You are on page 1of 7

Findings of this study

5.2 Legal & Regulatory framework

The legal scenario in India plays a major role in supporting an environment,
conducive for stakeholders of e-health. Legal framework being the important
infrastructure element needs to be user-friendly and implementable at all levels for
the purpose of compliance.

5.2.1 Current Scenario
The Indian legal system though robust and based on a strong historical tradition is
proving somewhat ineffective for the growth and development of advancing
technologies. There is no legal framework in India that specifies the health services,
capture, use, and storage of health information, their exchange for all modes of health
services delivery, etc. The legal framework lacks the structure and support that is
required to help operate and promote the evolving health services scenario.

The following are some examples of legal framework in India, which partially address
the current issues but need to be redefined with the emerging health care practices
and health environment.

Rights to Privacy
The Constitution of India does not confer, in express terms, any constitutional
guarantee on the right to privacy. Nevertheless, an unauthorized intrusion into a
person's home and the disturbance caused to him thereby, would constitute a
violation of a common law right of a man. The right to privacy is also an essential
ingredient of personal liberty. While the right to privacy has been enumerated by the
courts as one of the rights available to persons under Article 21 of the Constitution,
the courts have held that it is not absolute. Article 21 of the Constitution is to be
interpreted in conformity with international law, since India is a signatory to the
International Covenant on Civil and Political Rights. (Article 17 refers to the right to

Privacy and the Doctor Patient Relationship
It has been held by the Supreme Court that in the doctor-patient relationship, the
most important aspect is the doctor's duty of maintaining secrecy. A doctor cannot
disclose to a person any information regarding his patient which he has gathered in
the course of treatment nor can the doctor disclose to anyone else the mode of
treatment or the advice given by him to the patient. The doctor-patient relationship,
though basically commercial, is professionally, a matter of confidence and, therefore,
doctors are morally and ethically bound to maintain confidentiality.

The Hippocratic oath
The Hippocratic oath as such is not enforceable in a court of law, as it has no
statutory force. Medical information about a person is protected by the Code of

Mode 1 GATS Report India Page 41
Findings of this study

Professional Conduct made by the Medical Council of India under Section 33(m) read
with Section 20-A of the Act. Circumstances in which the public interest would
override the duty of confidentiality could, for example, be the investigation and
prosecution of serious crime or where there is an immediate or future (but not a past
and remote) health risk to others.

Code of Medical Ethics
The Code of Ethics prescribed by the Indian Medical Council requires doctors (as
against Healthcare Providers) to " not disclose the secrets of a patient that have been
learnt in the exercise of" his or her profession. Those secrets "may be disclosed only
in a court of law under orders of the Presiding Judge."

The Information Technology Act, 2001
India is only the 12th country in the world to have a legal framework for e-commerce
promulgated as the 'Information Technology Act, 2001’. This Act effects
consequential amendments in the Indian Penal Code, The Evidence Act, 1872, and
The RBI Act, 1934, bringing all of them in line to the requirements of the digital
transactions. This Act is also likely to affect the Companies Act, 1956 for the purpose
of facilitating e-governance and e-commerce in the country. The Act seeks to address
three areas:
• enabling e-commerce (b2b and b2c)
• enabling e-governance (g2c and c2g)
• curbing cyber crime and regulating the online environment

Telemedicine and Law
There is presently no Indian law that addresses the issues raised by the practice of
telemedicine in India. (Though there is an on-going initiative to addresses this gap).
While the Information Technology Act, 2000 provides for standards in relation to
information technology in general, the same does not relate to the provision of
healthcare services by using information technology. The applicable statute for
licensure could be the Indian Medical Council Act, under which the Indian Medical
Council regulates medical education and the admission of individuals to the Indian
and State Medical Registers.

Since the same statute regulates doctors all over India, issues of licensure across
states will not arise akin to the situation in the United States. However, across-border
telemedicine practice will cause similar issues to arise - this should be resolved by the

5.2.2 Barriers
Indian health laws, though many in number, are ineffective and more often than not,
against the spirit of advancement. Drawing analogy with other advancing countries,
their legal frameworks and initiatives, India has a long way to go in terms of revising

Mode 1 GATS Report India Page 42
Findings of this study

existing laws in tune with the evolving health scenario. Some of the problems
concerning the legal framework within the country are:

• Ineffective legal provisions and statutes leading to ineffective enforcement of legal
rules. For e.g., The Indian health laws are not as stringent as in USA to ensure
that all stakeholders involved comply by a certain date, such as HIPAA.

• Delay by the legal provisions in adapting to the changing environment. For e.g.,
Provision for regulating e-health activity is not seen and legal provisions not
updated with the evolving health scenario.

• No adequate provision for patient privacy with regard to health data.

• No statute defining the security and access control of health data.

• No provision defining the use of technology in health environment.

• No provision recognizing the cross-country interaction and trade in health
services. For e.g., Telemedicine is an evolving health technology that is changing
the face of healthcare and linking geographical regions, but is not regulated.

• All parties and stakeholders of the healthcare industry are not liable. In India,
health laws gravitate around the providers and the medical professionals, for e.g.,
Consumer Protection Act tends to target the Providers and the medical

• Loopholes in Law

Inadequacy of Existing Indian Law
While the courts have evolved certain principles using which it may be possible to
attach liability to Healthcare Providers, these are clearly inadequate to address the
range of issues connected with the creation and use of Health Information, inter alia,
for the following reasons:

• The existent principles address (to a limited extent) liability after misuse of the
Health Information, and do not lay down standards for use of that information.

