Digital Healthcare – Laws & Regulations in India

Digital health is using technologies to help improve individuals’ health and wellness. These technologies include both hardware and software solutions and services, including telemedicine, web-based analysis, email, mobile phones and applications, text messages, wearable devices and clinic or remote monitoring sensors. Really it’s about applying digital transformation, through disruptive technologies and cultural change, to the healthcare sector. Digital health is a multi-disciplinary domain involving many stakeholders, including clinicians, researchers and scientists with a wide range of expertise in healthcare, engineering, social sciences, public health, health economics and data management.

Digital Healthcare has been around in India since long but COVID-19 pandemic has put it in the spotlight and we are noticing mass adoption as 5 crore Indians accessed healthcare online in the last three months (Practo’s Insights Report, 18 Jun3 2020). In a significant move, the Ministry of Health and Family Welfare (“MoHFW”) on March 25, 2020, has issued the Telemedicine Practice Guidelines to provide healthcare using telemedicine and that is another major reason behind surge in online consultations. Also these Guidelines are one of the best guidelines ever published and the reason that telemedicine practice will stay in India. The Guidelines have made the practice of text/audio/video based medical care legal and regulated and thus have given platforms (mobile apps, web portals & social media) as well as doctors the standards to follow.

The legal and regulatory framework in India is/will be govern by following relevant acts / bills –

  • Telemedicine Practice Guidelines by MCI & NITI Aayog, 2020
  • Personal Data Protection Bill, 2019
  • Information Technology Act, 2000 & Information Technology Rules 2011
  • Clinical Establishment Act, 2010
  • MCI Act, 1956 & MCI Regulations 2002
  • Indian Medical Council Act, 1956 and Indian Medical Council Regulations 2002
  • Drugs & Cosmetics Act, 1940 and Rules 1945
  • Other Service Providers Regulations under the New Telecom Policy 1999

In September 2013, MoHFW notified the EHR Standards (Electronic Health Record Standards) for India.  Those standards were chosen from the best available & previously used standards applicable to International EHRs, keeping in view their suitability to and applicability in India.  Accordingly the EHR Standards 2016 document is notified and is placed herewith for adoption in IT systems by healthcare institutions and providers across the country.  The MoHFW facilitated its adoption by making available standards such as the Systematized Nomenclature of Medicine Clinical Terminology (SNOMED CT) free-for-use in India, as well as appointing the interim National Release Centre to handle the clinical terminology standard that is gaining widespread acceptance among healthcare IT stakeholder communities worldwide.

In addition, the MoHFW has proposed a new bill named DISHA (Digital Information Security in Healthcare Act) to govern data security in the healthcare sector.  The purpose of this Act will be to provide for electronic health data privacy, confidentiality, security and standardization.  The MoHFW, through the proposed DISHA, plans to set up a statutory body in the form of a national digital health authority for promoting and adopting: e-health standards; enforcing privacy and security measures for electronic health data; and regulating the storage and exchange of electronic health records.

One of the most immediate changes that health tech companies may need to be prepared for is the cost of compliance – with the Personal Data Protection (PDP) Bill 2019. As of the current interpretation of the text of the PDP Bill, 2019 (which effectively can get signed into law at any time) there is no period provided to affected companies to comply with the data protection measures in the Bill. The requirement of having a privacy-by-design system in place means that for a lot of companies the cost of compliance will go up as they would have to upgrade/overhaul their data protection systems and software. This change would be akin to the one experienced by European companies when they needed to comply with the General Data Protection Regulation (GDPR), but at least, in that case, there was a period prescribed within which companies were permitted to overhaul their security systems.

If any IT company or startup into Digital Healthcare plans to offer and add telemedicine/telehealth software to already existing software like healthcare CRMs, clinical software and patient management systems, have to incorporate all the relevant Acts & guidelines. It will not only help their clients but also will help companies because as per Telemedicine Practice Guidelines, technology platforms are obligated to ensure many instructions otherwise can be blacklisted.

Difference between EMR, EHR & PHR

Electronic Medical Records

Electronic medical records (EMRs) are digital versions of the paper charts in clinician offices, clinics, and hospitals. EMRs contain notes and information collected by and for the clinicians in that office, clinic, or hospital and are mostly used by providers for diagnosis and treatment. EMRs are more valuable than paper records because they enable providers to track data over time, identify patients for preventive visits and screenings, monitor patients, and improve health care quality.

Electronic Health Records

Electronic health records (EHRs) are built to go beyond standard clinical data collected in a provider’s office and are inclusive of a broader view of a patient’s care. EHRs contain information from all the clinicians involved in a patient’s care and all authorized clinicians involved in a patient’s care can access the information to provide care to that patient. EHRs also share information with other health care providers, such as laboratories and specialists. EHRs follow patients – to the specialist, the hospital, the nursing home, or even across the country.

Personal Health Records

Personal health records (PHRs) contain the same types of information as EHRs—diagnoses, medications, immunizations, family medical histories, and provider contact information—but are designed to be set up, accessed, and managed by patients. Patients can use PHRs to maintain and manage their health information in a private, secure, and confidential environment. PHRs can include information from a variety of sources including clinicians, home monitoring devices, and patients themselves.