Navigating the Legal Landscape of Digital Healthcare in India”

What is Digital Health?

In simple terms, digital health means using innovative digital techniques to make health care facilities easily accessible to people.

World Health Organization has explained digital health[1] as an umbrella term, which includes e-health, Big Data, genomics, artificial intelligence, genetics, and a lot of other things. It simply means any devices or services which is being used for enhancing Information and Communication technology (ICT)[2] for the betterment of healthcare encompassing tracking of chronic diseases, results of treatments, and accuracy of diagnostic. The two main components of digital health are, first digitalizing all the medical data and secondly delivering medical services by using several technologies. One of the greatest developments is Telemedicine, which has made it easy for people to obtain medical facilities from far away, sitting at their homes and eliminating the need for them to visit a clinic in person to a great extent. Another one is Robot-assisted surgeries which are a big help for medical practitioners. A lot of advancements have taken place in the medical field because of Artificial intelligence, it’s being used for diagnosing, treating patients, and generating potential outcomes of various range of treatments for various illnesses. Because of Digitalizing these services, it’s making health care more rights-based, a digital healthcare paradigm has the potential to bring about major and revolutionary changes. Within the literature on public health, the PANEL principles—participation, accountability, non-discrimination, empowerment, and legality—form the cornerstones for guaranteeing healthcare access within a framework grounded in rights.

A rights-based approach to healthcare is founded on the rights guaranteed by international and regional agreements, national constitutions, laws, and policies, as well as the freedom from cruel and degrading treatment, equality and non-discrimination, autonomy, privacy, and confidentiality.[3]

Digital Health in India:

In India, “digital health” refers to the use of digital technology in healthcare to improve workflow and offer individualized treatment for patients. The Digital Information Security in Healthcare Act of 2018 (DISHA)[4] defines “digital health data” as electronic records of an individual’s health-related information, though words like “digital health,” “digital medicine,” and “digital therapeutics” lack clear definitions.

The necessary information about a person’s physical and mental health, the services they have received from health providers, any body parts or biological substances they have donated, and test and examination results are typically included in the term “digital health data.”  The Indian government released the Telemedicine Practice Guidelines (TPG) in March 2020[5] with the notable goal of establishing telemedicine as a routine practice.  The World Health Organisation (WHO) defines telemedicine[6] as “the delivery of healthcare services by all healthcare professionals using information and communication technologies when distance is a critical factor,” which is in line with the standards. Many tools and services are used in the healthcare industry to use information and communication technology (ICT) to prevent, minimize, treat, and track illness patterns.  The idea of digital health is best shown by the use of genetics and digital technologies for early disease identification and prompt treatment.  The Indian government’s Ministry of Health and Family Welfare (MoHFW) is in charge of this sector. [7]

Major Laws that are governing digital healthcare in India:

  1. Information Technology Act, 2000[8]

Section 2(1)(w) – Any individual or organization that handles tasks like receiving, storing, transmitting, or offering services linked to electronic records on behalf of another is referred to as an “intermediary” in the context of electronic records. Many service providers are included in this definition, including search engines, online marketplaces, online payment sites, online auction sites, telecom service providers, network service providers, internet service providers, and web hosting service providers. Put simply, intermediaries let users or clients handle and manage their electronic records more easily.

Section 43A- A business may be required by law to reimburse a person for damages if it neglects to sufficiently protect sensitive personal data kept on its computer systems and this failure causes the person to suffer harm or financial loss. The money is meant to make up for any unjustified profit or loss brought about by the business’s neglect to put in place and keep up appropriate security policies and procedures.

Section 79- Under certain conditions, intermediaries are excluded from liability under Section 79 of the statute. With the exclusions listed in subsections (2) and (3), subsection (1) states that an intermediary is not liable for third-party data, information, or communication links hosted by them despite current regulations. Subsection (2) protects intermediaries whose only duty is to provide users with access to a communication system; if they initiate or oversee the transfer of content, they are exempt from liability. In addition, the intermediary must demonstrate that it has carried out its legal due diligence and adhere to the guidelines set forth by the Central Government. However, subsection (3) outlines the situations in which the exception does not apply. Section 79 of the Act exempts intermediaries from liability under specific circumstances. Despite existing legislation, subsection (1) specifies that an intermediary is not accountable for third-party data, information, or communication links hosted by them, with the limitations mentioned in subsections (2) and (3).

Subsection (2) protects intermediaries whose only duty is to provide users with access to a communication system; if they initiate or oversee the transfer of content, they are exempt from liability. In addition, the intermediary must demonstrate that it has carried out its legal due diligence and adhere to the guidelines set forth by the Central Government. However, subsection (3) outlines the situations in which the exception does not apply.