• The right to privacy has primarily been articulated in terms of the fundamental
rights of persons under the Constitution, which are available against the State.
While the Supreme Court has not squarely addressed the issue of whether the
actions of private individuals (Healthcare Providers) can be subject to the right to
privacy, it may be necessary to provide specifically for the right to privacy in
respect of Health Information.

Mode 1 GATS Report India Page 43
Findings of this study

• Provisions need to be made for administrative procedures implementing the
regulation of Health Information.

• Liability is largely restricted to doctors, since existing principles do not take into
account the wide range of other Healthcare Providers.

• The issue, type, and degree of penalties to be levied need to be specifically

Key learnings of the study:

Two key messages emerged from the research conducted:

1. Legal framework for Mode 1 health services is not clear to many businesses.
In some cases, rules have not yet been framed. E.g. E-Learning &
2. HIPAA awareness is low. Indian companies will have to follow more stringent
business practices, which could reduce their profitability

Many respondents cited that the existing legal framework is ineffective and should be
updated to suit the current scenario.

Existing Frame work is ineffective


No Comment


Currently, no effective legal framework exists for cross border trade. For example,
legal requirements and implications of getting into businesses such as Contract
Research, Medical Transcriptions, Medical Coding and Billing are not clearly defined
in India. All these businesses deal with confidential health information. Currently ITES
companies are registered under the Shops and Establishments act, which does not
provide for any regulations of privacy and confidentiality of health information.

Mode 1 GATS Report India Page 44
Findings of this study

More and more healthcare companies in the US will be complying with HIPAA in the
near future. This will require more documentation and administrative work for all the
incumbents. Indian companies do not understand the implications of HIPAA very well
today, they need advise on its implications on the Indian healthcare BPO sector.

HIPAA Awareness in India will help


No Comment


Adoption of HIPAA by US healthcare providers might also make it difficult for them to
outsource work relating to patient health information to service providers in remote
locations. Currently, we need more HIPAA experts who can advise Indian healthcare
service providers on how to approach the issue.

General impression of investors on the Indian legal framework is that they face legal
hurdles even if they wish to be legally compliant in their set ups. Loopholes in law do
not ensure smooth establishment. Legal statutes are elusive and there will always be
a loophole to play around with.

There was an indication of felt need for a robust and effective legal framework that
would help regulate the health service environment by many respondents.

Robust and Effective Legal
Framework Required

0% Yes
No Comment


Mode 1 GATS Report India Page 45
Findings of this study

Legal rules governing education, health and eCommerce are not advanced in India
and need to be upgraded. This process is slow but will happen.

5.2.3 Initiatives

At a global level, access to health services has substantially increased on account of
new developments in technology. These developments, including the use of the
Internet and other modes of communication for the purpose of providing healthcare
services have had an effect in India as well, though not to the extent seen in
developed countries.

Furthermore, apart from the use of technology for the actual provision of healthcare
services to patients, improvements in technology have also greatly facilitated the flow
of information amongst the recipients and providers of healthcare services.

In light of such developments, new issues arise in context of the regulation by law of
healthcare services. Globally, there has been a move towards evolving a legal
framework that can address the new issues arising from the use of information
technology in the healthcare sector. Two of the most important issues that arise in
this context are the right to privacy of individuals, and the protection of this right in
relation to health information, and the development of a suitable regime (including the
development of new standards for the determination of liability, of necessary)
regulating the provision of healthcare services by the use of technology (as against
the traditional "delivery" of healthcare services).

There is considerable amount of effort undertaken by various interest groups to
revamp the existing Indian health law system. Legal rules governing education,
health, Internet, etc is being re-looked at to accommodate the changed scenario.

The Ministry of Communications and Information Technology, under their
initiative to standardise digital health information through out the country by building
an “Information Technology Infrastructure for Health in India”, has taken the
initiative to propose ‘The Telemedicine Act, 2003’ which would serve as a guideline
statute. The Act, apart from defining various entities, persons, technologies and
provisions, also covers the following aspects:
• It specifies the duties and functions of the Telemedicine Authority.
• Issues related to Licensing and Authorizing Telemedicine Practices
• Specifies the duties and liabilities of the persons involved in Telemedicine
• Covers the Doctor-Patient Relationship
• Penalties and liabilities in terms of non-conformance to stipulated standards and
• Confidentiality of Information
• Other Powers and Transitional Information

Mode 1 GATS Report India Page 46
Findings of this study

Telemedicine is a perfect example of the cross border trade in health services, under
mode 1. Telemedicine is a pre-cursor to the changes that will be witnessed further in
healthcare tomorrow. The enactment of the above Telemedicine Act would be a
landmark achievement for the Indian health-technology-scape, as it would be the first
step towards addressing the gap in current legal system.

Indian e-health businesses are anxiously awaiting the promulgation of new legal
regulations and statutes and are hopeful that these new laws would be more
effective, hassle-free, growth oriented, user-friendly and would protect the interests of
all the parties involved in the segment.

(For more information on such initiatives, refer Annexure 5)

Mode 1 GATS Report India Page 47