Trade Agreement

Findings of this study Mode 1 GATS Report India Page 41 5.2 Legal & Regulatory framework The legal scenario in India plays a major role in supporting an environment, conducive for stakeholders of e-health. Legal framework being the important infrastructure element needs to be user-friendly and implementable at all levels for the purpose of compliance. 5.2.1 Current Scenario The Indian legal system though robust and based on a strong historical tradition is proving somewhat ineffective for the growth and development of advancing technologies. There is no legal framework in India that specifies the health services, capture, use, and storage of health information, their exchange for all modes of health services delivery, etc. The legal framework lacks the structure and support that is required to help operate and promote the evolving health services scenario. The following are some examples of legal framework in India, which partially address the current issues but need to be redefined with the emerging health care practices and health environment. Rights to Privacy The Constitution of India does not confer, in express terms, any constitutional guarantee on the right to privacy. Nevertheless, an unauthorized intrusion into a person's home and the disturbance caused to him thereby, would constitute a violation of a common law right of a man. The right to privacy is also an essential ingredient of personal liberty. While the right to privacy has been enumerated by the courts as one of the rights available to persons under Article 21 of the Constitution, the courts have held that it is not absolute. Article 21 of the Constitution is to be interpreted in conformity with international law, since India is a signatory to the International Covenant on Civil and Political Rights. (Article 17 refers to the right to privacy) Privacy and the Doctor Patient Relationship It has been held by the Supreme Court that in the doctor-patient relationship, the most important aspect is the doctor's duty of maintaining secrecy. A doctor cannot disclose to a person any information regarding his patient which he has gathered in the course of treatment nor can the doctor disclose to anyone else the mode of treatment or the advice given by him to the patient. The doctor-patient relationship, though basically commercial, is professionally, a matter of confidence and, therefore, doctors are morally and ethically bound to maintain confidentiality. The Hippocratic oath The Hippocratic oath as such is not enforceable in a court of law, as it has no statutory force. Medical information about a person is protected by the Code of Findings of this study Mode 1 GATS Report India Page 42 Professional Conduct made by the Medical Council of India under Section 33(m) read

with Section 20-A of the Act. Circumstances in which the public interest would override the duty of confidentiality could, for example, be the investigation and prosecution of serious crime or where there is an immediate or future (but not a past and remote) health risk to others. Code of Medical Ethics The Code of Ethics prescribed by the Indian Medical Council requires doctors (as against Healthcare Providers) to " not disclose the secrets of a patient that have been learnt in the exercise of" his or her profession. Those secrets "may be disclosed only in a court of law under orders of the Presiding Judge." The Information Technology Act, 2001 India is only the 12th country in the world to have a legal framework for ecommerce promulgated as the 'Information Technology Act, 2001’. This Act effects consequential amendments in the Indian Penal Code, The Evidence Act, 1872, and The RBI Act, 1934, bringing all of them in line to the requirements of the digital transactions. This Act is also likely to affect the Companies Act, 1956 for the purpose of facilitating e-governance and e-commerce in the country. The Act seeks to address three areas: • enabling e-commerce (b2b and b2c) • enabling e-governance (g2c and c2g) • curbing cyber crime and regulating the online environment Telemedicine and Law There is presently no Indian law that addresses the issues raised by the practice of telemedicine in India. (Though there is an on-going initiative to addresses this gap). While the Information Technology Act, 2000 provides for standards in relation to information technology in general, the same does not relate to the provision of healthcare services by using information technology. The applicable statute for licensure could be the Indian Medical Council Act, under which the Indian Medical Council regulates medical education and the admission of individuals to the Indian and State Medical Registers. Since the same statute regulates doctors all over India, issues of licensure across states will not arise akin to the situation in the United States. However, acrossborder telemedicine practice will cause similar issues to arise - this should be resolved by the legislature. 5.2.2 Barriers Indian health laws, though many in number, are ineffective and more often than not, against the spirit of advancement. Drawing analogy with other advancing countries, their legal frameworks and initiatives, India has a long way to go in terms of revising Findings of this study Mode 1 GATS Report India Page 43 existing laws in tune with the evolving health scenario. Some of the problems concerning the legal framework within the country are: • Ineffective legal provisions and statutes leading to ineffective enforcement of legal rules. For e.g., The Indian health laws are not as stringent as in USA to ensure that all stakeholders involved comply by a certain date, such as HIPAA.

