CALL US +91-99301 56000 [email protected]
search
search

Author: Treelife

Data Privacy for Telemedicine Platforms

Posted on by Treelife

Telemedicine Platforms are those that provide a technology platform (website or an app) to facilitate online medical care, through audio, visual and text based means.

Such Telemedicine Platforms must be cognisant of: (a) their practices relating to handling data of patients, Medical Professional(s) (“MP(s)”) and other caregivers (hereinafter referred to as “User Data”); and (b) what impact mishandling of such User Data would have.

In India: (a) the Information Technology Act, 2000 (“IT Act”); (b) the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 (“Data Protection Rules”); and (c) the Information Technology (Intermediaries Guidelines) Rules, 2011 (“Intermediary Guidelines”), presently regulate how Platforms providing telemedicine services handle the data of its users.

Platforms which: (a) provide services that enable recording of Sensitive Personal Data or Information (“SPDI”); and (b) place cookies to record user behaviour,  could become liable under the  IT Act, the Data Protection Rules and the Intermediary Guidelines.

Given the sensitivity of health care data, the Indian Government proposed the Digital Information Security in Healthcare Act (“DISHA“) in the year 2018, and has been deliberating upon the establishment of a National e-health Authority (“NeHA”) since 2015 with a goal to ensure the development of an e-health ecosystem and enable people centric health services in a cost-effective manner. DISHA aims to establish NeHA and State e-health Authorities (SeHA). Moreover, the enactment of the Digital Personal Data Protection Bill, 2022 (“DPDP Bill”), and its consequent effect will be something that would impact how Platforms provide their services.

Role of Platforms as Intermediaries: Active or Passive?

The applicability of the IT Act is slightly different for Platforms which are set up to only facilitate the interaction between the patient and the MP, and are not directly involved in the provision of medical care. In such cases the Platform would be considered as an ‘Intermediary’ under the IT Act and the Intermediary Guidelines. Under the Indian legal framework, Intermediaries are exempt from many of the liabilities/obligations placed by the IT Act on entities processing personal data.

As per section 79 of the IT Act, an Intermediary is not liable for any third party information, data, or communication link made available or hosted by it. This exemption applies only if:

  1. the function of the intermediary is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hosted;
  2. the intermediary does not – initiate the transmission; select the receiver of the transmission AND select or modify the information contained in the transmission; and
  3. the intermediary observes due diligence (as prescribed under the Intermediaries Guidelines) while discharging its duties under the IT Act.

One of the key elements of section 79 of the IT Act is that a Platform must not, (a) initiate the transmission of communication/data by, between its users; and (b) select the receiver of the transmission; and (c) select or modify the information contained in the transmission.

The manner in which a Telemedicine Platform provides its services, would more often than not, require it to facilitate a transaction and/or transmission of data initiated by their users (i.e. MPs and patients), and thereby, many a times, placing more responsibility on a Telemedicine Platform than would be applicable to an Intermediary, under the IT Act. Since a Platform would need to build their tech framework in a manner that facilitates transactions/transmissions, this circumstance may seem harsh.

However, when it comes to initiating a transmission, selecting the receiver of a transmission or selecting or modifying the information contained in the transmission, the Courts in India have laid down the test of passivity.

Essentially, the following are the factors that could determine that a Telemedicine Platform is playing a passive role in the ecosystem, and is therefore granted the protection of an Intermediary:

  1. Whether the role played by that service provider is neutral, in the sense that its conduct is merely technical, automatic and passive, pointing to a lack of knowledge or control of the data which it stores;
  2. Whether the platform is responsible for initiating the transmission, i.e., placing the listing on the website (for Platforms the important question would be whether there is any active uploading, suggesting or placing on such Tech Platform, the services of an MP);
  3. Whether the platform is involved selecting the persons who receive the information (for Platforms this would mean whether they choose/have a say (apart from legally mandated due diligence requirements on MPs) in who/what gains access to their services); and
  4. Does the entity controlling the platform have the power to select or modify the information that is being exchanged on its platform.

