitative and/or qualitative outcome metrics for evaluating evidence of benefits and risks. 7.2.3. Application Assessment This phase may last for 3 weeks. The HTC shall vet the test design and propose modifications, if any. 7.2.4. Testing: This phase may last for a maximum of 12 weeks. The HTC shall assess by close monitoring. 7.2.5. Evaluation: This phase may last for 4 weeks. The outcome of the testing of products/services/technology as per the expected parameters including viability/ acceptability under the NS shall be confirmed by the NDHM. The HTC shall assess the outcome reports on the test and decide on whether the product/service is compliant with various NDHM guidelines. 8. Certification Process 8.1.1. With new global demands for Security and Quality, the need for software product assurance is becoming more important. There are essentially two
  • 12. approaches that can be followed to ensure product quality, one being assurance of the process by which the product is developed, and the other being the evaluation of the quality of the end-product. Both approaches are important, and both require the presence of a system for managing quality. 8.1.2. NDHM has engaged with Ministry of Electronics and Information Technology, Government of India to verify, validate and certify products/solutions who have onboarded with the NDHM Sandbox and shall be going live with the products, with mandatory integration of NDHM building blocks through APIs. 8.1.3. Standardization Testing and Quality Certification Directorate (STQC) shall be the organization responsible for ensuring the certification of the software/product with NDHM before it is rolled out in the open market. The certification/audit of the product shall be mandatory and shall be undertaken by STQC/empanelled vendors under STQC. 8.1.4. STQC offers testing for IT products and a variety of Software verification and Validation services. They are provided with well-trained manpower, state- of- the-art testing laboratories including software testing tools and office infrastructure. They act as a single point focus to provide third party validation services. 8.1.5. The following process shall be followed: a) The organizations receiving clearance certificate from the HTC at NDHM shall reach out to STQC/empanelled vendor for certification/audit of the solution/product. b) The STQC/empanelled vendor shall complete the audit within reasonable period from the date of receipt of access/credentials. c) Once the audit report is shared by STQC/empanelled vendor, any changes asked for shall be done by the concerned organization and re-submit the solution/product for second level of audit. d) If any functional/policy level issues are highlighted, or issues are highlighted which may have an impact on the components/building blocks of NDHM, STQC shall inform NDHM and it will be taken up by the HTC/product teams at NDHM. e) The process as mentioned in point b and c as mentioned above shall be followed for each iteration of audit, till 5 iterations. f) If a product does not clear the audit in 5 iterations, it will be deemed rejected, and a new application needs to be filed in each such case by the organization. g) The cost of audit shall be borne by the organization. The maximum cost /ceiling shall be pre-defined, jointly finalized by MeitY and NDHM. h) A certification/audit checklist shall be issued by STQC with the exact steps defined for the certifications/audits. The following is a non-exhaustive list of items that shall be checked during the audit:
  • 13. 1. The application/software/product has been placed in protected zones with implementation of firewalls and IDS (Intrusion Detection System) and high availability solutions. 2. Before launch of the application/software/product, simulated penetration tests have been conducted. Penetration testing has also been conducted <x times> after the launch of the application/software/product. 3. The application/software/product has been audited for known application level vulnerabilities before the launch and all the known vulnerability has been addressed. 4. Hardening (as and where needed) of servers has been done before the launch of the application/software/product. 5. Access to web servers hosting the application/software/product is restricted both physically and through the network as far as possible, the servers reside in India, and no data is shared out of India. 6. Logs at <x number> different locations are maintained for authorized physical access of application/software/product servers. 7. Web servers hosting the application/software/product are configured behind IDS, IPS (Intrusion Prevention System) and with system firewalls on them. 8. Encryption is enabled wherever required 9. Secure storage devices are utilized 10. Enablement of automatic wiping of lost or stolen devices 11. Secure Sockets Layer (SSL) in place when using the Internet to ensure secure data transfers 12. Secure email gateways ensuring data is emailed securely 13. All the development work is done on separate development environment and is well tested on staging server before updating it on the production server. 14. After testing properly on the staging server, the applications are uploaded to the production server using SSH and VPN through a single point. 15. The content contributed by/from remote locations is duly authenticated & is not published on the production server directly. Any content contributed to go through the moderation process before final publishing to the production server. 16. All contents/data of the pages are checked for intentional or unintentional malicious content before final upload to web server pages. 17. Audit and Log of all activities involving the operating system, access to the system, and access to applications are maintained and archived. All
  • 14. rejected accesses and services are logged and listed in exception reports for further scrutiny. 18. Help Desk staff at the HTC monitor the application/software/ product at intervals of <frequency> to check the system to confirm that the application is up and running, that no unauthorized changes have been made, and that no unauthorized links have been established. 19. All newly released system software patches; bug fixes and upgrades are expeditiously and regularly reviewed and installed on the web/application server. 20. On Production servers, Internet browsing, mail and any other desktop applications are disabled. Only server administration related task is performed. 21. Server passwords are changed at the interval of <x number> months and are shared by <y number> persons <a name> and <b name>. 22. <a name> and <b name> have been designated as Administrator for the application/software/product and shall be responsible for implementing certification requirements for each of the servers. The administrator shall also coordinate with the Audit Team for required auditing of the server(s). 23. The application/software/ product has been re-audited for the application level vulnerability after major modification in application development [Not applicable at first launch]. 24. CIA Model: i. Confidentiality: Ensures that information is not accessible to unauthorized people—usually by enabling encryption—which is available in many forms. ii. Integrity: Protects data and systems from being modified by unauthorized people; making sure that data has integrity and was not changed between the time you created it and the time it arrives at its intended party. iii. Availability: Ensures that authorized people can access the information when needed and that all hardware and software is maintained and updated when necessary. 25. Preventive security controls, designed to prevent cyber security incidents 26. Detective security controls, aimed at detecting a cyber security breach attempt (“event”) or successful breach (“incident”) while it is in progress, and alerting cyber security personnel 27. Corrective security controls, used after a cyber security incident to help minimize data loss and damage to the system or network, and restore critical business systems and processes as quickly as possible (“resilience”)
  • 15. 28. Technical controls such as multi-factor user authentication at login (login) and logical access controls, antivirus software, firewalls 29. Compliance controls such as privacy laws and cyber security frameworks and standards. 8.1.6. The Audit for the organizations participating in the sandbox shall be done as per the checklist finalized by NDHM. 9. Statutory and Legal Issues 9.1. Upon approval, the applicant becomes the sandbox entity responsible for operating in the NS. The NDHM will provide the appropriate support by relaxing specific requirements (which the sandbox entity will otherwise be subject to), where necessary, for the duration of the NS. The NDHM shall bear no liability arising from sandbox process and any liability arising from the experiment will be borne by the applicant as a sandbox entity. 9.2. Upon successful experimentation and on exiting the NS, the sandbox entity must fully comply with the relevant requirements. The applicant should clearly understand the objective and principles of the NS. It must be emphasized that the NS is not intended and cannot be used as means to circumvent legal and regulatory requirements. 9.3. At the end of the sandbox period, the sandbox entity must exit the NS, and start utilizing the production services of NDHM ecosystem to be continuing for live implementation. 10. Transparency and Disclosure 10.1.Outreach with stakeholders and clear and adequate information dissemination on the NS is important. The NDHM will communicate the entire sandbox process including its launch, successful applicants selected for NS, entry and exit criteria and products/services found viable and acceptable under the NS through its official website. 10.2.The NDHM shall reserve the right to publish any relevant information about the NS applicants on its website, including for the purpose of knowledge transfer and collaboration with other international agencies, without revealing any proprietary/intellectual property rights related information.