Health Data Protection in Telemedicine and E–Health Platforms in India: A Legal Analysis of Patient Privacy

Digital Health refers to the growing convergences of digital technologies with healthcare delivery. The WHO has defined digital health as “a broad umbrella term encompassing eHealth, as well as emerging areas, such as the use of advanced computing sciences in ‘big data’, genomics and artificial intelligence”. The digitization of healthcare involves two key components: the use of technology to deliver healthcare services and the digitization of medical data. The use of technology could include telemedicine, enabling patients to receive medical care without physical access to a healthcare professional or facility. Under the Drugs and Cosmetics Act, 1940 software was included as a medical device if it is used for the purposes such as a) Diagnosis, prevention, monitoring, treatment or alleviation of any disease or disorder. b) Diagnosis, monitoring, treatment, alleviation or assistance for any injury or disability. c) Investigation, replacement or modification, or support of the anatomy or of a physiological process. d) Supporting or sustaining life. e) Disinfection of medical devices. f) Control of conception. Under the Medical Devices Rules, 2017, medical devices are classified into 4 risk-based categories ranging from Class A (low risk) to Class D (high risk) which includes software in the form of digital health applications that is used for any of aforementioned purposes. The key legislations that would regulate the civil liability arising out of digital health apps are Consumer Protection Act, 2019 and Contract Act, 1872. Physicians practicing telemedicine in India are also governed by the Telemedicine Practice Guidelines, 2020 issued by the Ministry of Health and Family Welfare which provide a legal framework for registered medical practitioners to consult patients remotely via various communication platforms. The Telemedicine Guidelines prescribe some guidelines applicable specifically to data collection and processing falling within the remit of telemedicine. These guidelines essentially specify the need to maintain the confidentiality of patient data by registered medical practitioners and clarify the applicability of the IT Act and the SPDI Rules to ensure confidentiality and privacy of such data and records. The paper examines the backdrops of current laws that regulate Telemedicine and E – Health platforms as they seem to be not explicitly address telehealth and there are also significant concerns at the level of patient privacy. In this paper we would like to analyze the legal concerns around digital health and provide an understanding of the problems these shortcomings pose, as well as policy recommendations for overcoming these problems.