Can a College Verify Your Medical Certificate? A Legal Perspective on Patient Privacy in India

by

Advocate Rohit
in
Can a College Verify Your Medical Certificate? A Legal Perspective on Patient Privacy in India

If you are stuck in such a situation, here is what to do.

Mr. Rohan, a final-year engineering student at the Apex Institute of Technology in the city of Vidyanagar, fell ill with a severe viral infection just before his semester examinations. On the advice of his doctor at the CityCare Multispeciality Hospital, he took a week off to recover and subsequently missed two important papers. He submitted a valid medical certificate, issued by his treating physician, to the college administration, requesting to be allowed to sit for re-examinations. A few days later, Rohan was called into the Dean’s office and was informed that his certificate was under scrutiny. The college examination controller had directly called the hospital’s general inquiry number and asked about Rohan’s admission and illness. This raises a critical legal question: Was the college within its rights to verify the certificate in this manner, and was the hospital legally permitted to disclose patient information?

This situation places the college’s need to ensure academic integrity against a student’s fundamental right to privacy. While educational institutions can and should verify documents to prevent fraud, the method of verification must be legally sound and must not infringe upon an individual’s privacy rights, especially concerning sensitive medical data.

Advice in such cases


  • Always ensure that any medical certificate you submit is genuine and obtained from a registered medical practitioner. Submitting a forged document is a serious offense.



  • Keep a copy of all documents you submit to the institution, including the medical certificate and any accompanying application.



  • Communicate with the college administration in writing. If they have doubts, ask them to send a formal written query to you or the hospital administration, rather than engaging in informal phone calls.



  • Understand your rights under the Digital Personal Data Protection Act, 2023. Your medical information is classified as sensitive personal data, and it cannot be shared without your explicit consent.



  • Consult with Lawyer: The very basic and important step to start is talk to Lawyer / advocate. You should not hesitate in paying his consultation fee i.e. might be in range of Rs. 10,000 to 50,000 depends case to case. He is helping you in this situation of come out. He is expert in the domain and can help you explain the procedure which you might have never explored. A good lawyer can get the issues resolved much faster than you think


Applicable Sections of Law


  • Article 21 of the Constitution of India: The Supreme Court of India, in the landmark case of Justice K.S. Puttaswamy (Retd.) vs. Union of India, has affirmed that the Right to Privacy is a fundamental right. This includes the privacy of one’s health and medical records.



  • The Digital Personal Data Protection Act, 2023 (DPDP Act): This Act governs the processing of digital personal data. Under this law, the student is the ‘Data Principal,’ and the hospital is the ‘Data Fiduciary.’ The hospital cannot share a student’s medical data with a third party (the college) without the student’s free, specific, and informed consent.



  • Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2002: These regulations impose a strict duty of confidentiality on medical practitioners regarding patient information, except in specific circumstances like a court order or overriding public interest, which is not applicable in this academic verification scenario.



  • Bharatiya Nyaya Sanhita, 2023 (BNS): If a student submits a fake or forged medical certificate, they could be charged under provisions related to forgery, such as Section 335 of the BNS.


If you are the complainant

If you are the student whose privacy has been breached by the college and hospital, you are the complainant in this matter. Your course of action should be systematic.


  • First, collate all documentary evidence, including your medical certificate, emails, or letters from the college regarding the verification process.



  • Send a formal letter or legal notice to both the college administration and the hospital, citing the breach of your right to privacy and violation of the DPDP Act. Demand a written apology and an assurance that such an incident will not be repeated.



  • If you do not receive a satisfactory response, you can file a complaint with the Data Protection Board of India (once it is fully constituted and operational) for the breach of your personal data.



  • Consult with Lawyer: The very basic and important step to start is talk to Lawyer / advocate. You should not hesitate in paying his consultation fee i.e. might be in range of Rs. 10,000 to 50,000 depends case to case. He is helping you in this situation of come out. He is expert in the domain and can help you explain the procedure which you might have never explored. A good lawyer can get the issues resolved much faster than you think


Can a College Verify Your Medical Certificate? A Legal Perspective on Patient Privacy in India

If you are the victim

As the victim of an unlawful information disclosure, you may feel distressed and unfairly targeted. It is important to remain calm and act strategically.


  • Do not engage in heated verbal arguments with the college authorities. Insist on all communication being in writing.



  • Formally request the college to provide details of how they conducted the verification. Ask for the name of the person they spoke to at the hospital and the information that was shared.



  • You have the right to protect your sensitive medical information. The college’s suspicion does not give them an unrestricted right to invade your privacy.



  • A legitimate method of verification would be for the college to send a formal, written request to the hospital’s medical records department, with your consent, to verify only the authenticity of the certificate’s issuance, not the nature of your illness.



  • Consult with Lawyer: The very basic and important step to start is talk to Lawyer / advocate. You should not hesitate in paying his consultation fee i.e. might be in range of Rs. 10,000 to 50,000 depends case to case. He is helping you in this situation of come out. He is expert in the domain and can help you explain the procedure which you might have never explored. A good lawyer can get the issues resolved much faster than you think


How the police behave in such cases

Typically, a breach of patient confidentiality is a civil matter and does not directly involve the police. The police would generally not register a First Information Report (FIR) for a college calling a hospital. Their involvement would only begin if there is an allegation of a cognizable criminal offense. For instance, if the college files a complaint against the student for submitting a forged document, the police would then investigate the matter under the relevant sections of the Bharatiya Nyaya Sanhita, 2023, following the procedures laid out in the Bharatiya Nagarik Suraksha Sanhita, 2023 (BNSS). If your complaint is about a data breach, the police would likely guide you to the appropriate civil forum or the Data Protection Board.

FAQs people normally have


  • Can my college directly contact my doctor?


    No, they cannot directly contact your doctor to discuss your medical condition without your explicit consent. Doing so would be a breach of professional ethics for the doctor and a violation of your privacy.



  • What is the correct way for a college to verify a medical certificate?


    The proper procedure is to send a formal letter to the hospital’s administrative office, enclosing a copy of the certificate and a consent letter from the student, asking them to verify if the certificate with a specific serial number was issued to the said student on the mentioned dates.



  • What can the hospital legally disclose?


    With your consent, the hospital can only confirm the authenticity of the document. They can state, “Yes, this certificate was issued by our hospital.” They cannot and should not disclose the diagnosis, treatment details, or any other medical information.


Can a College Verify Your Medical Certificate? A Legal Perspective on Patient Privacy in India

What evidence is required?

To build a case for a breach of privacy, you will need the following:


  • The original medical certificate you submitted.



  • Any written communication from the college (email, letter, show-cause notice) that mentions their verification process or the information they obtained.



  • A copy of your formal complaint or notice sent to the college and hospital.



  • If possible, a written statement from the hospital acknowledging the disclosure of information, although this might be difficult to obtain.


How long will the investigation take?

The duration of any action depends on the path you choose. An internal inquiry by the college might be resolved within a few weeks. However, if you escalate the matter by filing a complaint with the Data Protection Board of India, the timeline will be subject to their procedural rules, which may take several months. Pursuing the matter in a civil court for damages is a much longer process and can take years to conclude.

Advocate Sudhir Rao, Supreme Court of India

Rate this post