Patient Confidentiality & Data Security: Legal Analysis in India
VerifiedAdded on 2023/06/10
|36
|11951
|461
Report
AI Summary
This report delves into the legal issues surrounding patient confidentiality, access to medical records, and data security of electronic medical records in India. It begins by introducing the concept of informed consent and the doctor-patient relationship, highlighting the ambiguities in Indian law regarding age consent and medical confidentiality. The report further examines the legal framework for data privacy, including the Information Technology Act 2000 and the Indian Penal Code, discussing liabilities for breaches of data privacy. The report also explores the principles of patient confidentiality under common law, emphasizing the importance of trust in the doctor-patient relationship and the ethical considerations surrounding the use of patient data. Finally, it discusses the legal aspects of accessing medical records and the data security challenges associated with electronic medical records, providing a comprehensive overview of the legal landscape in this area.
Running head: MEDICAL LAW
Medical Law
Name of the Student
Name of the University
Author Note
Medical Law
Name of the Student
Name of the University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1MEDICAL LAW
Chapter 1:
Introduction:
The concept of informed consent in regard to medical research and treatment is still
unknown to the medical researchers and practitioners as well. In this regard, it is noteworthy to
mention here that the doctor-patient relationship in India is governed by the relationship of trust
and authorization1. However, in modern era, the concept of informed consent is still ignored
while dealing with the issues of the patients in daily medical practices. In order to complicate
such issue further, the India law has not given proper specifications regarding the age limit in
which an individual can give a valid consent.
It is evident that, still now, the Indian Penal Code has been silent regarding the legal
validity of the consent received from persons aged between twelve and eighteen. It is worthwhile
to mention here that, at this age limit the concept of “right to confidentiality” can be emphasized
upon; the Courts are at the authority to define it or it can be defined by the statutory provisions2.
Therefore, mention can be made regarding the fact that, there is a requirement of statutory
provision for the purpose of removing the existing ambiguities and uncertainties in the way of
the concept of age consent. As a result of it, an individual’s right to medical confidentiality at a
particular age can be examined.
In the case of Samira Kohli vs. Prabha Manchanda Dr. & ANR 1(2008) CPJ 56 (SC3),
it was recognized by the Supreme Court of India that, a majority of the Indian citizens requiring
medical attention and treatment falls below the poverty line. In this regard, it can be observed
1Birkhead, Guthrie S., Michael Klompas, and Nirav R. Shah. "Uses of electronic health records for public health
surveillance to advance public health." Annual review of public health 36 (2015): 345-359.
2Boonstra, Albert, Arie Versluis, and Janita FJ Vos. "Implementing electronic health records in hospitals: a
systematic literature review." BMC health services research14.1 (2014): 370.
3Samira Kohli vs. Prabha Manchanda Dr. & ANR 1(2008) CPJ 56 (SC).
Chapter 1:
Introduction:
The concept of informed consent in regard to medical research and treatment is still
unknown to the medical researchers and practitioners as well. In this regard, it is noteworthy to
mention here that the doctor-patient relationship in India is governed by the relationship of trust
and authorization1. However, in modern era, the concept of informed consent is still ignored
while dealing with the issues of the patients in daily medical practices. In order to complicate
such issue further, the India law has not given proper specifications regarding the age limit in
which an individual can give a valid consent.
It is evident that, still now, the Indian Penal Code has been silent regarding the legal
validity of the consent received from persons aged between twelve and eighteen. It is worthwhile
to mention here that, at this age limit the concept of “right to confidentiality” can be emphasized
upon; the Courts are at the authority to define it or it can be defined by the statutory provisions2.
Therefore, mention can be made regarding the fact that, there is a requirement of statutory
provision for the purpose of removing the existing ambiguities and uncertainties in the way of
the concept of age consent. As a result of it, an individual’s right to medical confidentiality at a
particular age can be examined.
In the case of Samira Kohli vs. Prabha Manchanda Dr. & ANR 1(2008) CPJ 56 (SC3),
it was recognized by the Supreme Court of India that, a majority of the Indian citizens requiring
medical attention and treatment falls below the poverty line. In this regard, it can be observed
1Birkhead, Guthrie S., Michael Klompas, and Nirav R. Shah. "Uses of electronic health records for public health
surveillance to advance public health." Annual review of public health 36 (2015): 345-359.