Thus, Platforms would only be considered as Intermediaries if their conduct is passive, technical and automatic in their facilitation of Telemedicine based care.

Privacy related Protocols to be followed by Telemedicine Platforms

1.    A Platform would be required to have in place a set of rules and regulations in place that determine how data of users of its Platform will be used. This would require the publishing of a privacy policy, user agreement, terms and conditions et al. that determine the terms of access and use of the service provided by the Platform.

2.    The privacy policy and terms of use/user agreement of a Tech Platform, should be designed and stated in such a way that the patients using the Platform, are aware of the type of SPDI collected, the purpose for which the same is done, the intended recipients of the SPDI and the requirement and the persons/parties to whom SPDI will be disclosed to.

3.    Before the SPDI of a patient/user is disclosed to a third party, or before the same is transferred, consent of such patient/user must be acquired.

4.    The Platform shall be required to have in place a grievance officer, the details of which are provided on the user agreement/privacy policy of the Platform, and such an officer shall be required to deal with the grievances of the patients/users in relation to their processing of the SPDI.

5.    The Platform shall be required to comply with ‘reasonable security procedures and practices’ under the IT Act. A Platform will be deemed compliant with such procedures and practices if it implements the data security standard afforded by the IS/ISO/IEC 27001 on “Information Technology– Security Techniques – Information Security Management System – Requirements” or similar standards, in order to protect the SPDI.

Implementing ‘POSH’ (Policy on Sexual Harassment) at Workplace – Complaints & Compliance

Posted on by Treelife
 

Introduction:

Learn how start-ups and small businesses can effectively implement the Sexual Harassment of Women at Workplace (Prevention, Prohibition, and Redressal) Act, 2013 (POSH Act). This legislation gained global attention due to the significant impact of the ‘MeToo’ movement, emphasizing the importance of protecting women against sexual harassment, particularly in the workplace. Sexual Harassment at workplace is an extension of violence in everyday life and is discriminatory and exploitative, as it affects women’s right to life and livelihood. In India, for the first time in 1997, a petition was filed in the Supreme Court to enforce the fundamental rights of working women, after the brutal gang rape of Bhanwari Devi a social worker from Rajasthan. As an outcome of the landmark judgment of the Vishaka and Others v State of Rajasthan the Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013, was enacted wherein it was made mandatory for every employer to provide a mechanism to redress grievances pertaining to workplace sexual harassment and enforce the right to gender equality of working women. The Act is also unique for its wide ambit as it is applicable to the organized sector as well as the unorganized sector.

What is POSH and why was it enacted?

The Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013, popularly known as POSH Act, is a landmark legislation in India enacted on December 9, 2013. It aims to protect women from sexual harassment at their workplace and provide a safe and respectful working environment for them.

The POSH Act defines sexual harassment as any unwelcome sexual advances, requests for sexual favours, or other verbal or physical conduct of a sexual nature that:

  • Affects the dignity of a woman employee.
  • Creates a hostile work environment for her.
  • Interferes with her work performance.
  • Leads to her intimidation or humiliation.

The Act applies to all workplaces in India, regardless of their size or nature, whether public or private. It covers not only employees but also interns, trainees, apprentices, and domestic workers.

Prior to the POSH Act, there was no specific law addressing sexual harassment at workplaces in India. This often led to underreporting of incidents and inadequate grievance redressal mechanisms. The POSH Act was enacted to address this gap and ensure effective prevention, prohibition, and redressal of sexual harassment at workplaces.

Popular Sections of POSH Act are:

  • Section 3: Defines sexual harassment and its various forms.
  • Section 4: Mandates every employer to constitute an Internal Complaints Committee (ICC) to investigate complaints of sexual harassment.
  • Section 5: Outlines the composition and functions of the ICC.
  • Section 6: Defines the procedure for filing a complaint of sexual harassment.
  • Section 7: Specifies the powers of the ICC to investigate complaints and recommend appropriate action.
  • Section 8: Provides for penalties for sexual harassment, including dismissal from service.
  • Section 9: Mandates employers to organize awareness programs on sexual harassment for all employees.

