{"id":389032,"date":"2026-07-02T09:00:22","date_gmt":"2026-07-02T03:30:22","guid":{"rendered":"https:\/\/www.scconline.com\/blog\/?p=389032"},"modified":"2026-07-01T18:14:01","modified_gmt":"2026-07-01T12:44:01","slug":"dpdpa-connected-healthcare-medtech-privacy-analysis","status":"publish","type":"post","link":"https:\/\/www.scconline.com\/blog\/post\/2026\/07\/02\/dpdpa-connected-healthcare-medtech-privacy-analysis\/","title":{"rendered":"Connected Healthcare and the Right to Privacy &#151; Impact of DPDPA on Med-Tech"},"content":{"rendered":"<div style=\"text-align: justify; line-height: 150%;\">\n<p style=\"margin-bottom: 3%; font-style: italic; text-align: center;\">In India, the medical devices sector is regulated by the Central Drugs Standard Control Organisation (CDSCO) under the <a href=\"https:\/\/www.scconline.com\/DocumentLink.aspx?q=JTXT-0002852199\" target=\"_blank\">Drugs and Cosmetics Act, 1940<\/a> (the Act) and the <a href=\"https:\/\/www.scconline.com\/DocumentLink.aspx?q=JTXT-0002939438\" target=\"_blank\">Medical Device Rules, 2017<\/a>.<\/p>\n<p style=\"margin-bottom: 3%;\">India&#8217;s medical devices sector has become an important pillar of the healthcare ecosystem. Traditionally, medical devices were understood as physical products used for diagnosis, monitoring, or treatment. Today, however, the medtech ecosystem extends far beyond hardware. It includes telemedicine platforms, AI-enabled diagnostic tools, wearable health devices, remote monitoring systems, and software embedded into medical equipment.<\/p>\n<p style=\"margin-bottom: 3%;\">In India, the medical devices sector is regulated by the Central Drugs Standard Control Organisation (CDSCO) under the <a href=\"https:\/\/www.scconline.com\/DocumentLink.aspx?q=JTXT-0002852199\" target=\"_blank\">Drugs and Cosmetics Act, 1940<\/a> (the Act) and the <a href=\"https:\/\/www.scconline.com\/DocumentLink.aspx?q=JTXT-0002939438\" target=\"_blank\">Medical Device Rules, 2017<\/a>. Unlike many jurisdictions where pharmaceuticals and medical devices are regulated separately, India classifies medical devices as &#8220;drugs&#8221; under Section <a href=\"https:\/\/www.scconline.com\/DocumentLink.aspx?q=JTXT-0001541965\" target=\"_blank\"><span class=\"Hyperlink\">3(<span style=\"font-style: italic;\">b<\/span>)<\/span><\/a> of the <a href=\"https:\/\/www.scconline.com\/DocumentLink.aspx?q=JTXT-0002852199\" target=\"_blank\">Act<\/a>.<\/p>\n<p style=\"margin-bottom: 3%;\">The sector is also witnessing rapid growth. India&#8217;s med-tech market is expected to reach nearly USD 12 billion by 2030.<\/span><a id=\"fnref1\" href=\"#fn1\" title=\"1. Suresh Subramanian, &#8220;India's MedTech Transformation: Paving the Path to Global Leadership&#8221; EY India Report (26-11-2024), available at &lt;https:\/\/www.ey.com\/en_in\/insights\/health\/india-s-medtech-transformation-paving-the-path-to-global-leadership&gt;.\"><sup>1<\/sup><\/a> At the same time, the nature of medical devices is changing rapidly. Earlier, devices such as ECG machines were standalone systems located within hospitals or clinics. Today, the same functions are performed through connected wearables such as smartwatches and remote monitoring devices. These systems continuously collect, process, and transmit health data across applications, cloud servers, software providers, hospitals, and device manufacturers.<\/span><\/p>\n<p style=\"margin-bottom: 3%;\">This transformation has made medtech a significant processor of personal data, particularly sensitive health-related data. Under the <span class=\"Hyperlink\"><a href=\"https:\/\/www.scconline.com\/DocumentLink.aspx?q=JTXT-9001593555\" target=\"_blank\">Digital Personal Data Protection Act, 2023<\/a> (DPDPA)<\/span>, &#8220;personal data&#8221;<\/span><a id=\"fnref2\" href=\"#fn2\" title=\"2. DPDPA, 2023, S. 2(t) &#8220;Definitions&#8221;.