DPDPA

E-Pharmacies in India

E-pharmacies have been a contentious issue in India for a long time, with ongoing litigation and delays in the implementation of regulatory rules. The government is presently debating whether online pharmacies should be allowed to sell medications. The risk associated with customer data and privacy, specifically the collection of confidential health data by online pharmacies, is one of the government’s primary concerns. While the government seeks legal advice and awaits the promulgation of the Digital Personal Data Protection Bill, 2022, it is crucial to establish a balance between data protection and public access to quality medicines. In this blog, we will explore E-Pharmacies in India: Balancing Data Protection and Public Health.

Data Protection and Compliance:

Under the current data protection regulatory regime governed by the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal or Information) Rules, 2011, e-pharmacies must comply with rules regarding the collection and processing of sensitive personal data. To obtain client consent, e-pharmacies typically rely on established contract law principles and standard e-commerce practices. In addition, consumers have the option of refusing to provide data and can revoke consent if it was previously granted. E-pharmacies must comply with all applicable data protection regulations.

Protected Health Information and Privacy:

The Electronic Health Record Standards for India, 2016, provide guidelines for the protection, privacy, disclosure, and preservation of Protected Health Information (PHI) and Electronic Protected Health Information (ePHI). Patients have the option to limit access to and disclosure of their individually identifiable health information, and they must provide explicit consent for access and/or disclosure, which will be audited. However, anonymized and de-identified information may be used without patient consent in certain circumstances. E-pharmacies must ensure that all patient data and information collected adhere to India’s applicable data protection regulatory framework.

Intermediary Liability and E-Pharmacies:

Under the Information Technology Act, e-pharmacies frequently qualify as intermediaries because they dominate the e-commerce market. Section 79(1) of the IT Act exempts intermediaries from liability for information, data, and communications hosted by third parties on their platforms. In previous court cases, the distinction between the function of the marketplace platform and the actual sellers of goods has been discussed, with a focus on the safe harbor protection for intermediaries. This exemption from liability enjoyed by intermediaries suggests that the government’s consideration of restricting e-pharmacies based on data protection noncompliance and misuse concerns may be unwarranted.

The Public Health Benefits of E-Pharmacies:


E-pharmacies in India have been of great benefit to the public, especially those in remote areas and Tier-II/Tier-III cities with limited access to authentic and affordable medications. E-pharmacies offer consumers a convenient way to check the availability of medications, particularly for uncommon medical conditions, without visiting multiple brick-and-mortar pharmacies. With the expansion of Internet access, e-pharmacies can provide quality medications to a larger population. During the COVID-19 lockdown, e-pharmacies played a crucial role in ensuring that patients received essential medications and medical devices. Overly restricting the operations of online pharmacies could impede the development of a pervasive public health system.

While concerns regarding data protection and privacy are legitimate, it is essential to strike a balance between regulating e-pharmacies and ensuring access to high-quality medications. The government’s efforts to clarify and regulate e-pharmacies are commendable, but it is vital to avoid overregulation that could hinder the sector’s growth. A balanced approach will be essential for effectively resolving all concerns and establishing a robust framework that benefits both data and users.

About ConcurHarmonizing Data Compliance

Concur is a technology company that provides a suite of enterprise solutions to help organizations manage their data compliance and other business operations. Our solutions include consent management, digital policy management, legacy customer notice guidelines, data principal rights solutions, and more. With a focus on innovation and the use of blockchain technology, Concur helps enterprises to stay compliant with various regulations such as DPDPB, while streamlining their operations and enhancing overall efficiency. Additionally, they offer dedicated support through their Support Center to ensure customers have the assistance they need to achieve their compliance goals.

Check out: Best Consent Management Platforms in India 2024

Gaurav Mehta

Recent Posts

Draft Rules for Digital Personal Data Protection Act, 2023

The Digital Personal Data Protection Act (DPDPA), 2023, represents a major step forward in India's…

5 months ago

What is PHI (Protected Health Information)?

The concept of Protected Health Information (PHI) has gained significant importance in the modern digital…

9 months ago

What is PII (Personally Identifiable Information)?

The growing number of digital tools such as mobile phones, the Internet, e-commerce, and social…

9 months ago

RBI’s New Directive on DPDPA for Banks

Regulatory bodies are important for determining the path of banking in an evolving financial environment.…

10 months ago

DPDPA Compliance: Why Companies Must Seek Your Consent

In today's digital world, our personal information is incredibly valuable. It shapes our online experiences,…

10 months ago

DPDPA Compliance requirements for Businesses

The recent implementation of the Digital Personal Data Protection Act (DPDPA) has ushered in a…

10 months ago