Who is responsible for implementing POSH policies in the workplace?

In the workplace, the ultimate responsibility for implementing and enforcing POSH (Prevention of Sexual Harassment) policies falls squarely on the employer’s shoulders. This legal obligation, often mandated by national and regional regulations, requires employers to take proactive steps to foster a safe and respectful work environment for all employees. This encompasses various tasks, including crafting a comprehensive POSH policy outlining prohibited behaviors, establishing a dedicated Internal Complaints Committee (ICC) to handle harassment reports, conducting regular training sessions for employees and managers on recognizing and preventing sexual harassment, and ensuring prompt and fair investigation and resolution of any reported incidents. By taking ownership of POSH implementation, employers demonstrate their commitment to creating a workplace free from harassment and discrimination, fostering a culture of mutual respect and dignity for all.

Applicability of the Act:

The Act applies to all employers, whether in public or private establishments, including institutions, organizations, and establishments with contractual obligations towards their employees.

Key Compliance Steps to be followed for POSH:

  1. Establish an Internal Policy: Formulate and widely disseminate an internal policy outlining workplace guidelines, defining sexual harassment, explaining the grievance and complaints redressal mechanism, and providing details about the Internal Committee and Local Committee. The Policy must be notified or displayed prominently at a common place and employees must be aware of it and should have ready access to it at all times.
  2. Set up an Internal Committee: Create an Internal Committee and inform employees about its existence in writing. The committee should consist of a Presiding Officer (a senior-level woman employee), at least two members with social work or legal knowledge, and one member from an NGO or someone familiar with sexual harassment issues. Ensure that at least half of the committee members are women. Tenure of each member of the Internal Committee shall be maximum 3 years.
  3. Raise Awareness: Conduct workshops and seminars at the workplace to promote general awareness of sexual harassment, its prevention, and the Act’s provisions.

Importance of Internal Complaints Committee for POSH 

If your organization has more than 10 employees, it is mandatory to establish an Internal Complaints Committee.

A. Structure

This committee consists of –

  • Chairperson/Presiding Officer: Women who hold top positions in the company’s workforce shall serve in these roles.
  • Two Members: They must be staff members and ideally dedicated to the advancement of women’s rights, possess social work expertise, or be knowledgeable about the law.
  • External Member: NGOs that oppose women’s rights, physicians, and advocates are examples of external members. They also provide external member empanelment and capitalize on tax refunds where applicable

B. Responsibilities

The Internal Complaints Committee is essential to the operation of the Act’s provisions and the accomplishment of the Internal Complaints Committee Policy’s goals. Therefore, the Internal Complaints Committee’s primary duty is:

  • Putting into practice the internal complaints committee’s anti-sexual harassment policy. addressing grievances filed by parties in accordance with the Internal Complaints Committee Policy.
  • Advising the Employer to take certain measures
  • This committee serves as an internal platform for addressing and resolving sexual harassment complaints. It provides immediate accessibility to the victim to report to the internal committee within the organization and ensures timely actions can be taken. The Internal Committee and the parties involved in each case are required to maintain absolute confidentiality about the case and proceedings.

C. Authority

The Internal Complaints Committee is essential to the operation of the Act’s provisions and the accomplishment of the Internal Complaints Committee Policy’s goals. 

  • In accordance with the Internal Complaints Committee Policy, it has the authority to open an investigation into a complaint of sexual harassment at work.
  • IC has the authority to call parties and witnesses to testify before the committee.
  • It has the authority to call witnesses for examination at its discretion if the Committee members think it essential.

According to POSH law, every organization must post the names and contact information of its current IC members on its official website and in conspicuous locations within the building.

D. Principal Duties of Internal Complaints Committee:

  • Get reports on workplace sexual harassment
  • Launch and carry out a probe in accordance with the business protocol.
  • Provide the results and suggestions of any such investigations.
  • Work together with the Employer to adopt the necessary measures.
  • Observe complete secrecy throughout the procedure in accordance with the Internal Complaints Committee Policy’s stated requirements.
  • Send in yearly reports using the format specified.
  • It is necessary for the Internal accusations Committee to remain watchful in order to address and promptly handle any accusations of sexual harassment.

