How to start Healthtech platform in India

How to Start a Healthtech Platform in India

Starting a healthtech platform in India in 2026 requires you to resolve three questions before you write a single line of code: What clinical activity is your platform enabling?, Which regulator owns that activity?, and How does your revenue model interact with GST exemptions and TDS obligations? Get those answers right at inception and the compliance work that follows is systematic. Get them wrong and you face re-incorporation, product redesign, or personal liability for clinical governance failures. This guide gives you the exact sequence — entity, regulation, technology, and tax — with the numbers and form names that a live-running platform actually uses.

Map Your Use Case to Its Regulatory Regime First

India has no single "digital health regulator." Depending on what your platform does, you will be regulated by one or more of the following:

Do this mapping in a one-page document before you incorporate. It will determine who sits on your board, what insurance you need, and whether your revenue qualifies for GST exemption.

Entity Structure and Clinical Governance

Most healthtech ventures incorporate a private limited company through the SPICe+ form on MCA V3 (mca.gov.in). The process takes 5-7 working days and produces a CIN, PAN, TAN, and GST registration simultaneously. Use the INC-22 address proof correctly — a rented space with a valid rent agreement is sufficient.

If your platform involves clinical activity — teleconsultation, e-pharmacy, or diagnostic services — you must address clinical governance structurally, not as an afterthought:

1. Appoint at least one registered medical practitioner (RMP) as a clinical advisor, consultant director, or full-time Chief Medical Officer. The NMC Telemedicine Guidelines require that the platform operating environment supports RMPs, not replaces them.
2. Draft a Clinical Governance Policy covering: patient triage criteria, teleconsultation scope (what conditions can and cannot be managed remotely), prescription protocols, prohibited drug categories (Schedule X drugs cannot be prescribed via telemedicine for new patients), and adverse event reporting timelines.
3. Set up a Clinical Review Committee that meets at minimum quarterly and maintains minutes. If a regulatory authority or insurance dispute ever requires audit evidence, these minutes are your first line of defence.

For DPIIT Startup recognition, file on the DPIIT portal (startupindia.gov.in) after incorporation. Recognition unlocks Section 80-IAC (100% profit deduction for three consecutive years out of the first ten), Section 56(2)(viib) angel tax exemption, and the ESOP tax deferral benefit. The eligibility conditions for FY 2026-27 include: incorporated after 1 April 2016, turnover not exceeding Rs. 100 crore in any preceding year, and working toward innovation or improvement of an existing product/process.

Understanding the Telemedicine Practice Guidelines in Practice

The Telemedicine Practice Guidelines (2020), issued jointly by the Ministry of Health and Family Welfare and the NMC, remain the operative framework for any platform connecting patients with RMPs. The 2025 amendments tightened a few provisions worth knowing:

• Video consultation is mandatory for first-time patients where the condition warrants it. Audio-only is permissible for follow-ups where the RMP has seen the patient before. Text-only consultation is permissible only for existing patients with documented prior in-person or video consultation.
• Prescription rules: An RMP can issue a prescription via telemedicine, but it must include the RMP's registration number, digital signature, platform name, and patient's ABHA ID (where available). Prescriptions cannot cover Schedule H1 drugs or narcotics/psychotropics for new patients.
• Platform obligations: You must maintain consultation records for a minimum of three years, provide a mechanism for the patient to receive their prescription digitally, and display your clinical governance policy on the platform.

Your platform does not itself hold a medical licence. The RMPs on your platform hold their respective State Medical Council registrations. Your responsibility is to verify and display those registrations, maintain the audit trail, and enforce the guidelines through your product design.

ABDM and ABHA Integration: The Step-by-Step Path

The Ayushman Bharat Digital Mission (ABDM) is now the government's primary instrument for interoperable health data. For your platform, ABDM integration is not just regulatory goodwill — it becomes a functional differentiator as more hospitals, labs, and insurers operate within the ABDM ecosystem.

Step 1: Register on the ABDM Sandbox Go to sandbox.abdm.gov.in and create an application account. You will receive sandbox API credentials. Test your flows here before moving to production.