\"><sup>2<\/sup><\/a> means any data through which a living individual can be identified. Digitised healthcare systems allow caregivers to analyse and share patient data more efficiently. It is reducing cost, but at the same time, it is leading to generation of voluminous amounts of personal data. This increased connectivity also increases risk. Connected devices, hospital networks, legacy systems, and third-party software integrations create multiple points of vulnerability for cyberattacks and unauthorised access to patient information, as per a report published by Philips.<\/span><a id=\"fnref3\" href=\"#fn3\" title=\"3. Whitepaper on Philips &#8220;Cyberattacks &mdash; A Threat to Patient Safety&#8221; available at &lt;https:\/\/www.documents.philips.com\/assets\/20250401\/c1e7bc3723844132b0b8b2b20138a080.pdf&gt;.\"><sup>3<\/sup><\/a><\/span><\/p>\n<p style=\"margin-bottom: 3%;\">The issue becomes even more important considering India&#8217;s dependence on imported medical devices, which currently account for nearly 70&#8212;80 per cent of the sector. Many devices transmit data across jurisdictions or rely on foreign software infrastructure, creating additional compliance and cybersecurity considerations. Under Section <a href=\"https:\/\/www.scconline.com\/DocumentLink.aspx?q=JTXT-9001593456\" target=\"_blank\">16<\/a><a id=\"fnref4\" href=\"#fn4\" title=\"4. DPDPA, S. 16 &#8220;Cross border transfer of personal data&#8221;.\"><sup>4<\/sup><\/a> <a href=\"https:\/\/www.scconline.com\/DocumentLink.aspx?q=JTXT-9001593555\" target=\"_blank\">DPDPA<\/a>, personal data may be transferred outside the Indian borders subject to any orders (general or special) of the Central Government.<a id=\"fnref5\" href=\"#fn5\" title=\"5. DPDP Rules, 2025, R. 15 &#8220;Transfer of personal data outside the territory of India&#8221;.\"><sup>5<\/sup><\/a> Medtech industry needs to be cognizant of the restriction or legal conditions imposed by the Central Government of India under this clause.<\/p>\n<p style=\"font-weight: bold;\">DPDPA and the medtech sector<\/p>\n<p style=\"margin-bottom: 3%;\">The <a href=\"https:\/\/www.scconline.com\/DocumentLink.aspx?q=JTXT-9001593555\" target=\"_blank\">DPDPA<\/a> introduces a new layer of compliance obligations for the med-tech ecosystem. The law provides for financial penalties of up to INR 250 crores for certain contraventions. Given the volume and sensitivity of health data processed by med-tech entities, compliance will become a major operational requirement.<\/p>\n<p style=\"margin-bottom: 3%;\">One of the key obligations under the DPDPA is notice and consent management.<a id=\"fnref6\" href=\"#fn6\" title=\"6. DPDPA, Ss. 5 &#8220;Notice&#8221; and 6 &#8220;Consent&#8221;.\"><sup>6<\/sup><\/a> Medtech entities processing patient information must ensure that valid consent mechanisms exist before personal data is processed or shared. In cases where device manufacturers or software providers do not directly collect patient information, formal data processing agreements with hospitals and healthcare providers become important. These agreements should clearly address issues such as cross-border data transfers, grievance redressal, retention timelines, and management of data principal rights.<\/p>\n<p style=\"margin-bottom: 3%;\">Another major requirement relates to reasonable security safeguards.<a id=\"fnref7\" href=\"#fn7\" title=\"7. DPDPA, S. 8(5) &#8220;General obligations of data fiduciaries&#8221;.\"><sup>7<\/sup><\/a> Since medical devices are increasingly connected to networks, manufacturers and operators must implement strong technical protections within devices and software systems. Encryption, masking, tokenisation, secure authentication systems, access controls, backup mechanisms, and logging systems are becoming essential.<\/span><a id=\"fnref8\" href=\"#fn8\" title=\"8. DPDP Rules, 2025, R. 6 &#8220;Reasonable security safeguards&#8221;.\"><sup>8<\/sup><\/a> In many cases, cybersecurity and privacy compliance are now overlapping obligations.