Emerging technologies such as digital health applications, telemedicine, and information sharing will deliver game-changing benefits for clinicians and patients; at the same time, they will raise legal issues in digital healthcare in India. This growing communication raises concerns about the security and privacy of patient’s information. Several digital health and telemedicine companies are concerned about data security and infringements. Furthermore, whether for data mining, analysis, or marketing goals, the intentional sharing of protected health information (PHI) with third parties is possibly a more crucial subject of enforcement. As data sharing and data mining become more prevalent in the healthcare industry, providers and suppliers must understand when and how to communicate PHI. With all of these technological advancement comes the legal issues pertaining to digital healthcare, such as breech of data. If you want to learn more about it then the
In this article, the author has discussed all these legal issues in digital healthcare with the liabilities for violations of various legal requirements.
Legal issues in digital healthcare related to Data use
Data security is a major concern when it comes to the usage of personal information. In September 2013, the (Ministry of Health and Family Welfare) MoHFW released the Electronic Health Record Standards (EHR Standards) for India. In terms of acceptability and application in India, they were picked from the best current, widely used standards applicable to worldwide electronic health records. As a result, healthcare organizations and providers all around the world have been alerted and have submitted the EHR Standards 2016 framework for adoption in IT systems. MoHFW pushed for its adoption by making free-to-use standards like the Systematized Nomenclature of Medicine Clinical Terminology (SNOMED CT) available in India, as well as naming the Interim National Release Centre to adhere to the clinical trial standard that is becoming widely recognized by healthcare stakeholders worldwide.
The MoHFW intends to establish a legislative entity in the form of a NDHA which is National Digital Health Authority through the DISHA which aimes to promote and adopt e-health standards, implement privacy and protection measures for electronic health data, and govern electronic health record storage and sharing. Moreover, the MoHFW’s National Digital Health Authority (NeHA) is a proposed authority that would be in charge of developing an integrated health information system in India. It is recommended that it serve as a promotional, regulatory, and standard-setting agency to guide and assist India’s digital health journey, as well as the subsequent realization of ICT advantages intervention in the health sector.
Legal issues in digital healthcare related Data sharing
The primary problems of personal data sharing include: confidentiality, data exchange control; security and privacy; and knowledge, trust, accountability, and responsibility. The proposed Digital Information Security in Healthcare Act (DISHA) was prepared by the MoHFW to safeguard data from the Indian healthcare industry, providing patients complete control over their health information.
For example, if you go to the doctor for a check-up and the doctor enters the information into an electronic health record, DISHA will fully cover the information because it is stored within the health care system. DISHA offers three primary objectives including:
- Creating a National and State Digital Health Authority.
- Enforcing privacy and security safeguards for electronic health data.
- Governing electronic health record storage and sharing.
The document also includes information on the establishment of a National Electronic Health Authority and State Electronic Health Authorities (NeHA and SeHA, respectively). In effect, it would guarantee substantial data protection to Indian people and manage data mobility.
Legal issues in digital healthcare related to Intellectual property
Several ground-breaking products have been developed in the digital health field. The legal issues in the digital healthcare related to intellectual property such as protection of particular ideas and technologies becomes critical in this highly competitive environment. Patents, copyrights, trademarks, and designs are all protected by Indian intellectual property law. In the context of Digital Health, manufacturing is concentrated in the areas of digital applications (including mobile apps) and wearable devices. In light of such advancements, this section discusses the many types of intellectual property protection available.
- Patent: The Patent Act of 1970 (Patent Act) of India provides for patent protection. The Patent Act is fundamentally consistent with the Trade-Related Aspects of Intellectual Property Rights (TRIPS), and India, as a signatory, is committed to the agreement’s full adoption and application.
