The article presents a thorough examination of the regulatory structure concerning confidentiality in the doctor-patient interaction in India. It emphasises the lack of particular laws addressing this matter, despite its crucial significance. This study examines the principles specified in the Indian Medical Council (Professional Conduct, Etiquette and Ethics) Rules, 2002, with a focus on the ban of revealing patient information and the resulting repercussions for violations.
Furthermore, the article explores the planned Digital Information Security in Healthcare Act (DISHA), which seeks to create national and state eHealth agencies and health information exchanges. Although not yet implemented, DISHA aims to provide uniform standards and regulations for the gathering, retention, transfer, and use of digital health information, with a particular emphasis on safeguarding data privacy and security.
The article additionally examines the Puttaswamy judgement and its ramifications for data security and privacy in India, specifically in relation to the Aadhar programme. The article next analyses the Digital Personal Data Protection Act, 2023 (DPDP Act), which came into effect on January 1, 2024. The DPDP Act seeks to govern the handling of personal data, including health information, and imposes strict requirements on data fiduciaries. It may be compared to the EU’s General Data Protection Regulation (GDPR). The text examines the influence of the DPDP Act on the management of healthcare data, highlighting the need for strong cybersecurity measures, data governance frameworks, and compliance standards within the healthcare industry.
The article emphasises the changing situation of confidentiality in particular as well as data privacy with the help of regulatory framework in India’s healthcare industry, focusing on the difficulties and possibilities brought about by new laws and technological progress.
