Abstract
The adoption of Electronic Health Records (EHRs) in India has been rapid and the significance of protecting privacy of personal health information has proportionally increased as well. The research emanates from scenario of rapidly rising frequency of cyber-threats to personal health information and lower efficiency of the legal framework in handling such threats. The latest development made towards protection of general digital information Digital Personal Data Protection Act, 2023 ensures protection of digital personal data and incorporates important provisions which were not available in the former legislations and regulatory frameworks. However, the aforementioned Act still lacks several significant provisions in comparison to other legislations governing personal health information in other countries. The research identifies several lacunas existing in the Indian legal landscape which can consequently lay an adverse impact on the privacy of personal health information. Furthermore, it also analyzes the legal framework and further conducts a comparative review of the legislations in European Union and United States. The comparative assessment highlights absence of several provisions in Indian legal framework and consequently affecting the data privacy of health information. The analysis following the comparative assessment lays down broad spectrum of provisions which can be incorporated in the Indian legislative structure.
Keywords: Cyber-Security, Cyber-Threats, Data Privacy, Electronic Health Records (EHR), Healthcare, Health Data