The present times are very interesting for entrepreneurs exploring technology related projects and businesses. Online businesses and e-commerce ventures are on rise in India. The motto of these online businesses seems to be launch first and legal compliance later. This is a defective strategy on the part of online business entrepreneurs as the more you avoid legal compliances the worst legal consequences would ensue. Thus, to start with, legal issues of e-commerce in India must be duly kept in mind by online business stakeholders.
Of many segments that are required to comply with Indian laws while running their businesses, mobile health related professionals need to take special care and cautions while dealing with sensitive information of the patients. We have no dedicated m-health laws and regulations of India but there are many provisions under different Indian laws that must be adhered to by m-health service providers of India.
If we add the complexities of cloud computing and encryption related issues to m-health projects, there are some very serious techno legal issues that have to be followed by Indian m-health entrepreneurs. Many m-health related services would be based upon a cloud computing environment and this would increase the cloud computing legal risks in India for those m-health entrepreneurs.
Many m-health companies and products in India are using patients information in both online and offline modes. These uses include third party vendors and partners as well. Thus, sensitive information is accessible to not only medical professionals, m-health service providers, third party application and software providers, etc but also to every other person who can circumvent the security system of any of the people/companies involved in this entire process. Cyber security of m-health infrastructures in India is, therefore, of utmost importance.
Similarly, techno legal issues pertaining to privacy protection and data protection (PDF) must also be adhered to by the m-health service providers. If patients’ data and information are leaked or compromised due to negligence or lack of cyber and data security practices of m-health service providers, serious legal and financial obligation would be incurred.
M-health entrepreneurs must also keep in mind the requirements of Internet intermediary liability in India and cyber law due diligence in India (PDF). The new Indian Companies Act, 2013 (PDF) would further raise the incidences of corporate criminal liability in India.
Presently, there seems to be a general indifference among the m-health service providers of India towards these techno legal compliances. With medical records and sensitive personal information at stake, this casual approach may cost them both in terms of money and unnecessary civil and criminal prosecutions.