Telemedicine Practice Guidelines 2020 & DPDP Act, 2023

1. Telemedicine Practice Guidelines 2020 (TPG 2020)

Notified by the Ministry of Health & Family Welfare on 25 March 2020 under the Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2002, now enforced by the National Medical Commission (NMC).

• Registered Medical Practitioners only. Every provider listed on CalDoc holds a valid NMC or State Medical Council registration. Registration numbers and council names are displayed on every booking page and appointment record.
• Patient identification. Patients provide their name and mobile number during booking; identity is further verified through WhatsApp OTP login to access the patient portal.
• Explicit informed consent. A mandatory consent checkbox is presented before every booking. Consent type, mode, text, and timestamp are stored server-side per the guidelines.
• Consultation modes. Video and audio-only calls are supported. Text-only communication is not used as the sole mode for first-time consultations involving clinical assessment.
• Prescription compliance. RMPs may prescribe OTC and Schedule H medicines via telemedicine. Schedule X (narcotic/psychotropic) drugs cannot be prescribed via telemedicine under any circumstances — the platform technically restricts this category.
• Medical records. All consultation notes, prescriptions, and consent records are retained for a minimum of 3 years from the date of the consultation, as required under NMC regulations. Records are encrypted at rest and access-logged.
• Emergency referral. The platform prominently displays the national emergency number (112) and advises users to seek in-person care for emergencies. Telemedicine is not offered for life-threatening conditions.

2. Digital Personal Data Protection Act, 2023 (DPDP)

• Consent-first processing. Health data is collected only after explicit, informed, and freely given consent at the point of booking. Consent can be withdrawn by contacting privacy@telemed.in.
• Purpose limitation. Personal and health data is used exclusively to deliver telemedicine care, fulfil prescriptions/lab orders, and meet statutory reporting obligations. It is never sold or used for advertising.
• Data Principal rights. You have the right to: access the data we hold, correct inaccuracies, request portability, and request erasure (subject to medical record retention obligations). Exercise these rights at privacy@telemed.in.
• Breach notification. In the event of a personal data breach, affected users and CERT-In will be notified within 72 hours of us becoming aware of the incident, as required by the Act.
• Cross-border transfers. Data is stored on servers located in India (AWS ap-south-1). No personal health data is transferred outside India without explicit consent.

3. Prescription & Drug Schedule Compliance

CalDoc follows the Drugs and Cosmetics Act, 1940, and the TPG 2020 prescription rules:

Rx delivery orders for Schedule H medicines require a valid prescription upload. Schedule X medicines cannot be dispensed through the CalDoc Rx delivery service.

4. Infrastructure & Security Controls

• Encryption at rest & in transit. All data is encrypted using AES-256 (database) and TLS 1.3 (network).
• Access control. Role-based access (patient, provider, pharmacy, lab, admin) with audit logs on all privileged operations.
• Video infrastructure. Secure video rooms via Daily.co with waiting rooms; rooms are terminated after the consultation.
• Payments. Processed via Razorpay, a PCI-DSS Level 1 certified payment gateway. CalDoc does not store card details.
• File storage. Prescriptions and lab reports are stored in AWS S3 (India region) with short-lived signed URLs; direct links expire within 15 minutes.

5. Grievance Redressal

In accordance with the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and the DPDP Act, 2023, CalDoc India has designated a Grievance Officer:

If you believe a registered medical practitioner has violated the TPG 2020 or professional ethics, you may also file a complaint directly with the National Medical Commission (NMC).