Drafting Privacy Policies for Health-Tech Startups: Practical Considerations.
Updated: Sep 4
Confidentiality and Data Privacy
A health-tech startup as mandated by the Telemedicine Guidelines, 2020, is required to disclose the identity of the doctor to the patient and vice versa. This leads to the communication of personal data which includes but is not limited to medical information, contact details, records of past medical health-related information. Some considerations which you should keep in mind are:
You shall be sharing the personal information of the end-users as well as the doctors and hence, it is important to let them know that this sharing would be strictly for the purposes of the services being offered and for no other reason.
If any end-user or health care service provider is located outside India, then global data privacy laws such as GDPR, HIPAA etc. also come into consideration.
What Information is to be collected?
Many of us order medicines for our parents or older relatives. In such cases, we share their personal information through the health-tech services. This can give rise to the risk that the third-party for whom the end-user is raising request, may not even know that his/her personal information is being shared. This potential concern can be tackled in the following two ways:
Prohibit the end-user from placing orders for third-parties.
Ensure that the end-user has obtained the necessary consent from the third-party and shall indemnify the company, if any such allegations of data breach is made by the third-party whose data is being shared.
Does your health-tech company require its end-users to create accounts? If yes, then you have to make sure that they are not compromising on the security of their accounts and allowing any unauthorized person to use the service.