2Boonstra, Albert, Arie Versluis, and Janita FJ Vos. "Implementing electronic health records in hospitals: a
systematic literature review." BMC health services research14.1 (2014): 370.
3Samira Kohli vs. Prabha Manchanda Dr. & ANR 1(2008) CPJ 56 (SC).
2MEDICAL LAW
that most of them are illiterate and do not understand the complexity of the modern medical
terms, conditions, concepts as well as the treatment procedures. They do not have proper
understanding regarding the functioning of various body organs and the probable effect if such
organs were removed after a certain time4. They are not given proper access to costly diagnostic
procedures and have to act according to the guidelines prescribed by the doctors and medical
practitioners. Presently, the Indian Penal Code has stated in the provisions of Section 87 that a
person aged above 18 years can provide a valid consent however; according to the provisions of
Section 89 of the Indian Penal Code a child aged less than 12 years cannot provide valid consent.
In modern era, individuals are often confused with the concept of confidentiality and the
value of trade secrets. In this regard, privacy refers to the utilization and disclosure of personal
information which is only applicable in cases regarding the information provided to specific
group of individuals. As the concept of personal information is such that it can be regarded as the
manifestation of individual personality5. In this context, the Courts of India most importantly the
Supreme Court of India have rightly recognized the right to privacy as it forms an integral part of
right to life and liberty. The right to life and liberty is a fundamental right guaranteed to every
individual under the Indian Constitution. In this regard, the right to privacy has been provided to
every individual and utmost importance has been given by the Indian Judiciary keeping in
consideration the security of the state and community interests.
At present, no specific legislations are there dealing with data privacy and protection of
data. However, the protection of privacy and data can be derived from various laws in regard to
4 Dhanireddy, Shireesha, et al. "The urban underserved: attitudes towards gaining full access to electronic medical
records." Health Expectations 17.5 (2014): 724-732.
5 Corona, Lauren E., et al. "Use of other treatments before hysterectomy for benign conditions in a statewide hospital
collaborative." American journal of obstetrics and gynecology212.3 (2015): 304-e1.
that most of them are illiterate and do not understand the complexity of the modern medical
terms, conditions, concepts as well as the treatment procedures. They do not have proper
understanding regarding the functioning of various body organs and the probable effect if such
organs were removed after a certain time4. They are not given proper access to costly diagnostic
procedures and have to act according to the guidelines prescribed by the doctors and medical
practitioners. Presently, the Indian Penal Code has stated in the provisions of Section 87 that a
person aged above 18 years can provide a valid consent however; according to the provisions of
Section 89 of the Indian Penal Code a child aged less than 12 years cannot provide valid consent.
In modern era, individuals are often confused with the concept of confidentiality and the
value of trade secrets. In this regard, privacy refers to the utilization and disclosure of personal
information which is only applicable in cases regarding the information provided to specific
group of individuals. As the concept of personal information is such that it can be regarded as the
manifestation of individual personality5. In this context, the Courts of India most importantly the
Supreme Court of India have rightly recognized the right to privacy as it forms an integral part of
right to life and liberty. The right to life and liberty is a fundamental right guaranteed to every
individual under the Indian Constitution. In this regard, the right to privacy has been provided to
every individual and utmost importance has been given by the Indian Judiciary keeping in
consideration the security of the state and community interests.
At present, no specific legislations are there dealing with data privacy and protection of
data. However, the protection of privacy and data can be derived from various laws in regard to
4 Dhanireddy, Shireesha, et al. "The urban underserved: attitudes towards gaining full access to electronic medical
records." Health Expectations 17.5 (2014): 724-732.
5 Corona, Lauren E., et al. "Use of other treatments before hysterectomy for benign conditions in a statewide hospital
collaborative." American journal of obstetrics and gynecology212.3 (2015): 304-e1.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3MEDICAL LAW
information technology, the intellectual property rights and the crimes and contractual relations.
From the very beginning, the Information Technology Act 2000 has been providing a safeguard
against certain breaches regarding data protection of computer systems. The Information
Technology Act 2000 deals with provisions for the purpose of preventing unauthorized use of
computers, computer systems and data stored within it. The Act provided personal liability in
case of illegal and unauthorized access to computers, computer systems and the information
stored within it. It is worthwhile to mention here that, the Information Technology Act 2000 has
been silent in regard to the liability on the part of the internet service providers and network
service providers dealing with data handling. According to the provisions of Section 79 of the
Information Technology Act 2000, the liability on the part of the entities can be emphasized in
regard to the concept of knowledge and capacity before the determination of existing scope of
penalties. It signifies the fact that, the network service provider and the outsourcing service
provider cannot be held liable for the acts on the part of a third party data. However, it is
important to prove that, such contravention has been caused without his prior consent and
knowledge and that he has exercised due diligence and care to prevent such offence or
contravention. In the case of Kharak Singh Vs. State of U.P (AIR 1963 SC 12956, it was
observed that if there is any violation of the provisions of the Information Technology Act 2000
in an organization, the directors were held personally liable for negligent or intentional actions.
