INTRODUCTION

The Indian healthcare industry is estimated to hit USD 50 billion in size by 2025. In parallel, studies indicate that the healthcare industry faced the largest number of attacks amongst all sectors within India. For instance, the spate of cyberattacks over the last few months on the systems of the All-India Institute of Medical Sciences, Delhi, India’s premier medical research institute and hospital, thrust into limelight the importance of health data management in the Indian health sector. Businesses in the health space deal with particularly sensitive health data. A breach or unauthorised access of such data may severely compromise patient interest and confidentiality.

On August 11, 2023, the Indian government enacted the Digital Personal Data Protection Act, 2023 (“DPDPA”) into law. This guide examines the impact of the DPDPA on the healthcare industry in India and provides practical recommendations on approaching compliance with the new law for businesses in the space.

INDIAN LEGAL FRAMEWORK ON HEALTH DATA