<\/span><\/p>\n<p style=\"margin-bottom: 3%;\">The DPDPA also increases the importance of Data Protection Impact Assessments (DPIA).<\/span><a id=\"fnref9\" href=\"#fn9\" title=\"9. DPDPA, S. 10 &#8220;Obligations of significant data fiduciaries&#8221;.\"><sup>9<\/sup><\/a> DPIA&#8217;s help organisations assess the necessity, proportionality, and risks involved in personal data processing activities. Since medtech devices routinely process sensitive health information, DPIA can play an important role in identifying privacy risks arising from connected devices, cloud integrations, AI tools, and cross-border transfers of patient information.<\/span><\/p>\n<p style=\"margin-bottom: 3%;\">Perhaps the most important concept for the medtech industry is Privacy by Design (PbD). Medtech ecosystem is composed of tangible and intangible products. Adherence to principles of PbD will help them to ensure compliance with DPDPA law.<\/p>\n<p style=\"\">PbD is built around seven foundational principles<\/span><a id=\"fnref10\" href=\"#fn10\" title=\"10. These principles originated in early 1990's by Ms Ann Cavoukian, former Information and Privacy Commissioner of Ontario, available at &lt;https:\/\/share.google\/ZAB2kbsdGMDlxi4X8&gt; last accessed 12-5-2026.\"><sup>10<\/sup><\/a>:<\/span><\/p>\n<p style=\"margin-left: 36pt; text-indent: -18pt;\">1. proactive not reactive,<\/p>\n<p style=\"margin-left: 36pt; text-indent: -18pt;\">2. privacy as the default setting,<\/p>\n<p style=\"margin-left: 36pt; text-indent: -18pt;\">3. privacy embedded into design,<\/p>\n<p style=\"margin-left: 36pt; text-indent: -18pt;\">4. full functionality without unnecessary trade-offs,<\/p>\n<p style=\"margin-left: 36pt; text-indent: -18pt;\">5. end-to-end security,<\/p>\n<p style=\"margin-left: 36pt; text-indent: -18pt;\">6. visibility and transparency,<\/p>\n<p style=\"margin-left: 36pt; text-indent: -18pt; margin-bottom: 3%;\">7. respect for user privacy.<\/p>\n<p style=\"margin-bottom: 3%;\">These principles are particularly relevant in healthcare technology because devices continuously process highly sensitive information. For example, a wearable heart-monitoring device may analyse ECG data locally on the device and only transmit summarised alerts or insights to the cloud, instead of continuously transferring raw identifiable health information. Embedding privacy into the product itself can significantly reduce privacy risks.<\/p>\n<p style=\"margin-bottom: 3%;\">As per the Central Government Notification dated 14 November 2025, the DPDPA is in-force. Data fiduciaries will need to achieve compliance with the DPDPA by 14 May 2027.<\/span><a id=\"fnref11\" href=\"#fn11\" title=\"11. Press Release, DPDP Rules, 2025 Notified A Citizen-Centric Framework for Privacy Protection and Responsible Data Use (17-11-2025), available at &lt;https:\/\/www.pib.gov.in\/PressReleasePage.aspx?PRID=2190655&amp;reg=3&amp;lang=2&gt;.\"><sup>11<\/sup><\/a> The term data fiduciary<\/span><a id=\"fnref12\" href=\"#fn12\" title=\"12. DPDPA, S. 2(i) &#8220;Definitions&#8221;.\"><sup>12<\/sup><\/a> means those entities which decide the means and purposes of processing of personal data. It includes medtech product manufacturers, hospitals, software providers, health-tech platforms and cloud operators, etc.<\/span><\/p>\n<p style=\"font-weight: bold;\">Voluntary standards and best practices<\/p>\n<p style=\"\">Apart from statutory compliance, there are also voluntary standards that can strengthen privacy and cybersecurity governance within the sector.<\/p>\n<p style=\"margin-left: 36pt; text-indent: -18pt;\">1. One such standard is IS\/ISO<\/span><a id=\"fnref13\" href=\"#fn13\" title=\"13. Indian Standard\/International Organisation for Standards.\"><sup>13<\/sup><\/a> 27701:2025, which relates to Privacy Information Management Systems (PIMS). The standard helps organisations establish and maintain structured privacy governance frameworks and is relevant for both device manufacturers and healthcare institutions.