• Delay by the legal provisions in adapting to the changing environment. For e.g., Provision for regulating e-health activity is not seen and legal provisions not updated with the evolving health scenario. • No adequate provision for patient privacy with regard to health data. • No statute defining the security and access control of health data. • No provision defining the use of technology in health environment. • No provision recognizing the cross-country interaction and trade in health services. For e.g., Telemedicine is an evolving health technology that is changing the face of healthcare and linking geographical regions, but is not regulated. • All parties and stakeholders of the healthcare industry are not liable. In India, health laws gravitate around the providers and the medical professionals, for e.g., Consumer Protection Act tends to target the Providers and the medical professionals. • Loopholes in Law Inadequacy of Existing Indian Law While the courts have evolved certain principles using which it may be possible to attach liability to Healthcare Providers, these are clearly inadequate to address the range of issues connected with the creation and use of Health Information, inter alia, for the following reasons: • The existent principles address (to a limited extent) liability after misuse of the Health Information, and do not lay down standards for use of that information. • The right to privacy has primarily been articulated in terms of the fundamental rights of persons under the Constitution, which are available against the State. While the Supreme Court has not squarely addressed the issue of whether the actions of private individuals (Healthcare Providers) can be subject to the right to privacy, it may be necessary to provide specifically for the right to privacy in respect of Health Information. Findings of this study Mode 1 GATS Report India Page 44 • Provisions need to be made for administrative procedures implementing the regulation of Health Information. • Liability is largely restricted to doctors, since existing principles do not take into account the wide range of other Healthcare Providers. • The issue, type, and degree of penalties to be levied need to be specifically addressed. Key learnings of the study: Two key messages emerged from the research conducted: 1. Legal framework for Mode 1 health services is not clear to many businesses. In some cases, rules have not yet been framed. E.g. E-Learning & Telemedicine 2. HIPAA awareness is low. Indian companies will have to follow more stringent business practices, which could reduce their profitability Many respondents cited that the existing legal framework is ineffective and should be updated to suit the current scenario. Existing Frame work is ineffective 26% 0% 74% Yes No

No Comment Currently, no effective legal framework exists for cross border trade. For example, legal requirements and implications of getting into businesses such as Contract Research, Medical Transcriptions, Medical Coding and Billing are not clearly defined in India. All these businesses deal with confidential health information. Currently ITES companies are registered under the Shops and Establishments act, which does not provide for any regulations of privacy and confidentiality of health information. Findings of this study Mode 1 GATS Report India Page 45 More and more healthcare companies in the US will be complying with HIPAA in the near future. This will require more documentation and administrative work for all the incumbents. Indian companies do not understand the implications of HIPAA very well today, they need advise on its implications on the Indian healthcare BPO sector. HIPAA Awareness in India will help 13% 0% 87% Yes No No Comment Adoption of HIPAA by US healthcare providers might also make it difficult for them to outsource work relating to patient health information to service providers in remote locations. Currently, we need more HIPAA experts who can advise Indian healthcare service providers on how to approach the issue. General impression of investors on the Indian legal framework is that they face legal hurdles even if they wish to be legally compliant in their set ups. Loopholes in law do not ensure smooth establishment. Legal statutes are elusive and there will always be a loophole to play around with. There was an indication of felt need for a robust and effective legal framework that would help regulate the health service environment by many respondents. Robust and Effective Legal Framework Required 0% 13% 87% Yes No No Comment Findings of this study Mode 1 GATS Report India Page 46 Legal rules governing education, health and eCommerce are not advanced in India and need to be upgraded. This process is slow but will happen. 5.2.3 Initiatives At a global level, access to health services has substantially increased on account of new developments in technology. These developments, including the use of the Internet and other modes of communication for the purpose of providing healthcare services have had an effect in India as well, though not to the extent seen in

developed countries. Furthermore, apart from the use of technology for the actual provision of healthcare services to patients, improvements in technology have also greatly facilitated the flow of information amongst the recipients and providers of healthcare services. In light of such developments, new issues arise in context of the regulation by law of healthcare services. Globally, there has been a move towards evolving a legal framework that can address the new issues arising from the use of information technology in the healthcare sector. Two of the most important issues that arise in this context are the right to privacy of individuals, and the protection of this right in relation to health information, and the development of a suitable regime (including the development of new standards for the determination of liability, of necessary) regulating the provision of healthcare services by the use of technology (as against the traditional "delivery" of healthcare services). There is considerable amount of effort undertaken by various interest groups to revamp the existing Indian health law system. Legal rules governing education, health, Internet, etc is being re-looked at to accommodate the changed scenario. The Ministry of Communications and Information Technology, under their initiative to standardise digital health information through out the country by building an “Information Technology Infrastructure for Health in India”, has taken the initiative to propose ‘The Telemedicine Act, 2003’ which would serve as a guideline statute. The Act, apart from defining various entities, persons, technologies and provisions, also covers the following aspects: • It specifies the duties and functions of the Telemedicine Authority. • Issues related to Licensing and Authorizing Telemedicine Practices • Specifies the duties and liabilities of the persons involved in Telemedicine • Covers the Doctor-Patient Relationship • Penalties and liabilities in terms of non-conformance to stipulated standards and practices • Confidentiality of Information • Other Powers and Transitional Information Findings of this study Mode 1 GATS Report India Page 47 Telemedicine is a perfect example of the cross border trade in health services, under mode 1. Telemedicine is a pre-cursor to the changes that will be witnessed further in healthcare tomorrow. The enactment of the above Telemedicine Act would be a landmark achievement for the Indian health-technology-scape, as it would be the first step towards addressing the gap in current legal system. Indian e-health businesses are anxiously awaiting the promulgation of new legal regulations and statutes and are hopeful that these new laws would be more effective, hassle-free, growth oriented, user-friendly and would protect the interests of all the parties involved in the segment. (For more information on such initiatives, refer Annexure 5)