Abstract

The rapid digitization of India’s healthcare sector has amplified the need to protect sensitive patient data and ensure accountability in hospital administration. Earlier frameworks such as the Information Technology Act, 2000 offered only limited safeguards and proved inadequate against evolving cybersecurity threats. The Digital Personal Data Protection (DPDP) Act, 2023 introduces a consent-driven framework that strengthens patient rights, enforces fiduciary obligations on hospitals, and aligns India with global data protection practices. This paper explores its implications for healthcare institutions, particularly in the management of electronic health records, digital consent, and hospital information systems. It also examines national initiatives like the Ayushman Bharat Digital Mission (ABDM) and platforms such as MEDLEAPR, which enhance secure record-keeping and data transfer. By addressing gaps and recommending measures such as encryption, role-based access, and trained Data Protection Officers, the Act aims to build trust, strengthen governance, and ensure resilience in healthcare data management.

• 1.   Government of India. The Digital Personal Data Protection Act, 2023. No. 22 of 2023. New Delhi: Ministry of Law and Justice; 2023. Available from: https://www.meity.gov.in
• 2.   DLA Piper. Data Protection Laws of the World: China. 14th ed. London: DLA Piper LLP; 2025. Available from: https://www. dlapiperdataprotection.com/
• 3.   Khanna V, Kotwal A. Examining the significance of the digital personal data protection act, 2023 in the context of the healthcare industry: a comprehensive analysis. Discover Public Health. 2025;22:381.doi:10.1186/s12982-02500757-6.
• 4.   Komnenic M. Top 10 Biggest Data Breaches of All Time [Internet]. Termly; 7 Jan 2025 [cited 2025 Sep 15]. Available from: https://termly. io/resources/articles/biggest-data-breaches/
• 5.   Bharatiya Nyaya Sanhita, 2023 (No. 45 of 2023). Gazette of India, Ministry of Law and Justice. New Delhi, 25 December 2023.
• 6.   Bharatiya Nagarik Suraksha Sanhita, 2023 (No. 46 of 2023). Gazette of India, Ministry of Law and Justice. New Delhi, 25 December 2023.
• 7.   Bharatiya Sakshya Adhiniyam, 2023 (No. 47 of 2023). Gazette of India, Ministry of Law and Justice. New Delhi, 25 December 2023.
• 8.   Government of India. The Information Technology Act, 2000. No. 21 of 2000. New Delhi: Ministry of Law, Justice and Company Affairs; 2000. Available from: https://www. indiacode.nic.in
• 9.   Government of India. Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. New Delhi: Ministry of Communications and Information Technology; 2011. Available from: https://www.indiacode. nic.in
• 10.   Board of Governors in supersession of the Medical Council of India. Telemedicine practice guidelines: enabling registered medical practitioners to provide healthcare using telemedicine. New Delhi: Medical Council of India; 2020 Mar 25
• 11.   Govt of India. Ayushman Bharat Digital Mission (ABDM) [Internet]. National Portal of India; [Accessed: 2025 Sep 16]. Available from: https://www.india.gov.in/spotlight/ ayushman-bharat-digital-mission-abdm
• 12.   BharatEHealth. BharatEHealth: AI-powered EHR and Telemedicine Platform [Internet]. BharatEHealth; c2025 [cited 2025 Sep 16]. Available from: https://bharatehealth.com/
• 13.   MediBank. MediBank: Cloud-based Electronic Health Records Platform [Internet]. MediBank; c2025 [cited 2025 Sep 16]. Available from: https://medibank.in/
• 14.   Healthray. eHospital: Hospital Information Management System (HIMS) [Internet]. Healthray; c2025 [cited 2025 Sep 16]. Available from: https://www.healthmedtechnologies. com/ehospital.html
• 15.   Imperva. Cybersecurity threats. [Internet]. Imperva; [Accessed: 2025 Sep 16]. Available from: https://www.imperva.com/learn/ application-security/cyber-security-threats/
• 16.   Jain R, Bansal GS. MedLEaPR – first step towards ICT enabled integrated justice delivery system. Informatics. New Delhi: National Informatics Centre, Govt of India; 2013 Apr;21(1):12-14.

Data Sharing Statement

Funding