Healthcare · Diagnostic labs
Every registration counter is a DPDPA touchpoint
Your lab collects patient Aadhaar, health records, and contact data at every registration counter. DPDPA requires documented consent for every purpose. Get your digital presence DPDPA-compliant in 7 days — free. One 30-minute setup call to get started.
- Registration & report delivery
- PRACZIN · Mediko · LIS
- Verifiable badge for hospital partners
Touchpoint map
Where DPDPA hits your lab today
A plain-language map for lab owners and managers — not legal advice; your counsel sets lawful grounds.
| Touchpoint | Typical data | Consent / notice themes |
|---|---|---|
| Registration counter | Name, phone, Aadhaar, address, referring doctor, insurance. | Facility notice; purpose for test processing; marketing separated from care. |
| Sample collection | Specimen ID, clinical notes, phlebotomist notes. | Test-specific purpose; retention period; partner lab sharing if applicable. |
| Report delivery | Results, PDF reports, SMS/WhatsApp links, email. | Channel consent; health data sensitivity; patient copy rights. |
| Home collection | Address, contact, health context, payment. | Location data minimisation; agent scope; same notice as in-lab. |
| Hospital / corporate tie-ups | Bulk orders, employee panels, TPA pre-auth. | Processor agreements; minimum necessary to payers; DPA with hospital. |
| Website & WhatsApp | Online booking, report download, appointment reminders. | Digital consent at collection; Guardrails for PII in chat flows. |
Integrations
Works with PRACZIN, Mediko, and other HMS/LIS systems
Privigo is a shared consent layer — not a replacement for your lab information system. It sits outside the HMS so no single vendor owns your DPDP evidence.
- PRACZIN, Mediko, and common Indian LIS/HMS stacks — APIs and webhooks feed consent events; optional browser assist on legacy web UIs.
- Reference and partner labs — purpose and notice context travel with orders that cross your network boundary.
- Patient portal — one timeline for history, purposes, and withdrawal — aligned with what your compliance team exports.
Emergency & trauma
When care comes first
In emergency sample collection or trauma contexts, lawful grounds can differ from a calm registration desk. Treat first; document what was processed under urgency and reconcile notices when the patient can engage.
- Separate essential care from optional uses (marketing, research extras).
- Show when detailed privacy information was provided after stabilisation.
- Keep the portal consistent with the LIS trail — one story for the patient and auditor.
Not legal advice. Emergency processing depends on your facts, policies, and the DPDP Act.
Upstream pressure
Why hospitals will require your badge
As hospitals become DPDPA Compliant, they require Data Processing Agreements from every external lab and diagnostic partner. The Privigo verification badge is the proof they will ask for during empanelment and contract renewal.
Cost comparison
Penalty exposure vs getting DPDPA Ready
If you do nothing
- Maximum penalty under DPDPA: ₹250 crore
- Enforcement deadline: 14 May 2027
- Data Protection Board of India is already active
- Hospital tie-ups at risk without processor evidence
With Privigo DPDPA Ready
- Start free on digital presence — one setup call, live in 48 hours
- DPDPA Ready badge in ~7 working days
- Cohort-specific pricing discussed on a consultant call — not on the website
- Guardrails add-on for WhatsApp report delivery and chatbot flows