The 9 Indian regulatory modules MedOS handles natively (so your team doesn't have to)

Indian healthcare compliance is a lot. We have a national digital health mission (ABDM), a personal data protection law (DPDP Act 2023), accreditation frameworks (NABH, NABL), drug schedules (Schedule H1, Schedule X), seven different regulator-specific record requirements (HIV, mental health, prenatal, narcotic, notifiable diseases, court evidence, consumer grievance), and state-level rules on top.

If you're a clinic admin trying to keep up with all of this manually — across paper registers, Word documents, and spreadsheets — you will eventually slip on something. And the consequences range from reputation damage to license suspension.

MedOS handles 9 Indian healthcare regulations natively. Not as a "compliance module" you have to remember to check. Built into the workflows your team already uses every day. Here's what each one does.

1. DPDP Act 2023 — Digital Personal Data Protection

The DPDP Act 2023 applies to anyone processing personal data in India, including healthcare providers. MedOS handles:

• **Purpose-limited consent** — 5 distinct consent types (treatment, billing, research, marketing, ABDM linking) with separate opt-in. Patients can revoke any of them independently.
• **Children's consent** — guardian consent is required if patient age < 18 (enforced at registration; the form refuses to save without it).
• **Nominated representative** — every patient can name a representative authorised to access their records on their behalf (e.g., elderly parent's adult child).
• **Data retention lifecycle** — when a patient invokes the right to erasure, the record is flagged for deletion and auto-archived per the retention policy.
• **Field-level encryption** — every PHI field encrypted with AES-256-GCM at the application layer (see our previous post on encryption).
• **Breach notification** — 72-hour breach notification cron monitor with auto-generated reports to send to the Data Protection Board.

2. HIV/AIDS Act 2017

The HIV and AIDS (Prevention and Control) Act 2017 mandates strict confidentiality of HIV status. The penalty for unauthorised disclosure is up to ₹1 lakh. MedOS handles:

• **Auto-flagging** — when a doctor records an ICD-10 code in the B20-B24 range (HIV-related diseases), MedOS automatically marks the consultation as `sensitivity_level = HIV_CONFIDENTIAL`.
• **Per-user consent** — only doctors who have explicit HIV-data consent on their account can view HIV-flagged records. The default is no access.
• **Filtered from exports** — patient data exports automatically strip HIV-flagged records unless the requestor has the consent.
• **Filtered from AI** — the Gen AI Addon hard-blocks any patient with HIV-flagged records from AI processing.
• **Separate audit trail** — every access to a HIV-flagged record is logged in a separate table for legal review if subpoenaed.

3. Mental Healthcare Act 2017

The Mental Healthcare Act 2017 protects patients receiving psychiatric care. MedOS handles:

• **Advance directives** — patients can record their treatment preferences in case of future incapacity. These are accessible to emergency physicians during involuntary admission decisions.
• **MH record segregation** — consultations flagged `sensitivity_level = MH_CONFIDENTIAL` are accessible only to the treating doctor and clinic ADMIN. No one else, not even other doctors at the same clinic.
• **MHRB reporting** — involuntary admission workflow with mandatory MHRB (Mental Health Review Board) order number and date fields. The system refuses to admit involuntarily without these.
• **Filtered from AI** — the Gen AI Addon hard-blocks MH records from any AI processing.
• **Nominated representative** — Mental Healthcare Act-specific representative can be named separately from the DPDP Act representative.

4. PCPNDT Act 1994

The Pre-Conception and Pre-Natal Diagnostic Techniques Act 1994 prohibits prenatal sex determination — a critical law given India's historical sex ratio imbalance. The penalty for non-compliance is severe, including imprisonment. MedOS handles:

• **HARD BLOCK on fetal sex** — radiology orders and reports cannot contain fetal sex information. Any attempt to enter "male", "female", or related terms in a fetal scan report is rejected with a clear error message.
• **Form F digital template** — the mandatory PCPNDT Form F is generated digitally for every applicable scan, with all required fields enforced.
• **Monthly reporting** — auto-generated monthly Form F summary export in the format expected by district health authorities.
• **Filtered from AI** — Gen AI Addon hard-blocks PCPNDT records.

