TABLE OF CONTENTS INTRODUCTION; RESEARCH METHODOLOGY ; CHAPTER·1 ; THREE PILLARS OF PATIENT DATA PROTECTION: PRIVACY, SECURITY AND CONFIDENTIALITY ; 1.1 PRIVACY AND HEALTHCARE INFORMATION ; 1.1. INTERNATIONAL CONVENTIONS AND OBLIGATIONS TO PROTECT PRIVACY ; 1.1.2 CONCEPT OF INFORMATIONAL PRIVACY AS FUNDAMENTAL RIGHT ; 1.2 SECURITY AND HEALTHCARE ; 1.3 CONFIDENTIALITY ; CHAPTER·2 ; SHIFT FROM PAPER TO ELECTRONIC HEALTH RECORDS ·PRIVACY CONCERNS ; 2.1 BIG DATA· ANALYTICS - NEW HOPE TO RESEARCH IN MEDICINE? ; 2.2 HARMS ASSOCIATED WITH EHR BASED RESEARCH ; 2.2.1. PRIVACY RELATED HARMS ; 2.2.2 SOME OF THE HARMS NOT RELATED TO PRIVACY ; CHAPTER·3 ; DOMESTIC LEGISLATION'S PROTECTING PRIVACY IN HEALTHCARE SECTOR ; 3.1 THE PRIVACY PRINCIPLES PROPOSED BY JUSTICE AP SHAH COMMITTEE REPORT ; 3.2 ANALYSIS OF DOMESTIC LEGISLATION PERTAINING TO PRIVACY IN HEALTHCARE SECTOR IN LIGHT OF PRIVACY PRINCIPLES ; 3.2.1 INDIAN MEDICAL COUNCIL (PROFESSIONAL CONDUCT, ETIQUETTE AND ETHICS) REGULATIONS, 2002 (CODE OF ETHICS REGULATIONS, 2002) ; 3.2.2 MENTAL HEALTH ACT, 1987 ; 3.2.3 PRE·CONCEPTION AND PRE-NATAL DIAGNOSTIC TECHNIQUES (PROHIBITION OF SEX SELECTION) ACT, 1994 ; 3.2.4 MEDICAL TERMINATION OF PREGNANCY ACT, 1971 ; 3.2.5 EPIDEMIC DISEASES ACT, 1897 ; 3.2.6 THE HUMAN IMMUNODEFICIENCY VIRUS AND ACQUIRED ; IMMUNE DEFICIENCY SYNDROME (PREVENTION AND CONTROL ACT, 2017 ; CHAPTER·4 ; CURRENT DATA PROTECTION REG IME IN INDIA ; 4.1 DATA PROTECTION PROVISIONS IN THE INFORMATION TECHNOLOGY ACT 2000 (IT ACT); 4.2 ITA REASONABLE SECURITY PRACTICES AND PROCEDURES AND SENSITIVE PERSONAL DATA DR INFORMATION RULES 2011 ; CHAPTER·5 ; PROTECTION OF HEALTH DATA IN UNITED STATES ; 5.1 PRIVACY RULE UNDER HIPAA ; 5.2 CRITICISM OF PRIVACY RULE ; 5.2.1 EXAMPLE OF GLB AND ITS FAILURE ; 5.2.2 HIPAA A REGULATORY OXYMMORON ; 5.3 HIPAA· A SECTORAL REGULATORY REGIME ; 5.3.1 DOWNSTREAM AND UPSTREAM MODEL OF DATA PROTECTION ; 5.3.2 HIPAA a downstream protection model ; 5.4 REGULATORY TURBULENCE, DISRUPTION & ARBITRAGE ; 5.4.1 TURBULENCE AND DISRUPTION ; 5.4.2 TURBULENCE, DISRUPTION, AND ARBITRAGE IN PRACTICE ; CHAPTER·6 ; GENERAL DATA PROTECTION REG IME IN EU ; 6.1 PROVISIONS RELATING TO PATIENT PRIVACY IN HEAL TH CARE SECTOR ; 6.1.1 PROVISIONS RELATING TO CONSENT, OPENNESS, PURPOSE LIMITATION AND PROHIBITION ON MARKETING ; 6.1.2 RIGHTS OF DATA SUBJECTS ; 6.2 IMPACT OF GDPR ON HEAL TH CARE SECTOR ; 6.2.1 CLINICAL RESEARCH AND GDPR ; 6.2.2 EXTRA TERRITORIAL OPERATION OF THE REGULATION AND CLINICAL RESEARCH ; 6.2.3 RESEARCH CONCERNING SENSITIVE PERSONAL DATA ; SENSITIVE PERSONAL DATA AND ITS REGULATION ; 6.2.2 ADDITIONAL EXCEPTIONS CARVED OUT FOR RESEARCH ; 6.3 PENALTY FOR NON COMPLIANCE ENCOURAGES COMPLIANCE ; CHAPTER 7 ; PROPOSED LEGISLATION TO PROTECT PATIENT DATA IN INDIA ; 7.1 PROVISIONS CONTAINED IN DISHA FOR PROTECTION OF PATIENT PRIVACY ; 7.1.1 CREATION OF REGULATORY AUTHORITIES ; 7.1.2 SAFEGUARDS AND RIGHTS PROVIDED FOR PATIENT PRIVACY ; A. Consent and choice ; 7.1.3 BREACHES OF DIGITAL HEALTH DATA AND NON·COMPLIANCE: ; 7.2 PROPOSED GENERAL DATA PROTECTION REGIME IN INDIA ; 7.2.1 EXAMINATION OF CERTAIN PROVISIONS RELATING TO PROTECTION OF PATIENT PRIVACY IN THE LIGHT OF PROPOSED SECTORAL ENACTMENT OISHA ; 7.2.2 MISSING PROVISIONS IN PROPOSED DATA PROTECTION BILL IN COMPARISON WITH GDPR; CONCLUSION AND SUGGESTIONS ; BIBLIOGRAPHY.