The Indian Penal Code has not specified the liabilities for the breach of data privacy.
However, the provisions of Section 403of the Indian Penal Code has imposed criminal penalty in
regard to dishonest misappropriation of a movable property for personal use. In this regard, the
Intellectual Property Rights Act and the Indian Copyright Act has been prescribing mandatory
6 Kharak Singh vs. State of U.P (AIR 1963 SC 1295.
information technology, the intellectual property rights and the crimes and contractual relations.
From the very beginning, the Information Technology Act 2000 has been providing a safeguard
against certain breaches regarding data protection of computer systems. The Information
Technology Act 2000 deals with provisions for the purpose of preventing unauthorized use of
computers, computer systems and data stored within it. The Act provided personal liability in
case of illegal and unauthorized access to computers, computer systems and the information
stored within it. It is worthwhile to mention here that, the Information Technology Act 2000 has
been silent in regard to the liability on the part of the internet service providers and network
service providers dealing with data handling. According to the provisions of Section 79 of the
Information Technology Act 2000, the liability on the part of the entities can be emphasized in
regard to the concept of knowledge and capacity before the determination of existing scope of
penalties. It signifies the fact that, the network service provider and the outsourcing service
provider cannot be held liable for the acts on the part of a third party data. However, it is
important to prove that, such contravention has been caused without his prior consent and
knowledge and that he has exercised due diligence and care to prevent such offence or
contravention. In the case of Kharak Singh Vs. State of U.P (AIR 1963 SC 12956, it was
observed that if there is any violation of the provisions of the Information Technology Act 2000
in an organization, the directors were held personally liable for negligent or intentional actions.
The Indian Penal Code has not specified the liabilities for the breach of data privacy.
However, the provisions of Section 403of the Indian Penal Code has imposed criminal penalty in
regard to dishonest misappropriation of a movable property for personal use. In this regard, the
Intellectual Property Rights Act and the Indian Copyright Act has been prescribing mandatory
6 Kharak Singh vs. State of U.P (AIR 1963 SC 1295.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4MEDICAL LAW
punishment for committing piracy of copyrighted data. According to the provisions of Section
63B of the Indian Copyright Act if an individual intentionally makes use of any computer data
then he shall be punished for a considerable period of minimum six months and maximum three
years. However, it is important on the part of the Indian Courts to recognize the copyright
contained in such databases and that whether the copyright was infringed. If any infringement is
caused in respect to such databases, the existing outsourcing company may take an action under
the Indian Copyright Act.
Chapter 2:
The legal issues on patient confidentiality:
2.1. Introduction:
The legal issues regarding patient confidentiality comprises of the preservation of
confidential information of the patients. These legal issues can be can be reinforced by the
principles law in regard to the specific areas of law of contract, negligence, defamation and
certain fiduciary duties7. However, the laws pertaining to medical confidences are regarding the
disclosure of confidential matters. The legal issues involving confidentiality of the patients are
concerned with unlawful conduct in relation to health. This Chapter will review the laws related
to confidentiality and the principles governing doctor-patient relationship.
2.2. Patient Confidentiality:
7Flint, Alexander C., et al. "Impact of increased early statin administration on ischemic stroke outcomes: a
multicenter electronic medical record intervention." Journal of the American Heart Association 5.8 (2016):
e003413.
punishment for committing piracy of copyrighted data. According to the provisions of Section
63B of the Indian Copyright Act if an individual intentionally makes use of any computer data
then he shall be punished for a considerable period of minimum six months and maximum three
years. However, it is important on the part of the Indian Courts to recognize the copyright
contained in such databases and that whether the copyright was infringed. If any infringement is
caused in respect to such databases, the existing outsourcing company may take an action under
the Indian Copyright Act.