<\/span><\/p>\n<p style=\"margin-left: 36pt; text-indent: -18pt; margin-bottom: 3%;\">2. Another important standard is ISO 42001:2023 relating to Artificial Intelligence Management Systems. As AI tools become increasingly integrated into diagnostics, imaging, remote monitoring, and clinical decision-making, structured governance of AI systems is becoming increasingly important.<\/p>\n<p style=\"font-weight: bold;\">Conclusion<\/p>\n<p style=\"margin-bottom: 3%;\">The medtech industry is no longer limited to standalone medical equipment. It has evolved into a connected digital ecosystem where devices, software, cloud infrastructure, and patient data constantly interact with one another.<\/p>\n<p style=\"margin-bottom: 3%;\">With the enforcement of the DPDPA, the sector will now need to view privacy compliance as a core operational requirement rather than merely a legal obligation. Manufacturers, hospitals, software providers, and platform operators will all need to reassess how health data is collected, transferred, stored, and secured.<\/p>\n<p style=\"margin-bottom: 3%;\">As healthcare becomes increasingly data-driven, privacy, cybersecurity, and product design will become central to the future of the medtech industry in India.<\/p>\n<\/div>\n<hr\/>\n<p style=\"margin-left: 18pt; text-indent: -18pt;\"><strong><span style=\"color: #000080;\">*Tech Lawyer, Senior Manager, Legal and Regulatory Affairs, K&amp;S Digiprotect Services Pvt. Ltd. Author can be reached at: <a href=\"mailto:adv.amanvarma@gmail.com\" target=\"_blank\">adv.amanvarma@gmail.com<\/a>.<\/span><\/strong><\/p>\n<p style=\"margin-left: 18pt; text-indent: -18pt;\"><a id=\"fn1\" href=\"#fnref1\">1.<\/a> Suresh Subramanian, &#8220;India&#8217;s MedTech Transformation: Paving the Path to Global Leadership&#8221; EY India Report (26-11-2024), available at &lt;<a href=\"https:\/\/www.ey.com\/en_in\/insights\/health\/india-s-medtech-transformation-paving-the-path-to-global-leadership\" target=\"_blank\">https:\/\/www.ey.com\/en_in\/insights\/health\/india-s-medtech-transformation-paving-the-path-to-global-leadership<\/a>&gt;.<\/p>\n<p style=\"margin-left: 18pt; text-indent: -18pt;\"><a id=\"fn2\" href=\"#fnref2\">2.<\/a> <a href=\"https:\/\/www.scconline.com\/DocumentLink.aspx?q=JTXT-9001593555\" target=\"_blank\">DPDPA, 2023<\/a>, S. <a href=\"https:\/\/www.scconline.com\/DocumentLink.aspx?q=JTXT-9001593460\" target=\"_blank\">2(<span style=\"font-style: italic;\">t<\/span>)<\/a> &#8220;Definitions&#8221;.<\/p>\n<p style=\"margin-left: 18pt; text-indent: -18pt;\"><a id=\"fn3\" href=\"#fnref3\">3.<\/a> Whitepaper on Philips &#8220;Cyberattacks &mdash; A Threat to Patient Safety&#8221; available at &lt;<a href=\"https:\/\/www.documents.philips.com\/assets\/20250401\/c1e7bc3723844132b0b8b2b20138a080.pdf\" target=\"_blank\">https:\/\/www.documents.philips.com\/assets\/20250401\/c1e7bc3723844132b0b8b2b20138a080.pdf<\/a>&gt;.<\/p>\n<p style=\"margin-left: 18pt; text-indent: -18pt;\"><a id=\"fn4\" href=\"#fnref4\">4.<\/a> <a href=\"https:\/\/www.scconline.com\/DocumentLink.aspx?q=JTXT-9001593555\" target=\"_blank\">DPDPA<\/a>, S. <a href=\"https:\/\/www.scconline.com\/DocumentLink.aspx?q=JTXT-9001593456\" target=\"_blank\">16<\/a> &#8220;Cross border transfer of personal data&#8221;.<\/p>\n<p style=\"margin-left: 18pt; text-indent: -18pt;\"><a id=\"fn5\" href=\"#fnref5\">5.<\/a> <a href=\"https:\/\/www.scconline.com\/DocumentLink.aspx?q=JTXT-9002981468\" target=\"_blank\">DPDP Rules, 2025<\/a>, R. 15 &#8220;Transfer of personal data outside the territory of India&#8221;.<\/p>\n<p style=\"margin-left: 18pt; text-indent: -18pt;\"><a id=\"fn6\" href=\"#fnref6\">6.<\/a> <a href=\"https:\/\/www.scconline.com\/DocumentLink.aspx?q=JTXT-9001593555\" target=\"_blank\">DPDPA<\/a>, Ss. <a href=\"https:\/\/www.scconline.com\/DocumentLink.aspx?q=JTXT-9001593488\" target=\"_blank\">5<\/a> &#8220;Notice&#8221; and <a href=\"https:\/\/www.scconline.com\/DocumentLink.aspx?q=JTXT-9001593489\" target=\"_blank\">6<\/a> &#8220;Consent&#8221;.