Medtech: Legal Concerns & Regulations To Heed

By - KSANDK on September 3, 2022

Medtech Regulations

The rapid adoption of medical technology and the acquisition of medtech firms by Indian diagnostic chains, established corporations, and new healthcare providers appear to be the norm. Many companies have also begun to collaborate with medtech companies to streamline their services and grow their operations. The healthcare solutions industry has witnessed several changes, particularly in the aftermath of COVID-19, and the medtech industry plays an important role in healthcare delivery. Furthermore, there is an increase in the demand for fresh applications, and disruptive technologies such as machine learning, artificial intelligence, cloud computing, next-generation sequencing, information technology, and improved imaging are being integrated.

The key stakeholders are telemedicine platforms, e-pharmacies, self-monitory health devices, and digital health data aggregators.    The legal and regulatory frameworks concerning medtech services include the Telemedicine Guidelines 2020, Drugs and Cosmetics Act, 1940, Drugs and Cosmetics Rules, 1945, Drugs and Cosmetics (Amendment) Rules, 2018 (E-Pharmacy Rules), Information Technology Act, 2000, Information Technology Rules, 2011, Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, Consumer Protection Act, 2019, Indian Medical Council Act, 1956, Indian Medical Council Regulations, 2002, Digital Information Security in Healthcare Act, and the Telecom Commercial Communications Customer Preference Regulations, 2018.  

We will discuss the following regulatory concerns regarding medtech:   

  • Teleconsultation Compliances  
  • E-commerce Marketplace Regulations  
  • Manufacture, Sale, and Distribution of Drugs and Cosmetics  
  • Data Usage & Sharing  
  • Safe Harbor, Due Diligence, Data Minimization, and Purpose Limitation  
  • Intellectual Property  

Teleconsultation Compliances

The Telemedicine Practice Guidelines establish a framework for teleconsultations for licensed practitioners. The emphasis on platform aggregators distinguishes these standards. The guidelines also state unequivocally that platforms that use artificial intelligence or machine learning are not permitted to provide medical advice and prescriptions to patients — only registered medical practitioners are allowed to do the same. The guidelines also provide serious penalties for disobedience, such as the site being blacklisted.  

E-commerce Marketplace Regulations

The Consumer Protection Act, 2019 and the Consumer Protection (E-Commerce) Rules, 2020 require these platforms to require sellers to “ensure that the descriptions, images, and other content about goods or services on their platform are accurate and correspond directly to the appearance, nature, quality, purpose, and other general characteristics of the good or service in question.”   

It is important to make such information easy to understand. Furthermore, these platforms are required to make the terms and conditions regulating their interactions with sellers on their platform public for better transparency.  

Manufacture, Sale, and Distribution of drugs and cosmetics

A valid license is required for the manufacturing, sales, and distribution of drugs and cosmetics. Furthermore, only a valid prescription stamped by a licensed medical practitioner may be used to get medications listed in Schedules H, H-1, or X of the Drugs and Cosmetics Rules.  

The Drugs Consultative Committee established a subcommittee to regulate online sales. The Drugs and Cosmetics Rules (E-Pharmacy Rules) 2018 provide legal recognition to e-pharmacies that are currently functioning since there are no specific regulations for them in India.   

Data Usage & Sharing

For safeguarding confidentiality and privacy, the stakeholders enter into non-disclosure and personal privacy agreements. Further, significant issues include intentional sampling and data confidentiality, and difficulties caused due to a lack of legal recourse.   

While transferring personal data, flexibility, transmission, security and privacy, information sharing, trust, responsibility, and accountability are important factors. The Ministry of Health created the proposal for the Digital Information Security in Healthcare Act to safeguard healthcare data in India and give customers complete control over their health data. It highlights the following data protection goals:   

  • Establishing a national and state-level digital health authority.  
  • Implementing privacy and security safeguards for electronic health data.  
  • Regulating electronic health information storage and exchange.  

It is hoped these goals strengthen overall consumer privacy vis-à-vis medical data. 

Safe Harbor, Due Diligence, Data Minimization, and Purpose Limitation

The Information Technology Act of 2000 applies to all health-tech businesses. Section 79 requires companies in the medtech industry to create safe harbour protection for intermediates. An intermediary is a party who receives, stores, transmits, or provides any service relating to an electronic record on behalf of another party. Section 79 protects intermediaries from all criminal conduct and establishes the rigorous standards that intermediaries must achieve to qualify for this exemption.  

Further, under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, health-tech enterprises frequently acquire and process sensitive personal data. An easily accessible privacy policy that corresponds to the ethics of data reduction and purpose limitation must be placed on the website of the health-tech company which is collecting and processing such data. The privacy policy must adhere to the reasonable security standards outlined in Section 8 of the Rules, which dictate that the enterprise must clearly identify the sort of sensitive or personal data or information being collected, and indicate the purpose for which it is being collected and used.  

Intellectual Property

The handling of confidential information and trade secrets is not specifically prohibited by law and these are generally protected by non-disclosure and confidentiality agreements in the expanding digital health business. Furthermore, academic technology transfer is a new notion. Even though some businesses and academic organizations have adopted this notion and devised criteria for identifying inventors and strategically deploying discoveries, the vast majority of enterprises and academic institutions have not. Intellectual property protection in the digital health industry is rapidly developing, but is currently a vulnerable area of the same.  

Looking Forward

Despite the government’s best efforts, the current regulatory framework for the internet healthcare industry is incoherent. The lack of regulatory stability around the e-pharmacy industry harms the e-healthcare industry’s last-mile connectivity. Online pharmacies have been mired in a regulatory maze in the United States since their inception. India must quickly establish a complete framework for digital healthcare that incorporates all of its essential components.  

Artificial intelligence, cloud computing, and machine learning are not yet governed by distinct legislation in India. Medtech companies would be forced to implement privacy by design, a concept that applies to all aspects of their business, including their technology and practices. A system like this would ensure the security of personal data and the application of rights across the spectrum simultaneously. Data protection laws continue to lag behind trade in this fast-paced business.   


Liked this Article ?

Join our list to receive more such updates

By entering the email address you agree to our Privacy Policy.

King Stubb & Kasiva

Offices In - New Delhi | Bangalore | Mumbai
Chennai | Hyderabad | Kochi | Kolkata | Pune