A Regulatory Gap: How India’s Draft Rules Fail E-Pharmacies
A Regulatory Gap: How India’s Draft Rules Fail E-Pharmacies

A Regulatory Gap: How India’s Draft Rules Fail E-Pharmacies

This article has been written by Saloni Kaushik, 5th year student at Maharashtra National Law University, Nagpur and Arnav Kaushik, 2nd year student at Dr Ram Manohar Lohiya National Law University, Lucknow

Introduction

By virtue of the proposed Part VIB of the  Drugs and Cosmetics (Amendment) Rules, 2018 (“Draft Rules”), the Central Government made an elemental attempt to regulate e-pharmacies in India. In 2018, the Madras High Court and the Delhi High Court had instructed the Central Government respectively to notify the Draft Rules. Meanwhile, in the absence of notification of the aforesaid Rules, the Courts had ordered the online traders to cease the online sale of drugs. Nearly six years later in 2024, the Government’s failure to notify the Draft Rules is shocking and deeply concerning. Presently, the sale of drugs is a licensed activity, that is governed and regulated by the Drugs and Cosmetics Act, 1940, the Drugs Rules, 1945, and the Pharmacy Act, 1948. However, neither the aforementioned legislation specifically governs the online sale of drugs nor prohibits it.

Shortcomings in The Draft Rules, 2018

The online sale of drugs falls within the scope of ‘e-commerce’, which can operate in two distinct models, namely, the inventory-based model, and marketplace-based model . An inventory-based model is where the e-commerce entity owns the inventory of goods and services, and conversely, a marketplace-based model is where an e-commerce entity provides only an information technology platform to the seller, thereby acts as an intermediary.

The Draft Rules define e-pharmacy as, “business of distribution or sale, stock, exhibit or offer for sale of drugs through web portal or any other electronic mode”. Only a holder of e-pharmacy registration can undertake the business of e-pharmacy through the e-pharmacy’s portal. Furthermore, the order for retail sale can be received only by an e-pharmacy registration holder. However, this raises a prudent question: Is it necessary for the e-pharmacy registration holder to act as the same e-commerce entity that both maintains its own inventory and operates the e-pharmacy portal? If the Rules were to apply to the marketplace-based model, would both the e-pharmacy portal operator and the inventory owner need to be registered with the Central Licensing Authority? This is an essential question because, within the definition of e-pharmacy, various entities may operate at different levels in the same transaction.

Amid the absence of guidance on this subject, the entities which provide technology platforms to brick-and-mortar pharmacies have claimed to operate the platforms as “intermediaries” as per the Information Technology Act, 2000 (“IT Act”). However, mere compliance with the IT Act is insufficient for regulation of e-pharmacies. Health sector-specific rules are needed to ensure accountability of e-pharmacies and registered pharmacists, verification of prescriptions, mandatory consultations, and confidentiality of a patient’s data. The Draft Rules attempted to devise rules specific to the health-sector.  The Draft Rules create a mandate for the e-pharmacy to specify particulars, such as the issued registration, the name of the e-pharmacy owner, and details of the registered pharmacist on the web portal.[i] This responsibility placed upon the e-pharmacies, which aims to protect the patients against fake or illegal pharmacies, is clearly absent for intermediaries in the IT Act.

However, in addition to the ambiguity surrounding the registration as discussed earlier in the blog, the health-sector specific rules in the Draft Rules per se are not adequate. The Draft Rules put forth that the registered pharmacist, appointed by the e-pharmacy, shall verify the details of the patient, registered medical practitioner, etc., and then dispense drugs as per prescription.[ii]  But, this provision fails to provide for the mandate of ‘patient counselling’ as per Pharmacy Practice Regulations, 2015 (“Regulations”), which is the act of initiating discussions with the patient before dispensing the drug.

Furthermore, the Rules lay down provisions for monitoring of e-pharmacies by the Licensing Authorities ‘periodically’ on the basis of information, maintained by the e-pharmacy registration holder regarding the types of drugs offered for sale, details of registered pharmacists etc.[iii] However, periodic monitoring alone is not sufficient to ensure the patient’s safety; monitoring should be undertaken on a regular basis. Additionally, the Rules do not provide for identity checks and verification regimes such as Photo ID or AADHAR Card Verification.

E-Pharmacy regulations within foreign jurisdictions

United States Of America

In the United States (“U.S.”), online pharmacies are subject to regulation by the Food and Drug Administration (“FDA”) through the Federal Food, Drug, and Cosmetic Act, 2007, and the Drug Enforcement Agency (“DEA”) through the Controlled Substances Act, 1971. The primary legislation for the regulation of e-pharmacies is the Ryan Haight Online Pharmacy Consumer Protection Act, 2008 (“Ryan Act”).

