PRIVACY ISSUES RELATED TO COMPLIANCE OF TELEMEDICINE GUIDELINES IN INDIA


With the advent of information technology, society has tried to amend itself to cater to the needs of humans. Earlier, patients had to travel to far off places in order to avail medical services. Even though the man was able to make cutting edge medical instruments to give a second life to a patient, still the medical infrastructure was not able to accommodate itself in the technology-driven world. The advances made in medical science led to “long-distance medical consultancy” or“Telemedicine” to enhance patient’s access to care. Telemedicine is often defined as “the transfer of medical information and expertise via telecommunications and computer technologies, to facilitate diagnosis, treatment, and management of patients.” [1] But with the advances made in the conglomeration of medicine and technology, the legal and regulatory environment has not been able to keep pace with it. There are medico-legal issues regarding this area of medicine which ranges from complete and full-proof registration to privacy and confidentiality issues, as well as other risks that could be associated with electronic health care communication on the network. Another facet that needs consideration is the standard of care that can be expected from a doctor. These complex issues further deepen and transmogrify into an imbroglio where there are no statutes or laws, especially relating to issues like professional negligence, duties, liabilities, and penalties so that something could be resorted to, to adjudicate an issue.
The Government of India on 25th March 2020 released the guidelines pertaining to the practice of telemedicine in India to maintain high standards of professionalism. Health information and the medical history of an individual can disseminate information that could be the most intimate aspects of his/her life. In addition to diagnostic information, the medical record includes the minutiae of an individual’s family history, history of diseases and treatments, history of drug use, sexual orientation and practices, and testing for sexually transmitted diseases. These huge sources of data are very essential to get a covering of a secure environment because such Information can easily influence the decisiveness about an individual’s access to credit, admission to educational institutions, and his/her ability to secure employment and obtain insurance policies in a state. Any major fallacy pertaining to someone’s information can have huge repercussions in terms of denial to have access to the basic necessities of life and can also threaten exclusive and financial well-being. [2]
Amongst the most important guidelines issued by the Ministry of Health, guideline No. 3.7 is of significant importance as it elucidates upon the duties and responsibilities of a “Registered Medical Practitioner”. [3]
One of the cardinal principle governing the use of a person’s health data is that the person who is the data subject in the case possesses a right for such information to be kept confidential by the person who is using that data with the informed consent of the data subject (patient in this case). [4]
Secondly, a medical practitioner should only use that much information that is necessary to achieve the purpose behind the use.
The Constitution of India confers, in express terms, the constitutional guarantee on the right to privacy [5]. It has been held by the apex court of our country that “when it comes to a doctor-patient relationship, the fundamental aspect is about the doctor’s duty of maintaining secrecy. A doctor cannot disseminate information related to his patient to any person, which he has gathered during the course of treatment [6]. Even though the doctor-patient relationship has a commercial side to it, but is professional, a matter of confidence in which the patient reposes the highest degree of confidence and, therefore, doctors are ethically bound to maintain confidentiality. This has been vividly given in Guideline no. 3.7.1.2 of the aforementioned guidelines. The Code of Medical Ethics prescribed by the Medical Council of India says that the doctors to “not disclose the secrets of a patient that have been learned in the exercise of” his/her profession. Those secrets “may be disclosed only in a court of law under orders of the Presiding Judge only.”
While the Courts in India have certainly tried to use these principles to attach liability to a medical practitioner, clearly these have proved to be inadequate to address the issues associated with the medical information of the patient because the existent principles address the liability that has to be attached after the breach has been committed and do not lay any clear standards on how to use the information and also till date, most of the hospitals in the country lack in basic infrastructure to cope up with the demand of the digitalization.
Another problem that impedes any efforts towards resolving the privacy issues is that India does not have any Medical Act that could provide a comprehensive analysis to deal with breach of confidentiality measures. What we have in our hands is just a draft of guidelines that could provide only reflect upon the ethical and moral duties of the doctors.
Even during the time of making the Information Technology Act, 2000 the Indian parliament has largely neglected the issue of privacy. Section 72 of the Act says that “Save as otherwise provided in this Act or any other law for the time being in force, any person who, in pursuant of any of the powers conferred under this Act, rules or regulations made thereunder, has secured access to any electronic record, book, register, correspondence, information, document or other material without the consent of the person concerned discloses such electronic record, book, register, correspondence, information, document or other material to any other person shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.” [7]
If one tries to apply the interpretation of the above provision to the present scenario, one could easily apprehend that this provision deals with information collected by a person who secures the information in pursuance of powers that he or she exercises under the Act which conclusively means this provision is extremely narrow in its application being relevant only to offenses by authorities mentioned in the act. Since telemedicine is a whole new concept that has gained importance only a few years back, such statutes fail to provide any substantial remedy for the data subject. Just as we have the “Health Insurance Portability and Accountability Act of 1996 in the USA which provides standards for privacy of individually identifiable health information, on the similar lines Indian Parliament can also come up with some statute. Successful establishment and implementation of a telemedicine plan require strategic planning and consideration of a number of things that area) necessary infrastructure, b) costs and reimbursement, c) human factors, and d) equipment and technology issues. In terms of infrastructure, it is essential to address how telecommunication breakdowns will be handled. The government needs to come up with a plan so that this may prove to be an elixir for those who have been deprived of medical facilities because of the pricey nature of medicine in India.
Telemedicine is plagued by a number of liability concerns. Firstly, there is the possibility that a patient may discern it as inferior because the consulting professional does not perform a hands-on examination. Therefore, the distant provider, who has not examined the patient personally and may be relying on another presenter, might not be able to give a fully informed opinion or could end up with results that are inaccurate, incomplete, or misleading that could invariably result in uninformed choices made by the patient himself/herself. Major issues include questions of liability when the information provided over the telephone is misinterpreted.
One of the solutions that we can think of is to make the security of information and computer systems a top priority. Security mechanisms use a combination of logical and physical regulations to provide a greater level of protection, including firewalls and antivirus and other software that detects spiteful programs and spyware. An instance of a logical restraint is automatic sign-off; the operating system should lockdown after a specific period of inactivity. In addition, the non-stop creation of new viruses makes it indispensable to update antivirus software on the system often. These measures should be reevaluated periodically to determine what modifications need to be made.
Keeping aside all the negative points aside, telemedicine does have a huge potential for making our health care system more cost-effective. Although there are some pitfalls in telemedicine, they certainly do not outweigh its advantages. The technological, sociological, cultural, and legal issues surrounding telemedicine applications are still boundless and are waiting to be resolved, while its maturational trends show tremendous promise and productivity for the future.