Chapter 2:
The legal issues on patient confidentiality:
2.1. Introduction:
The legal issues regarding patient confidentiality comprises of the preservation of
confidential information of the patients. These legal issues can be can be reinforced by the
principles law in regard to the specific areas of law of contract, negligence, defamation and
certain fiduciary duties7. However, the laws pertaining to medical confidences are regarding the
disclosure of confidential matters. The legal issues involving confidentiality of the patients are
concerned with unlawful conduct in relation to health. This Chapter will review the laws related
to confidentiality and the principles governing doctor-patient relationship.
2.2. Patient Confidentiality:
7Flint, Alexander C., et al. "Impact of increased early statin administration on ischemic stroke outcomes: a
multicenter electronic medical record intervention." Journal of the American Heart Association 5.8 (2016):
e003413.
5MEDICAL LAW
The general principles of confidential information have been outlined in the provisions of the
common law system. In this regard a duty of confidence arises on the part of the medical
practitioners when he discloses any reasonable information to the patient. However, till date
there has been no criminal conviction of a doctor for actions regarding breach of confidence in
spite of the occurrence of various civil claims and awarding damages which was observed in the
case of Cornelius v Taranto [2001] 68 BMR 628; where duty of confidence has been breached
with the revelation of medical information without receiving prior consent. In this regard, it is
worthwhile to mention here that, the medical practitioner is said to have breached a patient’s
confidentiality when he obtained in his part-
I. A necessary quality of confidence.
II. Disclosed information without receiving prior permission and detriment to the individual
to whom it has been originally communicated.
III. Has been under the domain of a public interest to protect such confidentiality.
It is worth mentioning that, confidentiality has been the core duties in medical practice. The
nature of confidentiality must be such that, it requires the doctors to keep the information related
to the patient’s health private unless there is consent on the other part to release such
information9. Patient confidentiality is important because most of the time patients share relevant
information regarding their health to the medical practitioners. Therefore, if the confidentiality of
such information is not protected then the trust vested in patient-doctor relationship diminishes.
8Cornelius v Taranto [2001] 68 BMR 62.
9Fritz, Fleur, Binyam Tilahun, and Martin Dugas. "Success criteria for electronic medical record implementations in
low-resource settings: a systematic review." Journal of the American Medical Informatics Association 22.2 (2015):
479-488.
The general principles of confidential information have been outlined in the provisions of the
common law system. In this regard a duty of confidence arises on the part of the medical
practitioners when he discloses any reasonable information to the patient. However, till date
there has been no criminal conviction of a doctor for actions regarding breach of confidence in
spite of the occurrence of various civil claims and awarding damages which was observed in the
case of Cornelius v Taranto [2001] 68 BMR 628; where duty of confidence has been breached
with the revelation of medical information without receiving prior consent. In this regard, it is
worthwhile to mention here that, the medical practitioner is said to have breached a patient’s
confidentiality when he obtained in his part-
I. A necessary quality of confidence.
II. Disclosed information without receiving prior permission and detriment to the individual
to whom it has been originally communicated.
III. Has been under the domain of a public interest to protect such confidentiality.
It is worth mentioning that, confidentiality has been the core duties in medical practice. The
nature of confidentiality must be such that, it requires the doctors to keep the information related
to the patient’s health private unless there is consent on the other part to release such
information9. Patient confidentiality is important because most of the time patients share relevant
information regarding their health to the medical practitioners. Therefore, if the confidentiality of
such information is not protected then the trust vested in patient-doctor relationship diminishes.
8Cornelius v Taranto [2001] 68 BMR 62.
9Fritz, Fleur, Binyam Tilahun, and Martin Dugas. "Success criteria for electronic medical record implementations in
low-resource settings: a systematic review." Journal of the American Medical Informatics Association 22.2 (2015):
479-488.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6MEDICAL LAW
Patient’s data is treated as private property by the hospitals and healthcare units. They are
selling the data for various clinical and medical researches and many drug development and
related companies. As per the Indian laws for the medical records the data of the patient is
treated as private property of the healthcare centers. Patients and insurers have the access to the
recorded information but still it is not completely protected. But law does not provide ownership
of the medical data exclusively, which can be transferred readily10. This is against the
confidentiality of the patients’ health records as no consent is taken from them while selling the
data to the researchers or developers.