Role of the Local Committee in POSH

In the absence of an Internal Complaints Committee, victims can approach the Local Committee, established by the Government for each district, to file complaints against their employers.

Compliance Requirements

Employers covered under the Act must submit an annual report at the end of each calendar year to the local District Officer, providing details of complaints received, actions taken, pending and resolved complaints, current committee members and details of awareness workshops conducted during the year.

Penalties for Non-compliance to POSH

Failure to comply with the Act may result in a fine of up to Rs. 50,000/- and potential cancellation of the business license for repeated violations.

Relief Provided by the POSH Act

Any woman who experiences sexual harassment can lodge a complaint with either the Internal Committee or the Local Committee within three months of the incident. A legal heir or authorized person of the victim can also file the complaint as prescribed by the POSH Act.

Step by Step Redressal Process for POSH Complaints

1.) Procedure for Conciliation:

In the event that the Complainant submits a written request, the Internal Complaints Committee may attempt to resolve the issue through conciliation before opening an investigation. Such conciliation cannot be predicated on a monetary settlement. If a settlement has been reached, the IC will document it and send it to the company so that it can proceed with the actions outlined in the IC’s recommendation. Additionally, copies of the settlement as recorded shall be given to the Respondent and the Complainant by the Internal Complaints Committee. In the event that conciliation is achieved, the IC won’t have to carry out any more investigation. Complainant may file a formal complaint with the IC to request that the matter be looked into if they believe the Respondent is not abiding by the conditions of the Settlement or that the Company has not taken any action.

2.) Inquiry

When conciliation fails to produce a settlement or could not be reached, the investigation process starts, and the Internal Complaints Committee is required to look into the complaint. If the aggrieved party notifies the IC that the respondent has not followed any of the provisions of the settlement, an investigation may also be opened. After receiving the complaint, the Internal Complaints Committee will send one copy to the respondent and request a response within seven working days. Within ten working days after receiving the complaint, the responder must file a response that includes the names and addresses of all witnesses as well as a list of supporting documents. It must not be permitted for either the complainant or the responder to have a lawyer represent them. Throughout the whole process of the IC proceedings, neither the respondent nor the complainant may have a lawyer represent them.

The complainant and respondent will be heard by the Internal Complaints Committee on the date(s) that have been communicated to them beforehand, and natural justice principles will be upheld. The Independent Commission (IC) may halt the investigation process or provide an ex-parte ruling if the complainant or respondent misses three consecutive personal hearings without good reason. However, the IC must give written notice to the party or parties 15 days prior to any such termination or ex-parte order. The Internal Complaints Committee has ninety days from the date of complaint receipt to conclude the investigation. Within ten days of the inquiry’s conclusion, the IC will transmit its findings and recommendations to the relevant authorities, the complainant(s), and the respondent(s).

3.) Interim Relief

In accordance with the Internal Complaints Committee Policy, in the event that the complainant submits a written request, the Internal Complaints Committee may suggest to the employer, while the investigation is still pending: To transfer the responder or the resentful party to a different place of employment. To allow the resentful party to take leave for a maximum of three months; however, this must be in addition to any leave to which she would otherwise be entitled. To provide the harmed party with any further remedy that is deemed suitable. To prevent the respondent from providing information regarding the complainant’s performance.

4.) Compensation

According to Internal Complaints Committee policy, IC’s remuneration will be decided upon by taking into account:

  • The emotional agony, grief, suffering, and mental damage inflicted upon the resentful employee;
  • The loss of a professional chance as a result of the sexual harassment occurrence;
  • The victim’s out-of-pocket costs for medical and/or psychological care;
  • The accused person’s earnings and social standing; and Whether such payment might be made in full or in installments.

