Psychiatrist

The action against the doctor can be taken under chapter 7 and 8 of Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2002.
While disclosing the sensitive information the doctor breached the doctor patient confidentiality.
This confidentiality is based on the notion that a person shouldn't be worried about seeking medical treatment that his or her sensitive information will be leaked to others. the objective of this confidential relationships to make patients feel comfortable enough in providing any and all relevant information.

What is covered by doctor patient confidentiality?
It includes medical history, pre-existing medical conditions, X-rays, lab reports, other reports, etc as well as the communication between the doctor and the patient.

Patient confidentiality is protected under State Law and if patients private information is disclosed without authorisation in some type of harm is caused to the patient he or she could have a cause of action against the medical provider for malpractice, invasion of privacy, and other related torts. This confidentiality is also covered in the hippocratic oath that the doctors take.

When a breach confidentiality is valid
1. Disclosure with consent
2. Disclosure required by law
3. Disclosure in the public interest

What could be classified as confidential information
1. Must have the necessary quality of confidence.
2. Not already in public domain.
3. Public interest to protect it.
4. It was reasonable to believe that the information shared will be held in confidence.
5. Sensitive personal details (medical or otherwise)
6. The application of confidence must be there.

Laws governing the Confidentiality and Privacy of a patient in India -

According to the Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2002, it has been stated under chapter 7- that the registered medical practitioner shall not divulge any of the secrets of a patient that have been acquired in the exercise of his/her professional skill or while conducting the treatment.
Chapter 8- states about the consequences of the violation. It explains that if any complaint is made with regards to the professional misconduct of any registered medical practitioner and the same was brought before the Medical Council of Disciplinary action, then, upon the receipt of the complaint, the appropriate medical council will hold an enquiry and will also give the opportunity to the registered medical practitioner to be heard in person or by a pleader. And if during the course of the enquiry or proceeding, the registered medical practitioner is found guilty of committing professional misconduct, then he will be awarded with the punishment as it deems fit with the situation by the Medical Council or they may also direct the removal of his medical practice altogether or for only a specified period.
And under chapter 8- , if the decision is pending on the complaint registered against him, then the appropriate Council may restrict the physician from performing the procedure or practice which is under research/scrutiny.
Other than the ‘code of ethics’ there are no such specific laws in India which protect the privacy and confidentiality of the patient’s data but the Health Ministry has proposed a Digital Information Security in Healthcare Act (DISHA) in 2018 which is yet to be finalised.

It is regarded as likely to provide a complete legal framework to ensure the privacy of the patients, especially in the era of where more than paper electronic health records are used.

If it gets finalised, then it will give the people complete ownership of their health data.

For example, if a person visits the doctor and the doctor places the result of the tests into an electronic health record, then that information will be completely protected by the DISHA Act as it will be placed within the healthcare system.

Reference - https://academic.oup.com/bjaed/article/14/2/52/271401