5. Drugs & Cosmetics Act 1940

The Drugs and Cosmetics Act + Rules 1945 govern drug dispensing in India. MedOS handles:

• **Schedule H1 register** — auto-created entry for every Schedule H1 drug dispensed (most antibiotics, anti-TB, anti-HIV drugs). The register includes patient details, prescriber, drug, batch, and quantity — exactly what an inspector would ask for.
• **Schedule X register** — auto-created entry for every Schedule X drug dispensed (psychotropic, narcotic). Same level of detail.
• **Expired medicine BLOCK** — the pharmacy refuses to dispense any batch past its expiry date. There's no override.
• **Prescription validity enforcement** — prescriptions older than 30 days are flagged with a warning. The pharmacist can still dispense (with a reason), but it's logged.
• **Drug recall management** — bulk recall workflow lets you mark a batch as recalled, get the list of patients who received it, and notify them via WhatsApp/SMS in one click.

6. NMC Regulations 2023

The National Medical Commission (Registered Medical Practitioner Conduct) Regulations 2023 set conduct standards for doctors. MedOS handles:

• **Generic drug name mandatory** — every prescription line must include the generic (INN) name. Brand names are optional and shown in brackets after the generic. The form refuses to save without a generic name.
• **Doctor registration number** — every prescription PDF includes the prescribing doctor's NMC registration number, validated against the State Medical Council on doctor onboarding.
• **State Medical Council reference** — the doctor's State Medical Council and registration date are included on every prescription.
• **Continuous Professional Development** tracking — optional CPD credit log per doctor.

7. Notifiable Disease Reporting (IHIP)

India's Integrated Health Information Platform (IHIP) requires reporting of 20 notifiable diseases to state health departments. MedOS handles:

• **20 ICD-10 patterns seeded** — Cholera, Plague, Yellow Fever, Polio, COVID-19, Dengue, Chikungunya, Japanese Encephalitis, Measles, Diphtheria, Whooping Cough, Typhoid, Acute Encephalitis Syndrome, and others.
• **Auto-detection on consultation save** — if a doctor records a matching ICD-10 code, a surveillance report is auto-created and queued for IHIP submission.
• **IHIP-compatible export** — monthly export in the exact format expected by the state health department's IHIP portal.
• **Notification to clinic ADMIN** — instant alert when a notifiable disease is detected, so the admin can verify the case and submit the report.

8. BSA 2023 §63(4) — Legal Evidence Certificates

The Bharatiya Sakshya Adhiniyam 2023 (Indian Evidence Act successor) §63(4) requires electronic records to be tamper-evident for use as legal evidence. This matters when records are subpoenaed in court. MedOS handles:

• **SHA-256 evidence certificates** — every electronic medical record can generate a tamper-evident certificate with a SHA-256 hash of the record content.
• **Certificate metadata** — clinic ID, record ID, generator user ID, timestamp, hash algorithm, hash value, all signed.
• **Hash chain** — sequential records can be hash-chained for additional tamper resistance (each certificate references the previous one's hash).
• **Court-ready PDF** — the certificate is generated as a PDF in the format expected by Indian courts, with the hospital's digital signature.

9. Consumer Protection Act 2019

The Consumer Protection Act 2019 mandates a grievance redressal mechanism for healthcare consumers. MedOS handles:

• **Patient grievance submission** — patients can submit grievances directly from the patient portal. Unauthenticated patients can also submit via a public form.
• **Auto-assignment** — grievances are auto-assigned to the clinic's nominated grievance officer (configured in Settings → Security & Compliance).
• **30-day deadline tracking** — every grievance has a 30-day deadline for first response (statutory requirement). The system tracks days remaining.
• **Status workflow** — Open → Acknowledged → Under Investigation → Resolved → Closed. Each state change is logged.
• **Audit trail** — every status change is logged with user, timestamp, and notes.
• **Escalation** — grievances past the 30-day deadline are auto-escalated to the next level with email alerts to clinic ADMIN.

How to know if you're covered

Open MedOS as an ADMIN, go to Settings → Security & Compliance → Compliance Report and generate a PDF. The report covers all 9 modules above plus ABDM, DISHA, NABH, and NABL. Every line item shows the implementation status, the database tables involved, and the audit trail for the last 30 days.

You can hand this PDF directly to an inspector, an auditor, or a legal review. It's not a marketing document — it's a generated artifact from your live system.

What this doesn't replace

Compliance is part technology, part operations. MedOS gives your team the structure, the enforcement, and the audit trail. But your team still has to: - Train staff on the actual procedures - Investigate flagged events (e.g., when a notifiable disease is auto-detected) - Submit forms to authorities on the correct deadlines - Maintain physical SOPs and policy documents

What we eliminate is the "I forgot to log Schedule H1" problem, the "we never had time to set up a grievance officer" problem, and the "our records aren't in the format the inspector wants" problem.

If you're running a clinic in India and any of these regulations are on your worry list, sign up for a free 14-day trial at app.med-os.in/onboarding and turn on the regulatory modules in Settings.