Ethical and legal laws govern the concept of consent with respect to self determination,
individual integrity, and autonomy. The same should apply to electronic medical records systems
and the consent of the individual patient to whom the record belongs to is important in case of
access to that record by anyone other than him. This governs the right of the patient for the
confidentiality of his or her medical and personal information. Three categories of consent can
be explained i.e. implied consent, expressed consent, and informed consent. Implied consent
involves words or the behavior of the patient. Expressed consent involves oral or written consent.
Informed consent stands for detailed explanation of the situation or issue to the patient in non
medical terms and then taking his or her consent. Consent includes three related aspects which
are capacity, knowledge, and voluntariness. In today’s medical practice and healthcare valid
consent of the patient is important in any kind of diagnosis, examination, or treatment. Same
consent should be applicable when it comes to accessing the personal medical records of the
patient11.
10 Rodwin, M. A. (2010). Patient Data: Property, Privacy & the Public Interest. LEGAL STUDIES
RESEARCH PAPER SERIES.
11 CHATURVEDI, A. (2007). Consent — Its Medico-legal Aspects. Medicine Update.
Patient’s data is treated as private property by the hospitals and healthcare units. They are
selling the data for various clinical and medical researches and many drug development and
related companies. As per the Indian laws for the medical records the data of the patient is
treated as private property of the healthcare centers. Patients and insurers have the access to the
recorded information but still it is not completely protected. But law does not provide ownership
of the medical data exclusively, which can be transferred readily10. This is against the
confidentiality of the patients’ health records as no consent is taken from them while selling the
data to the researchers or developers.
Ethical and legal laws govern the concept of consent with respect to self determination,
individual integrity, and autonomy. The same should apply to electronic medical records systems
and the consent of the individual patient to whom the record belongs to is important in case of
access to that record by anyone other than him. This governs the right of the patient for the
confidentiality of his or her medical and personal information. Three categories of consent can
be explained i.e. implied consent, expressed consent, and informed consent. Implied consent
involves words or the behavior of the patient. Expressed consent involves oral or written consent.
Informed consent stands for detailed explanation of the situation or issue to the patient in non
medical terms and then taking his or her consent. Consent includes three related aspects which
are capacity, knowledge, and voluntariness. In today’s medical practice and healthcare valid
consent of the patient is important in any kind of diagnosis, examination, or treatment. Same
consent should be applicable when it comes to accessing the personal medical records of the
patient11.
10 Rodwin, M. A. (2010). Patient Data: Property, Privacy & the Public Interest. LEGAL STUDIES
RESEARCH PAPER SERIES.
11 CHATURVEDI, A. (2007). Consent — Its Medico-legal Aspects. Medicine Update.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7MEDICAL LAW
2.3. Doctor Patient Relationship:
The foundation of a doctor-patient relationship is based upon trust. With the creation of
an environment of trust, it has encouraged patients to seek reasonable care and make honest
revelations about health conditions during every health visit. The willingness on the part of the
patient to seek help and care increases considerably. It is important for the patients to share and
disclose all the medical history and information about them to the physician or the doctor for
proper medication and correct diagnosis of the issue. If there is no proper trust between on the
doctor from the patient’s side, he or she will feel hesitant in sharing all the personal details and
pertain to sharing of incomplete information. This will lead to ineffective diagnosis of the issue
and hence care and treatment provided to the patient will not be helpful and curable. It may harm
the patient adversely. It is necessary for the healthcare units and hospitals to have policies
regarding confidentiality and privacy of the personal medical records of the patient in order to
maintain the doctor-patient trust. This will help in encouraging patients to share sensitive
information to the doctor during the medical visits and leads to effective and correct treatment of
the health issue. Patient built their immense trust on the doctor and believes that he or she is
completely safe in the hands of him. It is the doctor who saves lives of people and gives
treatment and cure on time for betterment of the health of the patients. This trust should be
maintained by the doctors also and they should understand it as their responsibility towards the
confidentiality of the patients’ medical records and their personal information as saved in the
electronic medical record system. This information is very much personal to the individual and
should be accessed by anyone other than the patient upon the consent of the patient itself. The
confidentiality and privacy of the medical records and health related information of the patient
2.3. Doctor Patient Relationship:
The foundation of a doctor-patient relationship is based upon trust. With the creation of
an environment of trust, it has encouraged patients to seek reasonable care and make honest
revelations about health conditions during every health visit. The willingness on the part of the
