Cyber scare fallout: Centre orders stricter safeguards for PGI HIS 2

Chandigarh: In the wake of alarming cyber security vulnerabilities exposed within major national systems like CBSE and NEET, the Union ministry of health has asked PGI to fortify its upcoming Hospital Information System (HIS 2). The fallout from these high-profile institutional breaches has completely shifted the approach from digital transition to stringent new security components before its platform can go live.This mandate was finalised on Monday at the office of the Union ministry of health and family welfare during a two-and-a-half-hour high-level meeting. The meeting, chaired by the joint secretary of E-Health, Madhukar Bhagat, established a definitive roadmap to deploy HIS 2 within the current year. There were senior officials inlcuding the HIS 2 PGI in charge, Prof Rakesh Kapoor, deputy director administration, Pankaj Rai and a technical team from the Centre for Development of Advanced Computing (C-DAC) in attendance.While the formal memorandum of understanding (MoU) with C-DAC had faced delays — stalled by contractual discrepancies and a steep Rs 60 crore 50 lakh price tag — recent national security scares have forced an immediate resolution to these bottlenecks.To ensure absolute compliance with the Digital Personal Data Protection (DPDP) Act, the ministry of health has made the formal signing of the MoU contingent on the integration of mandatory, high-level security modifications. Technical teams have been given a strict two-week deadline to incorporate clauses mitigating internal vulnerabilities.Under the new ministry mandate, advanced encryption standard will be deployed across all archived patient files, diagnostic reports, and administrative databases. This ensures that in the event of a physical theft of storage hardware, encrypted data remains completely unreadable and useless to malicious elements without the corresponding cryptographic keys.Furthermore, enforcing transport layer security across all networks ensures that any data moving between departments, external laboratories, or remote telemedicine portals cannot be intercepted or manipulated.To protect patient confidentiality during non-clinical workflows, the system will execute automated masking of personally identifiable information and protected health information whenever data is pulled for medical research, statistical analysis, or billing audits.“A legal and technically binding contract will detail exactly how data must be systematically migrated back to the institute upon contract expiration or vendor turnover,” said an official in PGI. This critical protocol prevents “vendor lock-in” and ensures vital institutional assets are not left corrupted or stranded in third-party environments during structural transitions.While security serves as the back-end priority, the rollout of HIS 2 is simultaneously geared toward radically transforming the frontline patient experience. The upcoming platform is required to feature QR-code-based appointments, integrated mobile apps, and an advanced queue management system. Working in tandem with the new online appointment portal, this integrated digital ecosystem is expected to drastically cut down long waiting times across the institute’s heavily burdened OPDs.