It is the software that runs any Digital Health application, which is essentially a computer programme. Any computer programme per se is not patentable as per Section 3(k) of the Patent Act of 1970. Nonetheless, the Indian Patent Office stated in its 2017 ‘Guidelines for the Review of Computer Related Inventions (CRI)’ that while the CRI itself is not patentable, but, if a CRI asserted in combination with novel hardware cab be patentable bu only if it meets the other criteria, such as the three-prong test outlined in the guidelines. Patents have already been granted for software applications that have a hardware component. Unless the technology/software meets these standards, it will seek for a patent and, if granted, will be protected.
as per the law, patent will not be granted if the device or system is determined to be “a technique for the medical or other treatment of people and animals,” as defined in Section 3(i) Patent Act (Section 3 deals with what is not called inventions). .
- Copyright: In India, the Copyright Act, 1957 protects intellectual property. Clinical instructions and data may be protected under the Copyright Act if they are delivered in some kind of media. The law of copyright does not apply to a simple collection of data. This is based on the ‘sweat of the brow’ theory, which states that even if there is no originality in content such as tables or databases, copyright will only be preserved if a person undertakes to gather the information independently. The individual is then entitled to compensation for his or her work and expenditures.
- Trademark: The Trade Marks Act of 1999 (the TM Act) governs and protects Indian trademarks. In addition to legislative protection, unregistered marks are protected under common law. A ‘mark’ is defined as “a device, a trademark, a heading, a label, a ticket, a name, a signature, a word, a letter, a number, a product form, a package or a colour combination or any combination thereof” under the TM Act.
The TM Act includes provisions for trademark categorization. India adheres to the NICE Classification of Products and Services, which was integrated into the schedule’s norms. Class 9, which comprises computer software and computer programmes, is one class for which a trademark can be registered.
The ‘label’ of a Digital Health application or device may be registered as a trademark under the TM Act, subject to certain requirements that also constitute grounds for refusal of the trademark. These are: lack of distinctive character or marks.
Legal issues in digital healthcare related to Commercial agreements
There are various criterias: The primary goals for such collaboration is to record the specifics of all qualified members; consideration of governance management along with contract management dissemination; security and assessment of established intellectual property and technology transfer; and information consideration, can be technically implemented for collaborative improvements.
Healthcare and non-healthcare organizations have various working definitions in terms of structure and strategy; yet, client loyalty is the primary focus for both industries. When reviewing the agreements, keep in mind the confidentiality process for data exchange, as well as data protection and privacy.
Offences and penalties
Current data security rules in India are simply not designed to deal with the planned data generation and sharing volume. As per Section 43A of the Information Technology Act, 2000 (IT Act) and the Information (Reasonable Security Practices and Processes and Sensitive Personal Data or Information) Regulations of 2011, the essential need for organizations is that suitable security measures are in place. In the absence of these safeguards, a failure to secure data would empower a corporate entity to hold the individual responsible. As a data security law, this is far from adequate.
The Ministry of Health’s proposed Digital Information Security in Healthcare Act guarantees people the privacy, confidentiality, and security of their digital health data. According to the proposed Digital Information Security in Healthcare Act by the Health Ministry (DISHA),
- Severe healthcare data breaches may result in up to five (5) years of imprisonment and a fine of up to INR five (5) lakhs.
- A severe breach of digital health data will be considered if a person intentionally, dishonestly, fraudulently, or negligently infringes on digital health data, shares information that is not anonymized or de-identified, and fails to secure the data in accordance with the standards prescribed by the Act or any rules.
The employer may also be sued under the provisions of Digital Health services where there is an employer-employee connection, which holds the employer vicariously liable for the employee’s conduct and omissions while on the job. This is not frequently the case in an employer-independent contracting agreement, when the service provider has no control or supervision over the acts of the independent contractor.
Criminal prosecution occurs in criminal courts for a variety of reasons, including the conduct of criminal acts under any criminal statute, notably the Indian Penal Code, 1860. If a provider is irresponsible or incompetent in delivering a service and the service results in some kind of physical damage or death of the patient/user, the provider may face criminal charges. The most serious charges that doctors and other providers of these services face are causing death by neglect, actions endangering others’ lives or personal safety, causing harm by an act endangering others’ lives or personal safety. If a person is convicted on the above-mentioned criminal offence, he or she may face both imprisonment and penalties.