<\/p>\n<p style=\"margin-left: 18pt; text-indent: -18pt;\"><a id=\"fn7\" href=\"#fnref7\">7.<\/a> <a href=\"https:\/\/www.scconline.com\/DocumentLink.aspx?q=JTXT-9001593555\" target=\"_blank\">DPDPA<\/a>, S. <a href=\"https:\/\/www.scconline.com\/DocumentLink.aspx?q=JTXT-9001593491\" target=\"_blank\">8(5)<\/a> &#8220;General obligations of data fiduciaries&#8221;.<\/p>\n<p style=\"margin-left: 18pt; text-indent: -18pt;\"><a id=\"fn8\" href=\"#fnref8\">8.<\/a> <a href=\"https:\/\/www.scconline.com\/DocumentLink.aspx?q=JTXT-9002981468\" target=\"_blank\">DPDP Rules, 2025<\/a>, R. 6 &#8220;Reasonable security safeguards&#8221;.<\/p>\n<p style=\"margin-left: 18pt; text-indent: -18pt;\"><a id=\"fn9\" href=\"#fnref9\">9.<\/a> <a href=\"https:\/\/www.scconline.com\/DocumentLink.aspx?q=JTXT-9001593555\" target=\"_blank\">DPDPA<\/a>, S. <a href=\"https:\/\/www.scconline.com\/DocumentLink.aspx?q=JTXT-9001593450\" target=\"_blank\">10<\/a> &#8220;Obligations of significant data fiduciaries&#8221;.<\/p>\n<p style=\"margin-left: 18pt; text-indent: -18pt;\"><a id=\"fn10\" href=\"#fnref10\">10.<\/a> These principles originated in early 1990&#8217;s by Ms Ann Cavoukian, former Information and Privacy Commissioner of Ontario, available at &lt;<a href=\"https:\/\/share.google\/ZAB2kbsdGMDlxi4X8\" target=\"_blank\">https:\/\/share.google\/ZAB2kbsdGMDlxi4X8<\/a>&gt; last accessed 12-5-2026.<\/p>\n<p style=\"margin-left: 18pt; text-indent: -18pt;\"><a id=\"fn11\" href=\"#fnref11\">11.<\/a> Press Release, DPDP Rules, 2025 Notified A Citizen-Centric Framework for Privacy Protection and Responsible Data Use (17-11-2025), available at &lt;<a href=\"https:\/\/www.pib.gov.in\/PressReleasePage.aspx?PRID=2190655&amp;reg=3&amp;lang=2\" target=\"_blank\">https:\/\/www.pib.gov.in\/PressReleasePage.aspx?PRID=2190655&amp;reg=3&amp;lang=2<\/a>&gt;.<\/p>\n<p style=\"margin-left: 18pt; text-indent: -18pt;\"><a id=\"fn12\" href=\"#fnref12\">12.<\/a> <a href=\"https:\/\/www.scconline.com\/DocumentLink.aspx?q=JTXT-9001593555\" target=\"_blank\">DPDPA<\/a>, S. <a href=\"https:\/\/www.scconline.com\/DocumentLink.aspx?q=JTXT-9001593460\" target=\"_blank\">2(<span style=\"font-style: italic;\">i<\/span>)<\/a> &#8220;Definitions&#8221;.<\/p>\n<p style=\"margin-left: 18pt; text-indent: -18pt;\"><a id=\"fn13\" href=\"#fnref13\">13.<\/a> Indian Standard\/International Organisation for Standards.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>by Aman Varma*<\/p>\n","protected":false},"author":67011,"featured_media":389033,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[42503,1191],"tags":[108583,108581,108580,108584,108582,108585],"class_list":["post-389032","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-legal-analysis","category-op-ed","tag-ai-healthcare-devices-dpdpa-compliance","tag-connected-healthcare-digital-personal-data-protection-act","tag-dpdpa-medtech-privacy-compliance-india-analysis","tag-health-data-protection-medtech-cybersecurity-india","tag-medical-devices-data-privacy-india","tag-privacy-by-design-medical-technology-dpdpa"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.4 (Yoast SEO v27.4) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>DPDPA and Connected Healthcare: Med-Tech Privacy | SCC Times<\/title>\n<meta name=\"description\" content=\"Analysis of DPDPA compliance, privacy, and cybersecurity in India&#039;s connected healthcare sector.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.scconline.com\/blog\/post\/2026\/07\/02\/dpdpa-connected-healthcare-medtech-privacy-analysis\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Connected Healthcare and the Right to Privacy \u2014 Impact of DPDPA on Med-Tech\" \/>\n<meta property=\"og:description\" content=\"Analysis of DPDPA compliance, privacy, and cybersecurity in India&#039;s connected healthcare sector.