Step 2: Implement ABHA-based patient identity ABHA (Ayushman Bharat Health Account) is a 14-digit unique health identifier. Your patient onboarding flow should offer ABHA creation or linking. Use the ABDM APIs for Aadhaar-based ABHA creation (requires Aadhaar OTP consent) or demographic-based ABHA creation. Store only the ABHA address (e.g., user@abdm), not the raw Aadhaar number.

Step 3: Build as a Health Information User (HIU) or Health Information Provider (HIP)

• If your platform generates health records (prescriptions, consultation notes, diagnostic reports), you are a HIP and must push records to ABHA in FHIR R4 format.
• If your platform consumes records from other providers (labs, hospitals) to help the doctor, you are a HIU and must implement the consent manager flow — the patient must explicitly grant consent for each record-sharing request, and that consent has a defined expiry.

Step 4: Apply for ABDM Production Access Submit via the ABDM integration portal. The review typically takes 4-8 weeks and involves a technical audit of your FHIR compliance and consent implementation.

Step 5: Maintain audit logs Every ABHA record access event must be logged with timestamp, requesting entity, and consent artefact ID. This is both an ABDM requirement and a DPDP compliance obligation.

DPDP Compliance for Health Data

The Digital Personal Data Protection Act 2023 (DPDP Act) and the DPDP Rules (notified in 2025) treat health data as among the most sensitive categories. Your obligations as a Data Fiduciary operating a health platform:

Consent Architecture

• Obtain explicit, granular, informed consent before collecting health data. A blanket "I agree to Terms & Conditions" tick-box does not meet the standard.
• The consent notice must specify: what data is collected, why, who it will be shared with (labs, pharmacies, insurance partners), and for how long it will be retained.
• Consent must be revocable at any time. Build a consent dashboard into your patient-facing app.

Data Localisation and Storage

Health data of Indian residents must be stored on servers within India. If you use AWS, Azure, or GCP, you must select Indian regions (ap-south-1 for AWS Mumbai, for example). Document this in your data flow map.

Breach Notification

In the event of a personal data breach, you must notify the Data Protection Board of India within 72 hours of becoming aware. The notification must describe the nature of the breach, categories of data affected, estimated number of data principals impacted, and steps taken. Build this into your incident response runbook from day one — discovering you have no breach notification process after a breach is one of the costliest governance failures in this sector.

Data Retention

Define a retention policy and enforce it technically. Consultation records must be retained for three years under the telemedicine guidelines; beyond that, health data should be deleted unless there is a specific legal hold.

E-Pharmacy and Diagnostics Aggregation

E-Pharmacy

India's e-pharmacy regulatory framework sits in a legally ambiguous zone as of mid-2026. The Draft Drugs and Cosmetics (Second Amendment) Rules for e-pharmacy were proposed but have not been finalized into notified rules. Existing online pharmacies operate under state drug licences (Form 20 and Form 21 under the Drugs and Cosmetics Rules 1945), physically anchored to a licensed pharmacist and a licensed premises.

If you plan to build an e-pharmacy or aggregate licensed pharmacies, you need:

• A drug licence issued by the State Drug Controller for a licensed premises with a registered pharmacist
• Compliance with Schedule H, H1, and X prescription requirements at the point of dispensing
• A reconciliation mechanism linking digital prescriptions from your telemedicine module to the dispensing record

Do not build a pure aggregator model that routes prescriptions to unlicensed pharmacies. That is a violation of the Drugs and Cosmetics Act and carries personal liability for directors.

Diagnostics Aggregation

The Clinical Establishments (Registration and Regulation) Act 2010 and its state equivalents require clinical establishments — including diagnostic laboratories — to be registered. Your platform can aggregate registered labs, but you must verify their registration before onboarding them and display it to the consumer. Several states (Maharashtra, Tamil Nadu, Karnataka) have notified their own clinical establishment rules with stricter requirements.

GST Nuances: What Is Exempt and What Is Not

This is the area where most healthtech founders make expensive structural errors.

