The usage of digital health in India is governed by a few laws, guidelines, and standards. Several regulations are universally applicable to digital health technology, even though each digital health tool/business model is governed independently. In this regard, the Information Technology Act of 2000, the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules of 2011 (SPDI Rules), and the Information Technology (Intermediaries Guidelines) Rules of 2011 (Intermediaries Guidelines) are all relevant. The IT Act, SPDI Rules, and Intermediary Guidelines are all part of India’s general data protection framework. Online transactions and the transfer of electronic data are now allowed thanks to the IT Act. The IT Act regulates a wide range of online activities, including the authentication of digital signatures and the legal validity of electronic records. The IT Act addresses cybercrime like hacking and denial of service attacks, as well as other types of cybercrime.


  1. What are the laws applicable to the usage, commercialization, and circulation of mobile apps and other electronic devices in India?
  2. Who are the certifying authorities for the usage of electronic records and mobile apps in the pharma industry in India?


  • Information Technology Act, 2000.
  • The Drugs and Cosmetics Act, 1940.
  • The Drugs, Medical Devices, and Cosmetic bills, 2022 (which is yet to be passed)


LAWS applicable to Mobile Apps

  • Key Areas governed under the IT Act, 2000, and Drugs and Cosmetics Act, 1940:

There is no law exclusively to govern the enforcement of mobile apps in the pharmaceutical sector. The current law which focuses on such area is the IT Act and the Drugs and Cosmetics Act. Online and traditional pharmacies were not distinguished by the Drugs and Cosmetics Act of 1940 or its Rules of 1945. Initially, there were no laws in India governing how e-pharmacies operated. The pre-independence era’s drug regulations were not updated to take into account advancements in electronic and information technologies, as well as changes and innovations in pharmacy practice and dispensing. In order to employ information technology in the usage and distribution of medicines in India, the Indian government started working on developing a centralized online e-plat form in 2016. An electronic platform will serve as the nation’s first-ever tracking system for medicines from producer to patient use. The “Sugam” program was first used by the Health Ministry for this purpose.This is one such instance where the IT Act had a major role to play in the pharmaceutical sector. Key areas for enforcement include standards that safeguard the security, confidentiality and privacy of patient health and records. Data protection and infringement are crucial for enforcement due to protected private health information and records used solely for data interpretation for market analysis, marketing, and regulatory exchange.

Areas Governed under the Drugs, Medical Devices and Cosmetics Bill, 2022

India’s regulatory framework for pharmaceutical products has to be completely revised. The draught Drugs, Medical Devices, and Cosmetics Bill, 2022 falls short of implementing the necessary reforms to safeguard Indian citizens’ health and safety and to elevate the country’s pharmaceutical and medical device sector to the level of a true global competitor.The main cause of this is the lack of a statutory, independent regulator. In accordance with World Health Organization recommendations on the regulation of pharmaceutical products, the majority of developed nations have a specialized, statutory regulator for pharmaceuticals and medical devices that enjoys some degree of independence from the government. The present Act does not provide any specific provision to govern the mobile apps which are used in the pharmaceutical sector. Hence, for the purpose of regulating mobile apps, such a bill was introduced. But this bill is yet to be passed.

Laws Applicable to Electronic Records used in Pharmaceutical Industry:

  • Electronic Health Record Standards in India

The Electronic Health Record (EHR) Standards for India were notified by the Ministry of Health & Family Welfare (MoH &FW) in September 2013. Keeping in mind their suitability for and applicability in India, the set of standards provided there were selected from the best accessible and utilised standards applicable to Electronic Health Records from around the world. The recommendations in this paper are pertinent to the implementation of electronic health informatics standards in EHR/EMR and other clinical information systems of the same nature. The focus is on identifying the standards and their intended uses in these systems, followed by a brief implementation strategy guideline. It is acknowledged that correct implementation of these standards will result in the standardization of data capture, storage, view, presentation, and transfer to a point where the meaning and data included in the records will be interoperable. Wider implementation situations, such as those of administrative, legal, or regulatory character, are not covered by this document. Additionally, this paper does not address issues related to the development and management of local, regional, or national infrastructures, indexes, or repositories because those issues are handled by regulatory organizations. The idea that any person in India can visit any healthcare practitioner, diagnostic facility, or pharmacy and still have access to and have always-available, fully integrated electronic health records has been not only liberating but also the future of effective healthcare delivery in the twenty-first century.


Intern at Aggarwals & Associates, S.A.S. Nagar, Mohali