In contrast to regular criminal prosecution, criminal prosecution in medical negligence instances occurs only when the carelessness is egregious. Moreover, the Supreme Court was receptive to the criminal prosecution of doctors. In the case of Hemaben Sanjeev Kumar Kanodiya v. D.N. Nanavati and Others, the Court stated that if the hands tremble with the dangerous fear of facing criminal prosecution in the event of failure, whether attributable to themselves or not, neither a surgeon nor a doctor can successfully exercise his life-saving scalper to perform an essential surgery.
Liability and dispute resolution
Liabilities for violations of various legal requirements may be civil or criminal in character, and may differ between doctors providing services and service providers such as internet platforms, institutions, and so on.
- Suits before a Civil Court: A breach of contractual responsibilities between the Digital Health service provider and the patient/user might result in civil actions. It might also be brought because of a tort, such as negligence, committed by the service provider or its personnel.
A breach of contractual commitments may result in the payment of damages that are either agreed at the time of contract execution (liquidated damages) or based on a judicial ruling (unliquidated damages). Suits may also be brought before the civil courts in cases of negligence, as defined by the Apex Court in the case of Jacob Mathew v. State of Punjab & Anr, the court stated that, “breach of a duty which has been caused by the omission to do something which a reasonable man would do and which will ordinarily regulate the conduct of human affairs”.
To show negligence in a civil claim, it must be demonstrated that:
- A legal responsibility to exert reasonable care.
- A breach of that duty.
- The resulting damage.
The Supreme Court has decided that a “person who sets himself forth ready to offer medical advice and treatment implicitly commits that he is possessed of ability and knowledge for the purpose” in the context of a doctor-patient relationship, as would be the case in many Digital Health services. When consulted by a patient, such a person owes him various obligations, including a duty of care in determining whether to take the case, a duty of care in selecting what treatment to deliver, and a duty of care in administering that treatment. A breach of any of these responsibilities provides the patient the right to sue for negligence (Laxman Balkrishna Joshi v. Trimbak Bapu Godbole and Anr.) There is no cap on the amount that can be claimed as damages in such instances, as long as the damages are consequential.
- Vicarious Liability: In the provision of Digital Health services where there is an employer-employee connection, the employer may also be pursued under the theory of vicarious responsibility, which holds the employer vicariously accountable for the employee’s acts and omissions arising in the course of his/her employment. This is not frequently the case in an employer-independent contractor relationship, because the service provider has little control or supervision over the independent contractor’s actions.
- Liability under CPA (Consumer Protection Act): The CPA establishes a system for the resolution of consumer disputes and provides for the protection of consumer interests. The CPA was created to give customers a way to resolve their complaints without having to go through the time- and money-consuming process of filing a civil lawsuit.
In the event that a service is subpar, consumers may seek reimbursement from service providers under the CPA. Consumers may file claims for faulty goods and unfair business practises in addition to deficient services. At the local, state, and federal levels, forums for consumers have been established to hear about such issues. In addition, the CCPA has the authority to pursue consumer issues on its own without first receiving a complaint from a consumer.
Healthcare is not specifically mentioned in the definition of services in the CPA 2019. Although healthcare is not expressly listed as a service under CPA 2019, it is also not specifically listed as being excluded, which creates uncertainty. The CPA 2019 definition of services also encompasses services that aren’t specifically mentioned in the definition.
Medical services have been ruled to be inside the CPA’s purview in the past [Indian Medical Association v. V. P. Shantha and Ors, (AIR 1996 SC 550)], as long as the patient is being charged for the service. Thus, it also applies to digital health. Yet, since the CPA disallows services that are provided without payment, one of the crucial components of a claim under the CPA is the payment for the services. The service provided is often paid but is waived in some circumstances, such as for people who cannot afford it, as stated in the case of Indian Medical Association v. V. P. Shantha and Ors (AIR 1996 SC 550) case, is a notable exception. In such circumstances, the recipient of the free services would still be eligible to file a claim under the CPA.