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.scconline.com\/blog\/post\/2026\/07\/02\/dpdpa-connected-healthcare-medtech-privacy-analysis\/\" \/>\n<meta property=\"og:site_name\" content=\"SCC Times\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/scc.online\/\" \/>\n<meta property=\"article:published_time\" content=\"2026-07-02T03:30:22+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2026\/07\/DPDPA-medtech-privacy-compliance-India-analysis.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"886\" \/>\n\t<meta property=\"og:image:height\" content=\"590\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Editor\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Connected Healthcare and the Right to Privacy &#151; Impact of DPDPA on Med-Tech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Editor\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/post\\\/2026\\\/07\\\/02\\\/dpdpa-connected-healthcare-medtech-privacy-analysis\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/post\\\/2026\\\/07\\\/02\\\/dpdpa-connected-healthcare-medtech-privacy-analysis\\\/\"},\"author\":{\"name\":\"Editor\",\"@id\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/#\\\/schema\\\/person\\\/84e42bab48238baf12c7e33b3d9761fe\"},\"headline\":\"Connected Healthcare and the Right to Privacy &#151; Impact of DPDPA on Med-Tech\",\"datePublished\":\"2026-07-02T03:30:22+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/post\\\/2026\\\/07\\\/02\\\/dpdpa-connected-healthcare-medtech-privacy-analysis\\\/\"},\"wordCount\":1251,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/post\\\/2026\\\/07\\\/02\\\/dpdpa-connected-healthcare-medtech-privacy-analysis\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/DPDPA-medtech-privacy-compliance-India-analysis.webp\",\"keywords\":[\"AI healthcare devices DPDPA compliance\",\"connected healthcare Digital Personal Data Protection Act\",\"DPDPA medtech privacy compliance India analysis\",\"health data protection medtech cybersecurity India\",\"medical devices data privacy India\",\"Privacy by Design medical technology DPDPA\"],\"articleSection\":[\"Op Eds\",\"OP. ED.\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.scconline.com\\\/blog\\\/post\\\/2026\\\/07\\\/02\\\/dpdpa-connected-healthcare-medtech-privacy-analysis\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/post\\\/2026\\\/07\\\/02\\\/dpdpa-connected-healthcare-medtech-privacy-analysis\\\/\",\"url\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/post\\\/2026\\\/07\\\/02\\\/dpdpa-connected-healthcare-medtech-privacy-analysis\\\/\",\"name\":\"DPDPA and Connected Healthcare: Med-Tech Privacy | SCC Times\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/post\\\/2026\\\/07\\\/02\\\/dpdpa-connected-healthcare-medtech-privacy-analysis\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/post\\\/2026\\\/07\\\/02\\\/dpdpa-connected-healthcare-medtech-privacy-analysis\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/DPDPA-medtech-privacy-compliance-India-analysis.webp\",\"datePublished\":\"2026-07-02T03:30:22+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/#\\\/schema\\\/person\\\/84e42bab48238baf12c7e33b3d9761fe\"},\"description\":\"Analysis of DPDPA compliance, privacy, and cybersecurity in India's connected healthcare sector.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/post\\\/2026\\\/07\\\/02\\\/dpdpa-connected-healthcare-medtech-privacy-analysis\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.scconline.com\\\/blog\\\/post\\\/2026\\\/07\\\/02\\\/dpdpa-connected-healthcare-medtech-privacy-analysis\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/post\\\/2026\\\/07\\\/02\\\/dpdpa-connected-healthcare-medtech-privacy-analysis\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/DPDPA-medtech-privacy-compliance-India-analysis.webp\",\"contentUrl\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/DPDPA-medtech-privacy-compliance-India-analysis.webp\",\"width\":886,\"height\":590,\"caption\":\"DPDPA