patient to seek help and care increases considerably. It is important for the patients to share and
disclose all the medical history and information about them to the physician or the doctor for
proper medication and correct diagnosis of the issue. If there is no proper trust between on the
doctor from the patient’s side, he or she will feel hesitant in sharing all the personal details and
pertain to sharing of incomplete information. This will lead to ineffective diagnosis of the issue
and hence care and treatment provided to the patient will not be helpful and curable. It may harm
the patient adversely. It is necessary for the healthcare units and hospitals to have policies
regarding confidentiality and privacy of the personal medical records of the patient in order to
maintain the doctor-patient trust. This will help in encouraging patients to share sensitive
information to the doctor during the medical visits and leads to effective and correct treatment of
the health issue. Patient built their immense trust on the doctor and believes that he or she is
completely safe in the hands of him. It is the doctor who saves lives of people and gives
treatment and cure on time for betterment of the health of the patients. This trust should be
maintained by the doctors also and they should understand it as their responsibility towards the
confidentiality of the patients’ medical records and their personal information as saved in the
electronic medical record system. This information is very much personal to the individual and
should be accessed by anyone other than the patient upon the consent of the patient itself. The
confidentiality and privacy of the medical records and health related information of the patient
8MEDICAL LAW
forms a very important aspect of the doctor-patient relationship12. For health issues regarding
reproductive systems, psychiatric health concerns and public health, the concept of
confidentiality assures that, private information in relation to the above mentioned health
conditions shall not be disclosed without prior approval. It is the duty of the healthcare staff and
doctor to protect the electronically saved medical information of the patients. Even the family
members or friends of the patient can access the information with prior consent of the individual
patient concerned.
It is evident that, the obligation of confidentiality has been prohibiting medical
practitioners from disclosing certain information related to the patient’s health conditions
without prior permission. However, it has proved to be beneficial for the medical practitioners to
take precautions on their part to ensure that they were authorized to such access. The extent of
appropriate on the part of the health care practitioners often requires that relevant information
regarding the patient’s health are discussed among the health care team13. In such cases, the
health care teams are authorized to discuss confidential information among themselves. In this
regard, mention can be made of electronic medical records which create major challenges to
confidentiality. According to the provisions of Health Information Portability and Accountability
Act of 1997 (HIPAA), it is important on the part of the institutions to develop policies for the
purpose of protecting the privacy concern of the electronic information of the patients which
includes procedures for computer accessibility and security.
12Gellert, George A., Ricardo Ramirez, and S. Luke Webster. "The rise of the medical scribe industry: implications
for the advancement of electronic health records." Jama 313.13 (2015): 1315-1316.
13Goldstein, Benjamin A., et al. "Opportunities and challenges in developing risk prediction models with electronic
health records data: a systematic review." Journal of the American Medical Informatics Association 24.1 (2017):
198-208.
forms a very important aspect of the doctor-patient relationship12. For health issues regarding
reproductive systems, psychiatric health concerns and public health, the concept of
confidentiality assures that, private information in relation to the above mentioned health
conditions shall not be disclosed without prior approval. It is the duty of the healthcare staff and
doctor to protect the electronically saved medical information of the patients. Even the family
members or friends of the patient can access the information with prior consent of the individual
patient concerned.
It is evident that, the obligation of confidentiality has been prohibiting medical
practitioners from disclosing certain information related to the patient’s health conditions
without prior permission. However, it has proved to be beneficial for the medical practitioners to
take precautions on their part to ensure that they were authorized to such access. The extent of
appropriate on the part of the health care practitioners often requires that relevant information
regarding the patient’s health are discussed among the health care team13. In such cases, the
health care teams are authorized to discuss confidential information among themselves. In this
regard, mention can be made of electronic medical records which create major challenges to
confidentiality. According to the provisions of Health Information Portability and Accountability
Act of 1997 (HIPAA), it is important on the part of the institutions to develop policies for the
purpose of protecting the privacy concern of the electronic information of the patients which
includes procedures for computer accessibility and security.
12Gellert, George A., Ricardo Ramirez, and S. Luke Webster. "The rise of the medical scribe industry: implications
for the advancement of electronic health records." Jama 313.13 (2015): 1315-1316.
