Indian healthcare gets privacy backbone from new data protection rules

The notification of the Digital Personal Data Protection Rules 2025 has activated provisions of the DPDP Act 2023, significantly impacting the healthcare sector. The law designates medical institutions as data fiduciaries and grants patients rights over their data. Yet, ambiguities in the details pose challenges for healthcare providers.

The Digital Personal Data Protection Act 2023, along with the recently notified Rules of 2025, marks India's most significant privacy reform since the IT Act 2000. These measures promote respect for individual rights and data accountability. In healthcare, every clinic, hospital, laboratory, and telemedicine application is elevated to the status of a "data fiduciary," without distinction based on size. Personal data in digital form, or later digitized, falls under the Act's scope.

Patients become "data principals" entitled to access, correct, and erase their medical information. Hospital consent forms have often relied on blind faith rather than informed choice, but the DPDP Act introduces transparency. During medical emergencies or public health crises, data processing without consent is permitted. However, ambiguities persist in areas like post-operative ICU care, chronic illness management, and follow-up treatments.

Withdrawing consent or requesting data erasure creates complications for healthcare providers. Fiduciaries must delete the data and cease processing it, yet legal obligations in healthcare remain intact. The Act's definition of "processing" includes "erasure," potentially requiring consent even for deletions. Schedule III of the Rules prescribes data retention timelines for various sectors, but healthcare is notably absent, leaving institutions uncertain about record-keeping.

For data collected before the Act's commencement, fiduciaries must notify principals "as soon as reasonably practicable," with no defined time limit. According to authors Tishampati Sen, an advocate at the Supreme Court, and Harsh Mahajan, founder of Mahajan Labs and FICCI health mentor, the healthcare sector warrants sector-specific guidelines due to its critical nature. Overall, the law empowers patients by affirming their data rights and reminds providers that duty of care now extends to digital realms.

Articoli correlati

Interior Undersecretary Máximo Pavez speaking confidently at a press conference podium with Chilean flags in the background.
Immagine generata dall'IA

Pavez defends migrant indication and rules out withdrawing it from bill

Riportato dall'IA Immagine generata dall'IA

Interior Undersecretary Máximo Pavez backed the indication requiring public institutions to share data on irregular migrants. He stated the measure aims to facilitate notifications and does not create a general duty to report.

Commission III of the Indonesian parliament has sharply criticized Rien Wartia Trigina alias Erin for filing a counter report against her former domestic worker Herawati under the personal data protection law.

Riportato dall'IA

The Lower House approved a bill to revise the personal information protection law. The bill includes a provision requiring businesses that repeatedly commit violations to pay fines equivalent to the earned profit to state coffers.

Ethiopia held a national conference in Addis Ababa under the theme Data Sovereignty for Policy Freedom. Officials highlighted progress in building sovereign digital intelligence infrastructure.

Riportato dall'IA

A un mese dall'entrata in vigore dei decreti dell'ECA digitale del Presidente Lula a fine marzo 2026, le principali piattaforme tra cui WhatsApp, TikTok, YouTube, Spotify, Discord e Roblox si sono adattate disabilitando le lootbox nei giochi e migliorando il controllo parentale. L'ANPD regolerà la verifica dell'età per i contenuti soggetti a restrizioni come alcol, tabacco e pornografia nel corso del 2026.

Questo sito web utilizza i cookie

Utilizziamo i cookie per l'analisi per migliorare il nostro sito. Leggi la nostra politica sulla privacy per ulteriori informazioni.
Rifiuta