Exempt services under Entry 74 of Notification 12/2017-CT(R):

• Health care services by a clinical establishment (hospital, nursing home, clinic registered and recognized as such)
• Services by an RMP providing clinical care directly

Taxable services at 18% GST (not exempt):

• Telemedicine aggregation platform fees — if your company is a technology intermediary connecting patients to RMPs, and you are not yourself a clinical establishment, your platform fee or commission income is taxable at 18%
• SaaS subscriptions to hospitals, clinics, or diagnostics firms for your hospital management software
• Subscription bundles sold to corporate clients for employee health programmes (unless the underlying service is structured through a registered clinical establishment)
• Marketing or lead-generation commissions from labs and pharmacies

The structural decision: If you want your teleconsultation revenue to be GST-exempt, your entity must be registered as a clinical establishment under the applicable state Act, the clinical team must be employed by the entity (not just contracted), and the entity must be providing the health care service — not merely connecting the patient to an RMP who is independently providing it. This is a genuine clinical operations decision, not a paper restructure. Take a formal opinion before choosing this route.

Input Tax Credit (ITC): Even where your output is taxable, ensure you are claiming ITC on technology expenses (servers, software, communication tools), professional services, and office costs. A platform with Rs. 1 crore in annual taxable revenue and Rs. 40 lakh in tech expenditure has roughly Rs. 7.2 lakh in ITC to claim — that is real cash.

Tax Compliance Across Payout Channels

TDS on Doctor Payouts — Section 194J

Doctor consultation fees paid by your platform are professional fees under Section 194J of the Income-tax Act 1961. TDS rate: 10%. Threshold: Rs. 30,000 per financial year per doctor (for FY 2026-27).

Deposit deadline: 7th of the following month (30th April for March deductions). Late deposit attracts interest at 1.5% per month from the date of deduction to the date of deposit.

Worked example: Your platform pays Rs. 8 lakh/month to 40 doctors. TDS deductible = Rs. 80,000/month. If you miss the April 7 deposit by 25 days, you pay interest of Rs. 80,000 × 1.5% × 1 month = Rs. 1,200. Miss it for three months and you owe Rs. 3,600 in interest plus possible disallowance of the deducted amount as an expense under Section 40(a)(ia) — that last point can cost you 30%+ of the deduction in tax.

Section 194R — Gifts and Benefits to Doctors

If your platform provides free equipment, conference sponsorships, gift vouchers, or any benefit exceeding Rs. 20,000 per year to a doctor or referral partner, Section 194R applies. TDS rate: 10% on the market value of the benefit. This applies even if no cash changes hands.

Section 194Q — Bulk Pharma or Supplies Procurement

If your platform purchases goods (drugs, devices, diagnostic kits) from any single supplier exceeding Rs. 50 lakh in a financial year, Section 194Q requires you to deduct TDS at 0.1% on the amount exceeding Rs. 50 lakh. This is relevant if you operate a pharmacy fulfillment operation.

Quarterly TDS Returns

File Form 26Q (non-salary TDS) quarterly. Due dates: Q1 by 31 July, Q2 by 31 October, Q3 by 31 January, Q4 by 31 May. Late filing: Rs. 200 per day under Section 234E, capped at the TDS amount. A missed 26Q filing also means your doctor or vendor cannot see the TDS credit in their AIS (Annual Information Statement) — which creates friction in your vendor relationships.

Common Mistakes That Cost Founders Real Money

1. Assuming the GST exemption applies automatically: Many founders incorporate, start generating teleconsultation revenue, and assume they are exempt. They later receive a GST notice covering 18% on gross revenue for two or three years, plus interest and penalty. Get a written legal opinion on your specific structure before you invoice your first patient.

1. Not verifying doctor registrations at onboarding: The NMC Telemedicine Guidelines require the platform to ensure only registered RMPs practise on it. Onboarding a practitioner with a lapsed or non-existent registration makes your platform liable under the guidelines and potentially under the Indian Penal Code for facilitating medical practice without licence.