13Goldstein, Benjamin A., et al. "Opportunities and challenges in developing risk prediction models with electronic
health records data: a systematic review." Journal of the American Medical Informatics Association 24.1 (2017):
198-208.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9MEDICAL LAW
In India the doctor-patient relationship is based more upon the trust rather than the laws
of confidentiality or laws of consent. Many patients are not even well informed about the
importance of confidentiality and privacy when it comes to their personal medical and health
records. In spite of various laws regarding right to protection of individuals information, there
still exists anomalies in the Indian Law regarding the specific age of eligibility to give consent
for the access of the information. It should be relooked and the age should be defined in terms of
medical confidentiality. There is also a need to evolve various protocols in case of getting
consent for the access of medical information from the children, mentally ill patients, and
illiterate patients. There is a need for the increase in the awareness among the patients about the
patients’ rights for confidentiality and privacy of their information14.
2.4. Laws relating to confidentiality:
The laws governing the preservation of the confidential information of the patients are
depicted in the Health Services Act 1988. According to the provisions of Section 141 of the
Health Services Act 1988, the medical practitioners practicing in public and private hospitals are
authorized to preserve the confidential information related to the patient’s health. In W v Edgell
[1990] 1 ALL ER 83515, it was established that the relation between a doctor and patient is such
that, it imposes a duty of confidence upon the health care practitioners. In this case, it was
observed that the claimant was a prisoner who applied an application in order to get transferred
into a community hospital. In such process, the lawyers acting on the behalf of the claimant
sought a psychiatric report from Dr. Edgell who emphasized on the part that the patient is
dangerous to the community. In this regard, Dr. Edgell has sent the report to the medical director
14 Mathiharan, Karunakaran. "Law on consent and confidentiality in India: A need for clarity." The National Medical
Journal of India 27 (2014): 39-42.
15W v Edgell [1990] 1 ALL ER 835.
In India the doctor-patient relationship is based more upon the trust rather than the laws
of confidentiality or laws of consent. Many patients are not even well informed about the
importance of confidentiality and privacy when it comes to their personal medical and health
records. In spite of various laws regarding right to protection of individuals information, there
still exists anomalies in the Indian Law regarding the specific age of eligibility to give consent
for the access of the information. It should be relooked and the age should be defined in terms of
medical confidentiality. There is also a need to evolve various protocols in case of getting
consent for the access of medical information from the children, mentally ill patients, and
illiterate patients. There is a need for the increase in the awareness among the patients about the
patients’ rights for confidentiality and privacy of their information14.
2.4. Laws relating to confidentiality:
The laws governing the preservation of the confidential information of the patients are
depicted in the Health Services Act 1988. According to the provisions of Section 141 of the
Health Services Act 1988, the medical practitioners practicing in public and private hospitals are
authorized to preserve the confidential information related to the patient’s health. In W v Edgell
[1990] 1 ALL ER 83515, it was established that the relation between a doctor and patient is such
that, it imposes a duty of confidence upon the health care practitioners. In this case, it was
observed that the claimant was a prisoner who applied an application in order to get transferred
into a community hospital. In such process, the lawyers acting on the behalf of the claimant
sought a psychiatric report from Dr. Edgell who emphasized on the part that the patient is
dangerous to the community. In this regard, Dr. Edgell has sent the report to the medical director
14 Mathiharan, Karunakaran. "Law on consent and confidentiality in India: A need for clarity." The National Medical
Journal of India 27 (2014): 39-42.
15W v Edgell [1990] 1 ALL ER 835.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10MEDICAL LAW
of the secure hospital and the Home Office. However, the claimant attempted to seek an
injunction to restrain disclosure of the report as it contained confidential information. In this
regard, the Court was of the opinion that, the action on the part of Dr. Edgell is held to be a
breach of confidence on the basis of public interest. In this case, it was decided by the Court that,
the disclosure can only be justified if the nature of the danger was such that it could be
foreseeable by any reasonable man of ordinary prudence.
In R v Department of Health [2001] QB 424 (CA)16, it was established that there is no
obligation of confidence in regard to the information which cannot be utilized for the purpose of
identifying the patient. In this case, the claimant was a data collection organization and the
service was regarding the collection of anonymized data from the pharmacists that prescribed the
capabilities of general practitioners. However, the claimant wanted to sell such information
commercially. In this regard, the Department of Health (DH) initiated a policy which
emphasized on the fact that pharmacists are not allowed to disclose data as it would constitute
breach of confidentiality. Similarly in the case of H (A Healthcare Worker) V Associated
Newspapers Limited: Ca 27 Feb 200217, the issue was regarding the disclosure of HIV condition
of a health care assistant. The local newspapers were willing to publish the name of the health
care institution in which he worked. In this case, the Court decided the matter accordingly and
held that the newspapers are not authorized to disclose the name of the health worked including
the place in which he worked because it would provide enough information to the community in
identifying the patient.
