I had written a post few days ago covering the main highlights of the CCI’s press release on its Policy Note on healthcare. In my post, I had summarized and explained the main aspects of the Note (covered by the press release) and observed that though the Policy Note doesn’t really bring in many new recommendations, it does pay heed to the current shift from price control mechanisms to rationalisation of trade margins.
With the recent release of the Policy Note itself by the CCI (which basically elaborates upon the points already mentioned within the press release), few more aspects are worth taking note of.
The CCI’s take on E-Pharmacies
Stating that these e-pharmacies aid in increasing transparency and price competition amongst platforms and retailers, the CCI puts this across as a solution to high trade margins prevalent in drug prices.
Efforts for regulating and legitimizing the e-pharmacies by the Indian Government were kick-started in 2015 with the release of a notification which stated that the Drugs and Cosmetic Rules, 1945 do not differentiate between “conventional and over the Internet sale/distribution of drugs”, thereby making the then-existing laws and regulations applicable to e-pharmacies. Several initiatives were thereafter taken to facilitate their functioning in India. Surprisingly, while highlighting recent developments in this regard, the Policy Note only makes mention of the draft rules on Drugs (Sale and Distribution) Rules, 2017 and points out certain discrepancies in registration and compliance standards under these Rules; it does not take any note at all of the recently released Drugs and Cosmetics (Amendment) Rules 2018!
One of the most notable features of these 2018 Draft Rules is the requirement of creation of e-pharmacy portals which are strictly required to keep the data generated localized. According to Rule 67k of the Draft Rules, “information received by the e-pharmacy registration holder from the customer by way of prescription or in any other manner shall not be disclosed by the e-pharmacy registration holder for any other purposes” but the information will be provided to the appropriate government when required for “public health purposes”. It further mandates that data generated in e-pharmacy portal should be “localized” i.e., the data in Indian e-pharmacy portals should not be sent or stored by any means outside India.
Note: E-pharmacies have run into a bit of trouble recently. The Madras High Court recently passed an interim stay on online sale of drugs till November 9 following a petition filed by the Tamil Nadu Chemists & Druggists Association containing allegations of risky drugs sold by unlicensed online pharmacies. (For more on this, visit here.)
Recognition of Patient’s Right to Data Portability
The CCI recommends the introduction of patient’s right to data portability to protect them from lack of transparency in healthcare services. It opined that the free flow of data from one fiduciary to the other would empower “data principals” (as mentioned in the Bill) by giving them control over personal data and would enhance competition within the industry. It relies on Section 26 of the Personal Data Protection Bill, 2018 (“Bill”) and suggestions given in the Data Protection Committee Report(“Report”) for the same.
Possible Privacy Issues?
Implementation of both these recommendations will give rise to several privacy and data protection concerns.
Data localization measures in India would currently fall under the ambit of the Chapter VIII of the Bill dealing with “Restrictions on Cross-Border Transfer of Personal Data” and Chapter 6 of the Report dealing with “Transfer of Personal Data Outside India”. The need for such measures is highly debated and has been questioned by many since it may have a deleterious impact on the presence of foreign companies in India by decreasing competition in the Indian market. The Draft Rules too seem to impose a blanket ban on cross-border transfer of personal data since the Rules clearly mention that the “data generated or mirrored through e-pharmacy portal shall be sent or stored, by any means, outside the India”. This contradicts the guidelines laid down in the Report which lays down that in cases such as health “cross-border transfers will have to be permitted where certain prompt action needs to be taken in order to protect the life or health of an individual.” Also, in cases where mandatory sharing of personal data of patients with the appropriate government needs to be carried out, the “public health purposes” for which it can be done and the mode of transfer of such information needs to be clarified. Further, the Report mentions that “any obligation requiring the storage and processing of personal data within India should be based on clear advantages arising out of the implementation of such a measure.” Hence, the CCI needs to construct a framework for implementing data localization by e-pharmacies. Also, the need for introducing such cross-border measures in the healthcare industry needs to be adequately justified by the Government before proposing such a measure or legislation.
Similarly, a framework for protection of data privacy of consumers needs to be introduced before introducing the right to data portability. The CCI doesn’t note any exception to this right and simply looks into the benefits of introducing such a right. However, the Report in this regard has mentioned that this right must be provided only “to the extent that it is possible to provide such data or profiles without revealing the relevant secrets”. The Report further provides that this right should be restricted on grounds of technical feasibility i.e., if “technical capabilities as currently existing would make the required access or transfer unfeasible”.
Conclusion: The CCI needs to fine-tune its recommendations a bit by looking into possible data protection and privacy concerns which may arise and ensure that quick, effective implementation of these recommendations takes place.
Image from here