The COVID-19 pandemic, coupled with legitimisation of telemedicine in March 2020, has propelled the popularity of telemedicine manifold, with telemedicine platforms at the forefront. A question that arises is what the liability of these platforms is for any mishaps or complaints that patients may have about the consultations that they have with doctors through these platforms. The general perception is that, as technology providers, the platforms are intermediaries and are exempt from liability for consultations that take place on the platform. However, it is not quite that straightforward.

Liability exposure

The principles of vicarious liability and intermediary liability, though derived from different laws, are closely linked and are both paramount factors for telemedicine platforms to take into consideration while structuring their business and governance policies. Both concepts define the liability of an entity – in this case the telemedicine platform – for the actions of another person. Vicarious liability arises when the platform had the right, ability or duty to control the activities of the violator i.e., the doctor. Intermediary liability, on the other hand, arises because the platform facilitates the violator’s actions, and would cover violations by both the doctors and patients who use the platform. The former is largely dealt with by the Consumer Protection Act, 2019, while intermediary liability is derived from the Information Technology Act, 2000.

Vicarious liability

A common misconception is that platforms cannot be held vicariously liable since they do not employ the doctors that consult on the platform and there is no master-servant relationship between them; in fact, several platforms are structured as marketplaces, where anyone (subject to their credentials) can list themselves on the platform and offer their services. Further, telemedicine platforms typically make it clear that they are merely facilitating the interactions, not rendering medical advice themselves, so there is no doctor-patient relationship between the platform and patient, and the platform cannot be held liable for any deficiencies in service or negligence by the doctor.

However, these arguments would likely not pass the muster. A parallel may be drawn to hospitals, which typically raise the same defences in cases of medical negligence.

In the case of Smt. Savita Garg vs. The Director, National Heart Institute, the Supreme Court observed that when a patient goes to a private hospital/clinic, he goes by the reputation of the hospital and with the hope that proper care will be taken by the hospital authorities. Since these hospitals charge a fee for the services rendered by them, they are duty bound to bestow the best care, and if the hospital fails to discharge their duties through their doctors being employed on job basis or employed on contract basis, it is the hospital which has to justify.

In Smt. Rekha Gupta v. Bombay Hospital Trust & Anr., the National Consumer Disputes Redressal Commission held that a hospital cannot escape liability by taking the defence that it only provided infrastructural facilities and support staff, and did not perform or recommend any treatment itself. The NCDRC pointed out that the bills for doctor’s consultations are raised by the hospital and they charge a commission before remitting the fee to the consultant.

In Dr. Krishna Mohan Bhattacharjee vs. Bombay Hospital Medical Research Centre, the National Consumer Disputes Redressal Commission further stated that the terms under which a hospital employs the doctors is immaterial insofar as the hospital’s liability towards a patient is concerned, and that the defence that there is no master-servant relationship between the hospital and doctor cannot be taken in cases of established negligence, and held that patients go and get themselves admitted in the hospital relying on the hospital to provide them the medical service for which they pay the necessary fee.

The same rationale that courts apply to hold hospitals vicariously liable would logically apply to telemedicine platforms as well, and it is thus unlikely that they would be eligible for a blanket exemption from liability for negligence or deficiencies in services offered through the platform by claiming that they are merely technology providers that do not play a role in the actual rendering of medical services.

That being said, there are safeguards that can be put in place to minimise the risk of prosecution. Courts have recognised that a hospital – and therefore, by extension, a telemedicine platform – can mitigate their liability by showing that they had undertaken due diligence and adopted appropriate measures to prevent negligence or deficiencies in service. For a telemedicine platform, this would mean verifying the credentials of all doctors or healthcare professionals listed on the platform, ensuring that the doctors are: sufficiently well-versed with the practicalities, legalities and limitations of telemedicine; are aware of the functionalities of the platform; are following proper documentation processes, are compliant with the platform’s policies, etc.

The platform would also have to follow measures to mitigate their direct liability for medical negligence, such as ensuring that only qualified professionals are listed, the data protection systems are secure and compliant with the law, the technology supports smooth consultations.