References

[1] WHO Group Consultation on Health Telematics (‎1997: Geneva, Switzerland)‎. (‎1998)‎. A health telematics policy in support of WHO's Health-for-all strategy for global health development: report of the WHO Group Consultation on Health Telematics, 11-16 December, Geneva, 1997. World Health Organization. Available here
[2] WHO Group Consultation on Health Telematics (‎1997: Geneva, Switzerland)‎. (‎1998)‎. A health telematics policy in support of WHO's Health-for-all strategy for global health development: report of the WHO Group Consultation on Health Telematics, 11-16 December, Geneva, 1997. World Health Organization. Available here
[3] Telemedicine Practice Guidelines Enabling Registered Medical Practitioners to Provide Healthcare Using Telemedicine, presented by BOARD OF GOVERNORS in supersession of the Medical Council of India on 25th March 2020. Available here
[4] U.S. Congress, Office of Technology Assessment, Protecting Privacy in Computerized Medical Information, OTA-TCT-576 Washington, DC: U.S. Government Printing Office, September 1993. Available here
[5] Justice K.S.Puttaswamy (Retd) v. Union of India, WRIT PETITION (CIVIL) NO. 494 OF 2012
[6] Mr. ‘X’ v. Hospital ‘Z’ (1998) 8 SCC 296
[7] Section 72 of the Information Technology Act, 2000. Available here

No comments:

Post a Comment

Pages