  1. The Clinical Establishments (Registration and Regulation) Act, 2010[9]

Section 38(1) and (2) – All State Governments in India are required by law to keep up the State Register of clinical facilities, according to a directive from the Central Government. All State Governments are required by Sections 38(1) and (2) to keep this registry up to date in a digital format in compliance with the specifications and standards given by the Central Government. This record, which aims to hold comprehensive information about clinical facilities situated inside the state’s borders, should be called the State Record of Clinical Facilities. The Central Government will decide what information must be included in the digital registry, which would enable uniform and standardized record-keeping throughout all states. Through simplification of the data collection and maintenance process, this directive seeks to increase uniformity and effectiveness in the management of clinical institution data. Furthermore, it is the State Government’s responsibility to send the State Register to the Central Government regularly.

Creating a digital version of the State Register of Clinical Institutes is necessary to comply with the Central Government’s requirements. Furthermore, any additions, updates, or adjustments made to the register during a given month must be reported to the Central Government by the fifteenth day of the following month. This reporting requirement ensures that any modifications to the status or characteristics of therapeutic facilities are quickly communicated to the Central Government. Moreover, the State Government bears the responsibility of consistently providing the Central Government with the State Register. To comply with the Central Government’s deadlines, a digital copy of the State Register of clinical establishments must be provided. In addition, by the fifteenth day of the following month, the Central Government must be notified of any additions, updates, or modifications made to the register during that specific month. This reporting obligation makes sure that the Central Government is promptly updated on any changes to the status or specifics of clinical facilities. Essentially, the State and Central Governments worked together to create the State Register of Clinical Establishments, which is a comprehensive and current repository of data necessary for efficient healthcare management and regulatory oversight. The focus on digital forms and prompt reporting highlights the nation’s commitment to modernizing and improving the effectiveness of the healthcare information system.

  1. Digital Personal Data Protection Act, 2023[10]

Clause 8- By this legislation, the Data Fiduciary (one who has data of patients), must abide by the Act’s provisions and any related rules, regardless of any agreements to the contrary or breaches in the Data Principal’s obligations. This obligation covers any processing actions carried out by the data fiduciary or by a data processor acting on its behalf. When a Data Fiduciary hires a Data Processor to manage personal data associated with providing products or services to Data Principals, the agreement must be legally binding. A data fiduciary is responsible for ensuring the accuracy, consistency, and completeness of any personal information they process that could have an impact on a decision impacting the data principal or be shared with another data fiduciary. A Data Fiduciary must put in place the proper organizational and technological safeguards to guarantee compliance.

Furthermore, by implementing appropriate security measures to guard against breaches of personal data, the Fiduciary is required to secure any personal data that it owns or controls, including information handled by a Data Processor on its behalf. The Data Fiduciary must promptly notify the Board and each impacted Data Principal in the sad event of a personal data breach, using the format and procedures that are needed. Furthermore, when the Data Principal withdraws consent or the indicated purpose is reasonably presumed to no longer be fulfilled, whichever occurs first, the Data Fiduciary shall remove personal data, unless retention is required for legal compliance. This duty also includes requiring the Data Processor to destroy any personal information that was processed after being acquired from the Data Fiduciary.

Other Laws, Regulations, and bodies governing Digital Health:

Some of the other laws and regulations governing digital health in India are The Drugs and Cosmetics Act, 1940[11]; 2011 Rules of Information Technology Reasonable security practices and Procedures and sensitive personal data or Information [12], particularly rules 3, 4(1), 5(1), 5(3), 5(7), 7; Rule 3 of Intermediary Guidelines of 2011[13]; Medical Device Rules, 2017[14]; e-Health India[15]; Health Data Management policy, 2020[16]; Telemedicine practice guidelines[17]; Privacy as a fundamental right in India and Right to Health.


Just like Zomato & Swiggy, Today Healthcare is also available on our doorsteps, we can consult doctors online through apps like Practo[18], and Apollo 24/7[19], which got very popular during the Pandemic because it became easy for people to consult doctors digitally without stepping out of their houses, digital screening also became quite famous, however, all the data of patients that are being taken by Data Fiduciaries needed to stay protected to ensure that their privacy is not getting breached, for which there are several laws in place, however, informed consent and capacity-building for the effective collection and processing of data are challenges that is needed to overcome.

It can also be seen that it’s important for a country to invest more in the healthcare sector, like the U.S., Norway, etc.[20] Investing more and making the healthcare system more digital, could improve access to high-quality care, especially for underprivileged populations.

“PRIME LEGAL is a full-service law firm that has won a National Award and has more than 20 years of experience in an array of sectors and practice areas. Prime legal fall into a category of best law firm, best lawyer, best family lawyer, best divorce lawyer, best divorce law firm, best criminal lawyer, best criminal law firm, best consumer lawyer, best civil lawyer.”