1. ABHA integration deferred to "Version 2": Hospitals, insurance companies, and government health schemes increasingly require ABHA-linked records. Building ABHA integration as a retrofit is 3-5× more expensive than building it in from the start because your data models, consent flows, and APIs all need restructuring.

1. Missing the 72-hour DPDP breach notification window: Platforms often discover a breach during an internal audit, not in real time. Without a working security monitoring system and incident response protocol, you will routinely miss the 72-hour window and face Data Protection Board penalties.

1. Treating doctor payouts as contractor fees under 194C instead of 194J: The TDS rate under 194C is 1-2%; under 194J it is 10% for professional services. Misclassifying doctor payments saves you nothing — the liability (plus 1.5%/month interest) remains, and the shortfall is typically discovered in a tax assessment.

1. Ignoring state-level clinical establishment registration: Several states require a registration for any establishment providing health-related services, even digital ones. Karnataka, Maharashtra, and Telangana have been active in enforcement. A Rs. 5-10 lakh annual compliance cost is far cheaper than an enforcement action that shuts your operations.

Worked Example: A Teleconsultation Platform in Year One

Scenario: A private limited company incorporated in Bengaluru launches a B2C teleconsultation app in April 2026. In FY 2026-27 it generates:

• Rs. 60 lakh from patient consultation fees (platform commission on doctor fees)
• Rs. 18 lakh from a B2B SaaS contract with a chain of 12 clinics
• Rs. 9 lakh from diagnostic lab referral commissions

GST position (assuming the platform is a technology intermediary, not a clinical establishment):

• All three revenue streams are taxable at 18%
• Total GST liability: (Rs. 87 lakh) × 18% = Rs. 15.66 lakh for the year
• ITC on server hosting, software licences, and professional services: approximately Rs. 4.2 lakh
• Net GST outflow: Rs. 11.46 lakh

TDS position on doctor payouts:

• Platform pays Rs. 48 lakh to 35 doctors during the year (average Rs. 1.37 lakh per doctor)
• TDS under Section 194J @ 10% = Rs. 4.8 lakh to be deposited monthly by the 7th
• If the Q4 (January–March) TDS of Rs. 1.2 lakh is deposited on 12 May instead of 7 May: interest = Rs. 1.2 lakh × 1.5% × 1 month = Rs. 1,800 — minor, but it also triggers a notice in some cases

Section 194R exposure:

• The platform provides 8 doctors with conference sponsorships worth Rs. 35,000 each
• Total benefit value: Rs. 2.8 lakh; TDS @ 10% = Rs. 28,000 — often overlooked

Income tax: The platform makes a net loss in Year One (typical for early-stage). DPIIT recognition has been obtained. No Section 80-IAC claim yet (requires profit). Losses can be carried forward for 8 years under the normal provisions.

Total compliance cost in Year One (CA fees, legal, filing, ABDM integration, DPDP consent infrastructure): approximately Rs. 8-12 lakh. Budget for it. It is not optional spend.

Key Takeaways

• Regulatory mapping before entity structure: The use case determines which regulator governs you, which in turn determines your entity requirements, insurance needs, and governance obligations.
• Clinical governance is a product requirement, not a legal formality: The clinical governance committee, policies, and audit trails are what your platform looks like to an NMC inspector or a court.
• ABDM/ABHA integration from Day One is structurally cheaper and commercially stronger than a retrofit; build to the FHIR R4 standard from the first sprint.
• The GST exemption for healthcare does not automatically apply to a technology aggregator platform; a formal opinion on your specific revenue structure is non-negotiable before you go live.
• Section 194J TDS on doctor payouts at 10% is one of the most common compliance gaps in healthtech; automate the monthly deposit and quarterly filing from the first payout run.
• DPDP breach notification within 72 hours is a hard operational requirement; build monitoring and an incident response runbook before you onboard your first patient, not after.
• DPIIT recognition should be obtained within the first three months of incorporation — it costs nothing and opens tax benefits (Section 80-IAC, angel tax exemption) that are unavailable if you delay past the eligibility window.