medtech privacy compliance India analysis\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/post\\\/2026\\\/07\\\/02\\\/dpdpa-connected-healthcare-medtech-privacy-analysis\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Connected Healthcare and the Right to Privacy &#151; Impact of DPDPA on Med-Tech\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/\",\"name\":\"SCC Times\",\"description\":\"Bringing you the Best Analytical Legal News\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/#\\\/schema\\\/person\\\/84e42bab48238baf12c7e33b3d9761fe\",\"name\":\"Editor\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/34e366be721c41333586de05faa13743195f5b142dcd7a015c6fabd2389521d0?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/34e366be721c41333586de05faa13743195f5b142dcd7a015c6fabd2389521d0?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/34e366be721c41333586de05faa13743195f5b142dcd7a015c6fabd2389521d0?s=96&d=mm&r=g\",\"caption\":\"Editor\"},\"url\":\"https:\\\/\\\/www.scconline.com\\\/blog\\\/post\\\/author\\\/editor_4\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"DPDPA and Connected Healthcare: Med-Tech Privacy | SCC Times","description":"Analysis of DPDPA compliance, privacy, and cybersecurity in India's connected healthcare sector.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.scconline.com\/blog\/post\/2026\/07\/02\/dpdpa-connected-healthcare-medtech-privacy-analysis\/","og_locale":"en_US","og_type":"article","og_title":"Connected Healthcare and the Right to Privacy \u2014 Impact of DPDPA on Med-Tech","og_description":"Analysis of DPDPA compliance, privacy, and cybersecurity in India's connected healthcare sector.","og_url":"https:\/\/www.scconline.com\/blog\/post\/2026\/07\/02\/dpdpa-connected-healthcare-medtech-privacy-analysis\/","og_site_name":"SCC Times","article_publisher":"https:\/\/www.facebook.com\/scc.online\/","article_published_time":"2026-07-02T03:30:22+00:00","og_image":[{"width":886,"height":590,"url":"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2026\/07\/DPDPA-medtech-privacy-compliance-India-analysis.jpg","type":"image\/jpeg"}],"author":"Editor","twitter_card":"summary_large_image","twitter_title":"Connected Healthcare and the Right to Privacy &#151; Impact of DPDPA on Med-Tech","twitter_misc":{"Written by":"Editor","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.scconline.com\/blog\/post\/2026\/07\/02\/dpdpa-connected-healthcare-medtech-privacy-analysis\/#article","isPartOf":{"@id":"https:\/\/www.scconline.com\/blog\/post\/2026\/07\/02\/dpdpa-connected-healthcare-medtech-privacy-analysis\/"},"author":{"name":"Editor","@id":"https:\/\/www.scconline.com\/blog\/#\/schema\/person\/84e42bab48238baf12c7e33b3d9761fe"},"headline":"Connected Healthcare and the Right to Privacy &#151; Impact of DPDPA on Med-Tech","datePublished":"2026-07-02T03:30:22+00:00","mainEntityOfPage":{"@id":"https:\/\/www.scconline.com\/blog\/post\/2026\/07\/02\/dpdpa-connected-healthcare-medtech-privacy-analysis\/"},"wordCount":1251,"commentCount":0,"image":{"@id":"https:\/\/www.scconline.com\/blog\/post\/2026\/07\/02\/dpdpa-connected-healthcare-medtech-privacy-analysis\/#primaryimage"},"thumbnailUrl":"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2026\/07\/DPDPA-medtech-privacy-compliance-India-analysis.webp","keywords":["AI healthcare devices DPDPA compliance","connected healthcare Digital Personal Data Protection Act","DPDPA medtech privacy compliance India analysis","health data protection medtech cybersecurity India","medical devices data privacy India","Privacy by Design medical technology DPDPA"],"articleSection":["Op Eds","OP. ED."],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.scconline.com\/blog\/post\/2026\/07\/02\/dpdpa-connected-healthcare-medtech-privacy-analysis\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.scconline.com\/blog\/post\/2026\/07\/02\/dpdpa-connected-healthcare-medtech-privacy-analysis\/","url":"https:\/\/www.scconline.com\/blog\/post\/2026\/07\/02\/dpdpa-connected-healthcare-medtech-privacy-analysis\/","name":"DPDPA and Connected Healthcare: Med-Tech Privacy | SCC Times","isPartOf":{"@id":"https:\/\/www.scconline.