Written by- Aditi


[1] Digital health. (2019, October 10). https://www.who.int/health-topics/digital-health

[2] Information and Communication Technologies. (n.d.). Science Direct. Retrieved December 9, 2023, from https://www.sciencedirect.com/topics/computer-science/information-and-communication-technologies

[3]Deepika. (n.d.). Regulation of Digital Healthcare in India: Ethical and Legal Challenges. Retrieved December 9, 2023, from https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10048681/#:~:text=The%20Information%20and%20Technology%20Act,Intermediary%20Guidelines%E2%80%9D)%20govern%20a%20key

[4] (Comments on Draft Digital Information Security in Health Care Act.(DISHA) | Ministry of Health and Family Welfare | GOI, n.d.)

[5] Telemedicine Practice Guidelines. (n.d.). Retrieved December 9, 2023, from https://www.mohfw.gov.in/pdf/Telemedicine.pdf

[6] WHO issues consolidated guide to running effective telemedicine services. (2022, November 10). https://www.who.int/news/item/10-11-2022-who-issues-new-guide-to-running-effective-telemedicine-services

[7] Singh, M., & Musyuni, P. (2023, March 17). Digital Health Laws and Regulations India <span>2023</span> International Comparative Legal Guides International Business Reports. https://iclg.com/practice-areas/digital-health-laws-and-regulations/india

[8]Information Technology Act, 2000. (n.d.). Retrieved December 9, 2023, from https://eprocure.gov.in/cppp/rulesandprocs/kbadqkdlcswfjdelrquehwuxcfmijmuixngudufgbuubgubfugbububjxcgfvsbdihbgfGhdfgFHytyhRtMjk4NzY=

[9] The Clinical Establishments (Registration and Regulation) Act, 2010. (n.d.). Retrieved December 9, 2023, from https://cbhidghs.mohfw.gov.in/WriteReadData/l892s/The%20Clinical%20Establishment%20Act%202010-2013.pdf

[10] Digital Personal Data Protection Act, 2023. (n.d.). Retrieved December 9, 2023, from https://www.meity.gov.in/writereaddata/files/Digital%20Personal%20Data%20Protection%20Act%202023.pdf

[11] The Drugs and Cosmetics Act, 1940. (n.d.). Retrieved December 9, 2023, from https://cdsco.gov.in/opencms/export/sites/CDSCO_WEB/Pdf-documents/acts_rules/2016DrugsandCosmeticsAct1940Rules1945.pdf

[12]Information Technology Reasonable security practices and procedures and sensitive personal data or information Rules 2011. (n.d.). Retrieved December 9, 2023, from https://upload.indiacode.nic.in/showfile?actid=AC_CEN_45_76_00001_200021_1517807324077&type=rule&filename=GSR313E_10511(1)_0.pdf

[13]The Information Technology (Intermediaries Guidelines) Rules. (n.d.). Retrieved December 9, 2023, from https://www.meity.gov.in/writereaddata/files/Information%20Technology%20%28Intermediary%20Guidelines%20and%20Digital%20Media%20Ethics%20Code%29%20Rules%2C%202021%20%28updated%2006.04.2023%29-.pdf

[14]Medical Device Rules,2017. (n.d.). Retrieved December 9, 2023, from https://cdsco.gov.in/opencms/resources/UploadCDSCOWeb/2022/m_device/Medical%20Devices%20Rules,%202017.pdf

[15] E-HEALTH & TELEMEDICINE. (n.d.). Retrieved December 9, 2023, from https://main.mohfw.gov.in/?q=Organisation/departments-health-and-family-welfare/e-Health-Telemedicine

[16] Health Data Management policy, 2020. (n.d.). Retrieved December 9, 2023, from https://abdm.gov.in:8081/uploads/health_management_policy_bac9429a79.pdf

[17] Ibid

[18] Practo | Video Consultation with Doctors, Book Doctor Appointments, Order Medicine, Diagnostic Tests. (n.d.). Practo. https://www.practo.com/

[19]Online Medical Store, Online Medicine Order, Fastest Delivery – Apollo Pharmacy. (n.d.). Apollo Pharmacy. https://www.apollopharmacy.in/?variant=2&utm_source=google&utm_medium=srb&campaignid=12441686376&adgroupid=116238927017&keyword=apollo%2024%207&device=c&adtype=&product_id=&utm_campaign=Apollo_Branding_Services_Bangalore&utm_content=Apollo_247_EM&gad_source=1&gclid=CjwKCAiAvdCrBhBREiwAX6-6UgZUJObKi9yKdPzKIRASg68mvdnX6H5yZFZt9Fk852OFuEk8SSY-xRoCUxgQAvD_BwE

[20] Per capita health spending by country 2022 | Statista. (2023, September 19). Statista. https://www.statista.com/statistics/236541/per-capita-health-expenditure-by-country/#:~:text=health%20care%20services.-,Health%20Expenditure%20in%20the%20U.S.,percent%20by%20the%20year%202031.


Leave a Reply

Your email address will not be published. Required fields are marked *