The Ryan Act established a mandate for the e-pharmacies to obtain federal registration in order to operate and sell drugs. This put the DEA in a better position to prevent any illegitimate sale by simply shutting down the website of any unregistered pharmacy rather than investigating every website on the internet.  As a measure to ensure the validity of the prescription, the Ryan Act provides for the issuance of prescription only by “a practitioner who has conducted at least 1 in-person medical evaluation of the patient.” It lays down additional requirements for online pharmacies such as display of a certificate of registration on the website along with the contact details of the pharmacy owners. The Ryan Act declares the unauthorized dispensing of controlled substances through the internet as unlawful and provides for stringent penalties in the form of imprisonment and fines.

In addition to DEA, The National Association of Boards of Pharmacy (“NABP”), a non-profit organization, supports the State Boards of pharmacy.  NABP has developed a program known as Verified Internet Pharmacy Practice Sites (“VIPPS”) to ensure safety standards on the Internet through its accreditation of online pharmacies. A VIPPS approved e-pharmacy implies that the pharmacy is legitimate and appropriately licensed through the display of VIPPS Seal on its website.

The United Kingdom

In the United Kingdom (“U.K.”), the Medicines and Healthcare products Regulatory Agency (“MHRA”) primarily regulates medicines and medical devices. The agency works in collaboration with the General Pharmaceutical Council (“GPhC”), an independent regulator for pharmacies in the U.K., which was established by the Pharmacy Order, 2010. The GPhC provides Guidance for registered pharmacies selling medicines via the Internet, and further lays down standards for pharmacy professionals to ensure a safe and effective practice of online pharmacy, failing which would invite enforcement action by the GPhC. E-pharmacies are required to enforce governance arrangements in the form of ‘risk assessment’. Risk assessment entails a thorough evaluation of potential harms that may be caused by or through each individual component of the pharmacy service. The risk assessment should also include an assessment of the staff’s and  third parties’ knowledge and preparedness with regard to the risks associated with the drug sale. The GPhC Guidance also provides for the maintenance of ‘risk register’ and records of actions taken to keep the risk as low as practically possible. As per the Guidance, the pharmacies ought to have mechanisms for verification and identity checks which can range from an external credit reference database that provides information about the customer to a simple identity checking-service such as photo ID verification. Furthermore, the delivery of the drug must be tracked and monitored to make sure that the package reaches the right person.

The striking feature about the U.K. regulation mechanism is the participation of multiple regulatory bodies at different levels of the pharmacy service. For instance, GPhC lays down that the website used for the sale of medicines should be secure and any services provided or businesses hosted on the website must be registered with the appropriate regulator such as the Care Quality Commission (“CQC”), Healthcare Improvement Scotland (“HIS”) etc., fulfilling the national regulatory requirements.

Way Forward

The benefits of easy access to drugs do not outweigh the potential risks posed by the illegitimate use of a drug in the absence of an adequate regulatory framework. The Draft Rules should define various models of e-commerce, further address its distinction in applicability, depending upon the nature of e-commerce model. The recommendation of the Drug Consultative Committee in relation to a ‘national portal’, operated by Central Drugs Standard Control Organisation (“CDSCO”), should be incorporated in the Draft Rules, wherein a list of CDSCO approved e-pharmacies should be displayed. A unique seal/logo, developed by CDSCO, must be displayed by the approved e-pharmacies’ web portals for patients’ convenience in verification of authenticity, similar to the accreditation system of the U.S. and the U.K.

In relation to the procedure for grant of registration, it should not only be application-based, but also include on-site inspections conducted by CDSCO personnels. The Draft Rules should make it mandatory for the e-pharmacies to develop identification checks on the web portal such as the uploading of patient’s AADHAAR Card on the web portal as a condition of registration. Based on the U.S. model, patient counselling by the registered pharmacist should be made mandatory by the way of video conferencing or in-person consultation. Finally, the CDSCO should collaborate with other national regulatory agencies such as the Drug Technical Advisory Board (“DTAB”), further, establish separate regulatory agencies for each component of the e-pharmacy service as has been the case in the U.K. regime. Most importantly, the Draft E-Pharmacy Rules, 2018 must provide for a mechanism, that is presently absent, for curbing down the already existing illegitimate pharmacies by imposing fines and imprisonment. Primarily, notification of the Draft Rules, 2018 is the current imperative, but it must include the aforementioned detailed provisions, as evidently the present ones are insufficient.


[i] Rule 67M, Draft Rules, 2018.

[ii] Rule 67P, Draft Rules, 2018.

[iii] Rule 67V, Draft Rules, 2018.

Leave a Reply

Your email address will not be published. Required fields are marked *