2.5. Legal issues:
16R v Department of Health [2001] QB 424 (CA).
17H (A Healthcare Worker) V Associated Newspapers Limited: Ca 27 Feb 2002.
of the secure hospital and the Home Office. However, the claimant attempted to seek an
injunction to restrain disclosure of the report as it contained confidential information. In this
regard, the Court was of the opinion that, the action on the part of Dr. Edgell is held to be a
breach of confidence on the basis of public interest. In this case, it was decided by the Court that,
the disclosure can only be justified if the nature of the danger was such that it could be
foreseeable by any reasonable man of ordinary prudence.
In R v Department of Health [2001] QB 424 (CA)16, it was established that there is no
obligation of confidence in regard to the information which cannot be utilized for the purpose of
identifying the patient. In this case, the claimant was a data collection organization and the
service was regarding the collection of anonymized data from the pharmacists that prescribed the
capabilities of general practitioners. However, the claimant wanted to sell such information
commercially. In this regard, the Department of Health (DH) initiated a policy which
emphasized on the fact that pharmacists are not allowed to disclose data as it would constitute
breach of confidentiality. Similarly in the case of H (A Healthcare Worker) V Associated
Newspapers Limited: Ca 27 Feb 200217, the issue was regarding the disclosure of HIV condition
of a health care assistant. The local newspapers were willing to publish the name of the health
care institution in which he worked. In this case, the Court decided the matter accordingly and
held that the newspapers are not authorized to disclose the name of the health worked including
the place in which he worked because it would provide enough information to the community in
identifying the patient.
2.5. Legal issues:
16R v Department of Health [2001] QB 424 (CA).
17H (A Healthcare Worker) V Associated Newspapers Limited: Ca 27 Feb 2002.
11MEDICAL LAW
The legal issues arising as a result of disclosure of the privacy and confidentiality of the
patient in regard to their medical condition can be well defined by the provisions of both
common and statutory laws. It is worth noting that, in most of the cases, the privacy concerns on
the part of the patient is declared to be paramount. This is due to the reason that in most of the
cases, in regard to the underlying circumstances, where maintenance of the patient’s privacy
could pose as a major risk to the community; the medical practitioners would not be bound by
the restrictions depicted in the relevant Acts and statutes. In such cases, these medical
practitioners shall be obliged by way of statute in disclosing certain information related to the
health status of the patients.
Chapter 3:
3. Laws relating to Access medical records in India:
3.1. Introduction:
A medical record serves as an important aspect of patient care and it is an important
document for legal, ethical and administrative purposes. Its access should be taken care of as
it contains all the personal information about the patient. Wrong access and improper updating
of the medical records can lead to data loss or even discrepancies in the further treatment of
the patient and even lead to harmful effects on the health of the patient. Any misuse or wrong
access of this document can lead to leak of personal information of the patients and is against
the privacy of the patients’ records. Therefore, medical records are required to be preserved
carefully and it has proved to be beneficial in protecting the rights and interests of the
patients. In some cases, these medical records have saved the medical practitioners from
The legal issues arising as a result of disclosure of the privacy and confidentiality of the
patient in regard to their medical condition can be well defined by the provisions of both
common and statutory laws. It is worth noting that, in most of the cases, the privacy concerns on
the part of the patient is declared to be paramount. This is due to the reason that in most of the
cases, in regard to the underlying circumstances, where maintenance of the patient’s privacy
could pose as a major risk to the community; the medical practitioners would not be bound by
the restrictions depicted in the relevant Acts and statutes. In such cases, these medical
practitioners shall be obliged by way of statute in disclosing certain information related to the
health status of the patients.
Chapter 3:
3. Laws relating to Access medical records in India:
3.1. Introduction:
A medical record serves as an important aspect of patient care and it is an important
document for legal, ethical and administrative purposes. Its access should be taken care of as
it contains all the personal information about the patient. Wrong access and improper updating
of the medical records can lead to data loss or even discrepancies in the further treatment of
the patient and even lead to harmful effects on the health of the patient. Any misuse or wrong
access of this document can lead to leak of personal information of the patients and is against
the privacy of the patients’ records. Therefore, medical records are required to be preserved
carefully and it has proved to be beneficial in protecting the rights and interests of the
patients. In some cases, these medical records have saved the medical practitioners from
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 36
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.