Healthcare Laws And Regulatory Compliances In India

Legal and regulatory issues of technology and technology driven projects have always vexed governments around the world. India is no exception to this fact as Indian government is still struggling to deal with the legal issues of fields like e-health, m-health, telemedicine, etc. Similarly, many healthcare services are dependent upon cloud computing these days. The legal and regulatory issues of cloud computing in India are far from satisfactory. As a result many businesses and companies are hesitant in using the same for various purposes including for healthcare purposes.

On the positive side, the Electronic Health Record (EHR) Standards of India have been prescribed and establishment of a National E-Health Authority (NeHA) of India has also been proposed by Indian government. Further, if we remove the shortcomings of Digital India project then the same can be used for e-health and healthcare purposes as well.

Technology vendors and entrepreneurs are eying upon Indian healthcare market as the same is booming and has great commercial significance for the coming decades. However, along with benefits there are liabilities and obligations as well. For instance, e-health, m-health, telemedicine, etc are subject to techno legal compliances. Presently the healthcare industry and healthcare entrepreneurs of India are acting more on the side of violation than compliances.

The legal risks for developer and owners of healthcare websites cannot be ignored. Further, mobile medical devices and handsets and their respective applications must also be in strict conformity with Indian laws. Medical device makers, software providers and medical fraternity of India must also keep in mind the encryption laws of India and cloud computing related legal risks in India.

For instance, AIIMS Bhubaneswar has recently launched electronic health card system and other hospitals and clinics may also adopt this practice. However, issues of privacy rights, data protection (pdf), cyber security, data security, cyber security breach reporting, biometric collection compliances, etc have still not been addressed and complied with by hospitals, clinics and Indian government. Even the Parliamentary Committee slammed Indian government for poor privacy laws and privacy protection in India.

Similarly, there are very complicated sets of legal requirements for establishing online pharmacies in India and for online sale of prescribed medicines in India. We have no dedicated laws for opening of online pharmacy stores in India but different laws of India govern different legal aspects of the same. There are numerous legal risks associated with online selling of medicines in India and all online pharmacies that intend to operate in India mist strictly follow various regulatory provision related to this field. As on date online pharmacies in India are violating various applicable laws of this field.

In the Indian context, regulatory compliances are frequently ignored and violated. Whether it is online pharmacies, e-health, m-health, telemedicine, mobile medical devices and applications, etc, medicine field related stakeholders are openly flouting the applicable norms and regulations.

Although we have no law on the lines of United State’s Health Insurance Portability and Accountability Act of 1996 yet there are numerous statutory provisions that must be complied with. These include privacy law compliances, data protection requirements, cloud computing compliances, encryption related compliances, cyber law due diligence (pdf), etc.

Clinical establishments operating in India are also required to comply with the requirements of the Clinical Establishments (Registration and Regulation) Act 2010 (pdf) and the Clinical Establishments (Central Government) Rules 2012 (pdf). Further, Recommendations on Electronic Medical Records Standards in India (pdf) have also been prescribed that have to be followed and complied with by Indian clinics and healthcare professionals of India. Perry4Law Organisation (P4LO) strongly recommends that both national and international healthcare stakeholders must ensure techno legal compliances of this field. Non compliance would bring not only bad publicity for them but may also result in civil and criminal prosecutions.