Conclusion

The acronym “POSH” might bring culinary delights to mind, but in India, it stands for something far more crucial: the Prevention of Sexual Harassment (POSH) Act, 2013. This landmark legislation has brought about a seismic shift in safeguarding women’s right to a safe and dignified workplace. While challenges remain, the impact of POSH cannot be understated.

  • Sexual Harassment: The Act defines and prohibits various forms of unwelcome sexual conduct, empowering women to speak up and seek redressal.
  • Workplace: POSH applies to all organizationspublic and private, creating a safer environment across sectors.
  • Internal Complaints Committee (ICC): This mandatory body within organizations investigates complaints and recommends action, ensuring internal accountability.
  • Awareness and Training: POSH mandates sensitization programs for employers and employees, fostering a culture of respect and equality.
  • Penalties: Non-compliance with POSH provisions attracts penalties, deterring misconduct and encouraging adherence.

Progress and Challenges:

  • Increased Reporting: POSH has led to a surge in reported cases, indicating greater awareness and confidence in the system.
  • Empowered Women: The Act has provided women with a legal framework to challenge harassment and seek justice.
  • Shifting Norms: POSH has sparked important conversations about gender equality and acceptable workplace behavior.

Challenges Remain:

  • Implementation Gaps: Ensuring effective implementation across organizations, especially smaller ones, requires ongoing efforts.
  • Victim Blaming: Societal attitudes and victim-blaming tendencies can still deter reporting.
  • Timely Redressal: Ensuring swift and fair investigations and outcomes remains crucial.

Looking Ahead:

POSH has been a game-changer in creating safer workplaces for women in India. Continued awareness campaigns, robust implementation, and addressing cultural nuances are key to fully realizing its potential. As this journey progresses, POSH holds the promise of a future where workplaces are truly respectful and equitable for all.

FAQs about POSH Policy

Q. What is POSH? 

POSH stands for Prevention of Sexual Harassment. It’s a law in India mandating organizations to create a safe work environment free from sexual harassment. 

Q. Who is covered under POSH? 

Any woman working or visiting a workplace, including permanent, temporary, interns, trainees, and visitors can file a complaint under POSH.

Q. What constitutes sexual harassment? 

POSH broadly defines it as unwelcome sexual advances, requests for sexual favors, verbal or physical conduct of a sexual nature, creating a hostile work environment, and retaliation for reporting harassment.

Q. Is POSH applicable to my organization? 

YES. The POSH Act applies to all organizations in India, regardless of size or industry, with 10 or more employees.

Q. What are my organization’s responsibilities under POSH?

You must form an Internal Complaints Committee (ICC) to investigate complaints, provide training on POSH awareness, and maintain records.

Q. How do I form an ICC? 

The ICC requires at least one external member, preferably a woman, and internal members from different departments. Training and orientation are crucial.

Q. What is the complaint process?

 An aggrieved woman can file a written or verbal complaint with the ICC, who then conduct an inquiry and recommend appropriate action.

Q. What are my options if I experience sexual harassment? 

You can file a complaint with the ICC or directly approach the Local Complaints Committee (LC) set up by the government. Legal action is also an option.

Q. What are some resources available for understanding and implementing POSH?

The Ministry of Women & Child Development website offers extensive information, including FAQs, guidelines, and training modules. Several NGOs and legal resources also provide support.

Q. Where can I get further help? 

If you have specific questions or require assistance, consider contacting a lawyer specializing in women’s rights or reach Treelife. Additionally you may gain more insights on POSH policy via this Official Handbook from Govt. of India

https://wcd.nic.in/sites/default/files/Handbook%20on%20Sexual%20Harassment%20of%20Women%20at%20Workplace.pdf 

STAY SAFE, KNOW YOUR RIGHTS!

© 2025 Treelife Ventures Services Private Limited. All Rights Reserved.

For Customer Support

+91 99301 56000

[email protected]

Mumbai | Delhi |
Bangalore | GIFT City

Speak to Us!

We respond within 60 minutes.

    Your information is confidential and secure



    Or

    Book a CONSULTATION