While medical data in the electronic form is considered personal and sensitive data, employers can require employees to submit a fitness certificate/medical certificate from a registered medical practitioner stating that the employee is healthy and can work. Employers, in most cases, reserve the right to require employees to provide a medical certificate if they are on prolonged sick leave or if they are to return to work after sickness.
If the medical certificate or fitness certificate is being provided in the electronic form, : the employer would be required to adhere to the requirements prescribed under the Information Technology Act, 2000 (IT Act) and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (Security Practices Rules). The Security Practices Rules require that consent of the information provider be obtained regarding the purpose of usage of the information that is collected, the intended recipients of the information, and the name and address of the entity storing the information.