There is no cap on the amount of compensation that may be requested for claims made to consumer commissions. While the amount of the award varies, the typical award ranges from INR 2 Lakh to INR 6 Lakh. Moreover, there have been instances when medical negligence claims have received awards of up to INR 11 crore in compensation [Balram Prasad v. Kunal Saha, (2014) 1 SCC 384].
- Disciplinary Action by the NMC: A patient has the right to file a complaint against a physician for unethical or professional misconduct with the state medical council of the relevant state. Within 60 days of receiving the state medical council’s judgement, consumers or physicians who disagree with it have the option of appealing to the Ethics and Medical Registration Board of the Commission (Under Regulation 8.8 of the MCI Code). If the Ethics and Medical Registration Board’s decision has offended you, you have sixty days from the time it was communicated to file another appeal with the NMC.
The MCI Code outlines specific instances of professional misconduct, including as failing to maintain medical records, rejecting treatment on the basis of religion, and performing surgeries without receiving written authorization (Regulation 7.16 of the MCI Code).
- Criminal Liability: Criminal cases are prosecuted in criminal courts on the basis of offences committed in violation of several criminal laws, most notably the Indian Penal Code, 1860 (IPC). In the case of digital health services, a person may be prosecuted if they act hastily or negligently while providing a service and it causes the patient’s or user’s physical harm or death. Doctors and other service providers frequently face charges of causing death by negligence (Section 304-A of the IPC), endangering the life or personal safety of others (Section 336 of the IPC), causing injury by such an act (Section 337 of the IPC), and grievous injury by such an act (Section 337 of the IPC) (Section 338 of the IPC). If someone is found guilty of the crime, as mentioned earlier, they might be imprisoned as well as pay a fine.
Criminal prosecution in medical negligence situations only occurs when the carelessness is “gross” in character, as opposed to criminal prosecution in regular circumstances. The Supreme Court has adopted a supportive stance regarding medical criminal prosecution. In the words of the Supreme Court, “Neither a surgeon can successfully wield his life-saving scalper to perform an essential surgery, nor a physician can successfully administer the life-saving dose of medicine, if the hands are trembling with the dangling fear of facing a criminal prosecution in the event of failure for whatever reason, whether attributable to himself or not.” In the State of Punjab and Anr. ; Jacob Mathew v. State of Punjab & Anr. The Supreme Court has made a special exemption for the beginning of criminal prosecution in medical malpractice situations. Without a reliable opinion from another physician to back up the claim of haste or negligence on the side of the accused physician, no criminal prosecution may be started.
In cases involving the arrest of doctors, the Supreme Court has also carved out a particular exemption. According to the court’s ruling, “A doctor accused of recklessness or negligence, may not be arrested in a routine manner, unless his arrest is necessary for advancing the investigation or for gathering evidences or unless the investigation officer feels satisfied that the doctor proceeded against would not make himself available unless arrested.”
For criminal prosecutions, the vicarious liability idea does not hold true. Thus, the organizations/online platforms that offer digital health services would not be held legally responsible for the deeds of their workers.
The digital healthcare market has a lot to offer. It has a lot of opportunities, but with opportunities come risks and challenges. Emerging technologies such as digital health applications, telemedicine, and information sharing will deliver game-changing benefits for clinicians and patients. Simultaneously, they will raise legal issues in digital healthcare in India. Therefore, the digital healthcare model in India must focus on three legal aspects: data privacy, IPR regulations and conformity with medical ethics. The pandemic has already accelerated the adoption of technology in the pharmaceutical business, and it demands specific laws.
Read Our Article: Digital Healthcare Sector In India: An Overview