top of page

Significance of Digital Personal Data Protection Act 2023 on Health Care Sectors

Blog by Natasha Rama Rocha, Karnataka State Law University, ISBR Law College

The Digital Personal Data Protection Act, 2023 (DPDP Act 2023), is a new law in India that regulates personal data collection, the DPDP act would have a major effect on the health care industry in India and that of the foreign, regardless that it’s in the early stages of transformation and innovation. “Change is nature” which is rightly said, the DPDP act has unusually changed the cosmopolitan sharks of personal data protection of many sectors, including the affix healthcare. This blog will delve into the in-depth medico-privacy protection provided by the health care industries, especially after the revolutionary DPDP act which came into force that alter dramatically, transforming India into a cyber secure nexus.


In an age marked by rapid technological advancement, the preservation of personal data has risen to the top of the priority list. This new regulatory framework has significant implications, particularly in the healthcare industry, where the management of sensitive patient data is of utmost importance. With the prevalence of data leaks, data breach, thefts of data and identity, fraud, especially using Artificial Intelligence and having Dark Web for the sale of such sophisticated data, adds rising concerns and rising privacy fears. The DPDP act 2023 aims to shield sensitive information from variety of industries which hear include healthcare. At present 51% of breaches occur in health care entities as criminals find “Patient Personal Information” vulnerable to exploit. Almost 94% organizations have undergone at least one data breach past 1-2 years, this has increased concerns for preservation of personal data at utmost level demanding it to be on the top priority of the entities.

Background On DPDP Act 2023

The Digital Personal Data Protection act was passed in early August 2023, also known as DPDPA 2023 and is yet to come into operation, probably in 2024 through an official government notification. The law enumerates the rights and obligations of data principals and obligations for data fiduciaries, it imposes sanctions for data leaks and also creates a special category of data fiduciaries called the significant data fiduciaries. India’s privacy law, unlike “General Data Protection Regulation” (GDPR)and other privacy laws, does not explicitly define the sensitive data. Here the Data Protection board (DPB) is actually the enforcement body under the DPDP act, according to the act the law also designates the Telecom Disputes Settlement and Appellate Tribunal as the appellate body. The landmark case of Puttaswamy and its judgement recognised the “right to privacy” as a fundamental right and has developed many privacy protection measures and also the DPDP act 2023. The act allows transfer of data outside India, except to countries restricted by the central government through their official notification.

DPDP Act 2023 and Health Care Sectors

Privacy is of vital importance in healthcare industrial sectors, as it is the foundation of holistic, legal and patient-centric care. The patient confidence rises on when they know that their information is safe and secure, which encourages open communication with the healthcare providers, maintain (i) hospital-patient-privilege (ii) uplifting timely care- seeking, which will indeed (iii) increase patient engagement with the treatment plans for improved health outcomes. The adoption of DPDP act 2023 is crucial in balancing privacy and development, (i) it increase patient trust and confidence, (ii) improve data security and privacy, (iii) ensure proper balance between intra-country data transfer, ensuring that healthcare remains a trusted, safe, and a cutting-edge industry in the digital age. The effect is multi-faceted, (i) increasing patient trust, (ii) strengthening data integrity, (iii)encouraging international collaborations and (iv) encouraging innovations. The DPDP Act will not only impact the health care but also a close branch of health care that is the pharmaceutical companies, integrally. whilst innovating the health care line it will coincide with the pharma companies and innovate the pharmaceutic line of department. Events such as “pharmaceutical trials” will provide the principal patients an opportunity to control their data from being used and also have the opportunity to erase it for their privacy reasons. Highly confidential information of diseases such as HIV-AIDs, Tuberculosis, COVID-19, etc which addresses ethical concerns and require intensive care, can be secured with proper implications and provisions. Delicately requiring the patient consent to exposure of the same, to obtain explicit consent of the data by the principals.

Non-compliance of DPDP act 2023

The non-compliance of DPDP act 2023 carries hefty fines such as monetary penalty that is imposed under “Section 33 clause (1)” of the DPDP act, this will underscore the moral imperative of prioritizing patient welfare and security measure that the Data Protection Board of India issues. However, its important to note that the party in question is given the opportunity to present their case before any fine is levied. This ensures a process of fairness and justice in both sides and allows everyone to be heard before final decision is made. A specific assessment is performed before the penalties are imposed on the bases of the nature, gravity and duration of the breach, it also analyses the type of personal data that is affected, is the breach is repetitive in nature, its mitigation efforts, the gain and loss due to the breach and what the proportionality and effectiveness of the penalty will impact on the data fiduciary.

Principal / Patient Access Through DPDP act 2023

This act cements concrete ideals for innovations and collaboration in the health care sectors providing subjects for use in research, public health, emergency response, and other uses. This act enables (i) end-to-end encryptions (ii) pseudonymisation to the principals to access, correct, erase, port and also restrict the refining of their personal health information, as well as seek redressal of any errors or violations of their rights. The principal here is given the explicit priority to give consent for the exposure of their data if not the same will be kept highly confidential.


The whole aspect of Digital Personal Data Protection act, 2023 has a significant impact on the healthcare industrial sector of India and how the principal patients will benefit from greater control over their personal data and increasing privacy protection. Regardless that the DPDP act 2023 is in its early stages of transformation and innovation, it has already started to elevate India’s position in the health care sectors. One’s right to privacy is unquestionably their shadow under the sun and living air to breathe without fear, as privacy shouldn’t be an option, but instead be your sole right. Will you have a data breach or get hacked? Yes! Its not a question of if, it’s a question of when

11 views0 comments

Recent Posts

See All

Transformation of Indian Criminal Laws

Syed Umar Asdaque; Jamia Millia Islamia, New Delhi Abstract Criminal Justice System is a set of policies and organizations used by the central and state governments to prevent, detect, regulate crimes

Live-In Relationship

By Gursimar If we look back into the ancient history of India , marriage was considered a sacred institution and an important social and religious duty. The Vedas and later texts prescribed rituals an

Comprehensive Evaluation of Total Income

ABSTRACT This paper provides an in-depth examination of the computation process for total income, a fundamental aspect of financial analysis for individuals, businesses, and organizations. The computa



bottom of page