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.scconline.com\/blog\/post\/2026\/07\/02\/dpdpa-connected-healthcare-medtech-privacy-analysis\/#primaryimage"},"image":{"@id":"https:\/\/www.scconline.com\/blog\/post\/2026\/07\/02\/dpdpa-connected-healthcare-medtech-privacy-analysis\/#primaryimage"},"thumbnailUrl":"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2026\/07\/DPDPA-medtech-privacy-compliance-India-analysis.webp","datePublished":"2026-07-02T03:30:22+00:00","author":{"@id":"https:\/\/www.scconline.com\/blog\/#\/schema\/person\/84e42bab48238baf12c7e33b3d9761fe"},"description":"Analysis of DPDPA compliance, privacy, and cybersecurity in India's connected healthcare sector.","breadcrumb":{"@id":"https:\/\/www.scconline.com\/blog\/post\/2026\/07\/02\/dpdpa-connected-healthcare-medtech-privacy-analysis\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.scconline.com\/blog\/post\/2026\/07\/02\/dpdpa-connected-healthcare-medtech-privacy-analysis\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.scconline.com\/blog\/post\/2026\/07\/02\/dpdpa-connected-healthcare-medtech-privacy-analysis\/#primaryimage","url":"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2026\/07\/DPDPA-medtech-privacy-compliance-India-analysis.webp","contentUrl":"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2026\/07\/DPDPA-medtech-privacy-compliance-India-analysis.webp","width":886,"height":590,"caption":"DPDPA medtech privacy compliance India analysis"},{"@type":"BreadcrumbList","@id":"https:\/\/www.scconline.com\/blog\/post\/2026\/07\/02\/dpdpa-connected-healthcare-medtech-privacy-analysis\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.scconline.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Connected Healthcare and the Right to Privacy &#151; Impact of DPDPA on Med-Tech"}]},{"@type":"WebSite","@id":"https:\/\/www.scconline.com\/blog\/#website","url":"https:\/\/www.scconline.com\/blog\/","name":"SCC Times","description":"Bringing you the Best Analytical Legal News","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.scconline.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.scconline.com\/blog\/#\/schema\/person\/84e42bab48238baf12c7e33b3d9761fe","name":"Editor","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/34e366be721c41333586de05faa13743195f5b142dcd7a015c6fabd2389521d0?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/34e366be721c41333586de05faa13743195f5b142dcd7a015c6fabd2389521d0?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/34e366be721c41333586de05faa13743195f5b142dcd7a015c6fabd2389521d0?s=96&d=mm&r=g","caption":"Editor"},"url":"https:\/\/www.scconline.com\/blog\/post\/author\/editor_4\/"}]}},"jetpack_featured_media_url":"https:\/\/www.scconline.com\/blog\/wp-content\/uploads\/2026\/07\/DPDPA-medtech-privacy-compliance-India-analysis.webp","jetpack_sharing_enabled":true,"jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/posts\/389032","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/users\/67011"}],"replies":[{"embeddable":true,"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/comments?post=389032"}],"version-history":[{"count":2,"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/posts\/389032\/revisions"}],"predecessor-version":[{"id":389036,"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/posts\/389032\/revisions\/389036"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/media\/389033"}],"wp:attachment":[{"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/media?parent=389032"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/categories?post=389032"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.scconline.com\/blog\/wp-json\/wp\/v2\/tags?post=389032"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}