It is also important to keep in mind the quality of care to be expected (and hence the liability for falling short of the expectations) of a medical establishment is directly proportional to its reputation. Thus, for a platform that makes claims of (facilitating) quality consultations, it is especially important to have stringent quality control measures in place, especially as they grow.

Dilemma of quality management vs. “control”: A threat to intermediary status

Implementing quality control measures to mitigate risk is essential for telemedicine platforms to mitigate risk of being held vicariously liable for negligence and deficiencies in service on the platform. However, it also poses a challenge to telemedicine platforms – it could potentially weaken their position as an intermediary that can avail of safe harbour protections under the Information Technology Act.

It is important to understand that telemedicine platforms are a kind of e-commerce entity. An e-commerce entity may either be set up as an inventory or a marketplace entity. An inventory e-commerce entity “owns” i.e. exercises control over the service provider doctors, whereas a marketplace entity merely provides the technological infrastructure to facilitate consultations. In case of the latter, the entity could be considered an internet intermediary that can avail of safe harbour protections, which is why most telemedicine platforms are structured as “aggregators”.

Essentially, the law recognises that an intermediary does not control what third-parties do on the platform and they cannot reasonably be expected to monitor every single transaction. Thus, provided that the intermediary complies with certain requirements, they are exempted from liability for wrongdoings done by third-parties on the platform without their knowledge.

In order to be eligible for the protection, the intermediary must follow the due diligence requirements stipulated in the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, which include publishing and complying with a privacy policy and terms of service which specifies the types of content and activities that is prohibited on the website and/or mobile application, taking action against violators upon receiving knowledge of wrongdoings, cooperating with governmental authorities, etc, as well as certain compliances under the Consumer Protection (E-Commerce) Rules, 2020 such as executing an undertaking with service providers to ensure that the descriptions and other contents pertaining to the services offered through the platform is accurate.

Thus, the law envisages a fairly “hands-off” and reactive approach to managing third-parties on the platform, and adopting more prescriptive policies and quality control measures could be viewed as the platform exercising control over the service providers, which would threaten their position as an intermediary.

Add-on services: changing dimension of intermediary status.

Most telemedicine platforms nowadays also offer value added services such as algorithmic matching of doctors/healthcare providers and patients, facilitating payments, electronic health record management, etc.

As per Section 79 of the Information Technology Act, the exemption from liability would also apply only if the intermediary is merely a passive conduit of the information, and is not involved in the initiation of the transmission, selecting the receiver of the transmission, and does not modify the information. Questions have been raised as to whether the value-added services dilute their role as a passive conduit, and result in the platform playing an active role in the transaction, which would mean that they cannot avail of the protection.

In the case of Amazon Sellers Services Private Limited vs. Modicare Limited & Ors. the Delhi High Court recognised that the FDI Press Note 2 of 2018 allows marketplace e-commerce entities to offer value added services to businesses, and held that Section 79 does not appear to differentiate between active and passive intermediaries. When an intermediary provides services in addition to access, it must comply with the requirements of Section 79 i.e. must remain a passive conduit in relation to the information. So long as that is complied with, the intermediary may avail of the protection.

It is important to note that the Intermediary Guidelines recognises not only human editorial control, but also automatic and algorithmic control. This means that a platform would not be able to take the defence that any service which dilutes their position as a passive conduit is entirely algorithmic and hence does not amount to active involvement.

Key Takeaway

If a telemedicine platform was to lose its status as an intermediary and the protections conferred by the law, they would be required to proactively monitor everything that takes place on the platform, since they would be liable for any non-compliances or wrongdoings. For platforms dealing with large volumes of consultations, this would be logistically challenging, if not impossible. The cost of operations and litigations that would arise would make it an untenable business.

Thus, it is essential that telemedicine platforms closely evaluate their structure, policies, features and service offerings to strike a balance between ensuring that high quality services are offered through the platform, while still minimising their liability.