top of page

Secondary Use Of Medical Data For Research And AI: Regulatory Conflicts And Harmonization Across GDPR, HIPAA, And DPDP Act




Sanskriti Jakhmola, Law Student, Law College Dehradun, Uttaranchal University, Dehradun

Asst. Prof. Nikunj Yadav, Asst. Prof., Law College Dehradun, Uttaranchal University, Dehradun


ABSTRACT


Secondary use of medical data, i.e., the use of health information for purposes other than direct patient care, has become the mainstay of biomedical research, artificial intelligence (AI), and public health analytics. This rapid deployment of health data, however, raises intricate regulatory challenges, especially when differing legal regimes are involved.


By comparing the European Union's General Data Protection Regulation (GDPR), the United States' Health Insurance Portability and Accountability Act (HIPAA), and India's Digital Personal Data Protection (DPDP) Act, this article examines how each framework controls the use of secondary data for research and AI development. The study identifies significant divergence areas, among others, requirements for consent, research bases allowed, standards for anonymization and de, identification, as well as limitations on data transfers across borders.


While GDPR implements a rights, based model with tight safeguards and strictly defined research exceptions, HIPAA offers a greater degree of operational flexibility through its Safe Harbor and limited data set provisions. The DPDP Act, on the other hand, is a consent, focused but still development regime, which, therefore, lacks clarity about research exemptions and government access. The article claims that the splitting of regulations acts as a barrier to the collaboration of health data worldwide, makes the training of AI models more difficult, and puts the risk of re, identification at a higher level. It ends with a proposal of harmonization strategies, such as interoperable anonymization standards, dynamic consent mechanisms, stronger accountability norms, and international cooperation frameworks to facilitate innovation while ensuring patient privacy.



Indian Journal of Law and Legal Research

Abbreviation: IJLLR

ISSN: 2582-8878

Website: www.ijllr.com

Accessibility: Open Access

License: Creative Commons 4.0

Submit Manuscript: Click here

Licensing: 

 

All research articles published in The Indian Journal of Law and Legal Research are fully open access. i.e. immediately freely available to read, download and share. Articles are published under the terms of a Creative Commons license which permits use, distribution and reproduction in any medium, provided the original work is properly cited.

 

Disclaimer:

The opinions expressed in this publication are those of the authors. They do not purport to reflect the opinions or views of the IJLLR or its members. The designations employed in this publication and the presentation of material therein do not imply the expression of any opinion whatsoever on the part of the IJLLR.

bottom of page