Category Archives: Data Security Laws In India

E-Health Laws And Regulations In India

Information and communication technology (ICT) has streamlined the way medical services and para medical services are provided world over. E-health and telemedicine are examples of use of ICT for medical purposes.

However, when technology is used for medical purposes, it gives rise to medico legal and techno legal issues. In United States, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH Act), etc are some of the laws that take care of medico legal and techno legal issues of e-health and telemedicine.

On the contrary, we have no dedicated e-health and telemedicine laws in India. Even essential attributes of these laws like privacy protection, data protection, data security, cyber security, confidentiality maintenance, etc are not governed by much needed dedicated laws.

However, numerous statues carry individual provisions that may be applicable to e-health and telemedicine activities in India. For instance, the e-governance and e-commerce related aspects of e-health and tele medicine may be governed by the Information Technology Act, 2000 (IT Act 2000) that is the cyber law of India. All electronic contraventions and violations pertaining to e-health and tele medicine can be regulated b the IT Act 2000.

Similarly, privacy and data protection aspects in cyberspace pertaining to e-health are also governed by the IT Act 20000. Further, the Supreme Court of India has interpreted Article 21 of Indian Constitution as conferring a right to privacy upon all persons in India. Even in some cases the Supreme Court of India has held that patients have a right to privacy to protect their health related information except where non disclosure of such information is violating fundamental rights of others and is against public interest and public policy.

Even data security and cyber security aspects have been covered by the IT Act 2000 to some extent. The real problem is that these provisions that protect privacy, data protection, data security, etc are piecemeal efforts and they are not serving the purposes as required.

We need to have dedicated e-health laws and regulations in India that are presently missing. The sooner these e-health laws and regulations are formulated in India the better it would be for the larger interest of medical community and patients in India.

Data Protection Laws In India

We have no dedicated data protection laws in India. Data of individuals and companies require both constitutional as well as statutory protection. The constitutional analysis of data protection in India has still not attracted the attention of either Indian individuals/companies nor of Indian government.

The statutory aspects of data protection in India are scattered under various enactments. The Information Technology Act 2000 (IT Act 2000), which is the cyber law of India, also incorporate few provisions regarding data protection in India. However, till now we have no dedicated statutory and constitutional data privacy laws in India and data protection law in India.

Further, we do not have a dedicated privacy law in India as well. Privacy rights in India are still not recognised although the Supreme Court of India has interpreted Article 21 of Indian constitution as the source of privacy rights in India. Just like data protection, provisions pertaining to privacy laws in India are also scattered in various statutory enactments. Privacy rights and laws in India need to be strengthened keeping in mind the privacy rights in India in the information age.

Another related aspect pertains to data security in India. In the absence of proper data protection, privacy rights and cyber security in India, data security in India is also not adequate. Further, we do not have a dedicated cyber security law in India as well.

Perry4Law and Perry4Law Techno Legal Base (PTLB) believe that data protection requirements are essential part of civil liberties protection in cyberspace. With the growing use of information and communication technology (ICT), data protection requirement has become very important. It would not be wrong to assume privacy and data protection rights as integral part of human rights protection in cyberspace.

Perry4Law and PTLB believe that Indian government must formulate different laws for privacy, data protection and data security. The IT Act 2000 has already committed the mistake of incorporating all cyberspace related aspects at a single place. This has resulted in a chaos and we have no effective law for any aspect of cyberspace.

Perry4Law and PTLB suggest that India government must formulate separate laws for issues like privacy, data security and data protection.