Opinion | Importance of health data privacy and protection in India4 min read . Updated: 11 Nov 2020, 02:35 PM IST
- While concerns around accuracy have to be addressed, the benefits of wearable technology cannot be overstated. It is, however, crucial that firms operating in this space exercise significant care when collecting, processing and storing health data.
Wearable technology presents many compelling opportunities for improving healthcare. The use of wearables can enable healthcare consumers to analyze their biomarkers, receive digital coaching services and benefit on their insurance plans. It also enables the medical community to use biomarker analysis in prognosis and treatment over symptom analysis. The technology will lead to paradigm shifts in the healthcare industry from a ‘sick-care’ model to a preventive or wellness-based model.
There are some legitimate concerns raised against medical devices with regard to accuracy. Unfortunately, the market is flooded with unscrupulous companies supplying cheap and low-quality wearable technology products masquerading as medical devices. These products show massive variation in their readings. In one case, an Indian man found his pulse oximeter would output the same heart rate value whether he was testing his finger or a pencil.
While concerns around accuracy have to be addressed, the benefits of wearable technology cannot be overstated. It is, however, crucial that firms operating in this space exercise significant care when collecting, processing and storing health data. While sharing health data may be the key for medical innovations that transform patient care, it should be handled with integrity and responsibility.
Spearheaded by the National Health Authority, the National Digital Health Mission (NDHM) is the country’s most ambitious health data digitization drive till date. The technology powering the NDHM architecture has the potential to transform consumer healthcare services across the continuum of care. For this initiative to succeed, government regulators and start-up innovators need to work together to ensure health data is collected, stored and processed in a legally compliant manner. Private companies cannot be given unregulated backdoor access to coveted personal healthcare data.
The proposed legal framework for the future of health data privacy comes from two legislations. The Draft Digital Information Security in Healthcare Act (‘DISHA’) stands tallest amongst these and shows the potential India has for protecting its citizens’ health data. The other being The Personal Data Protection Bill which along with the Information Technology Act also provides more general and blanket protections for all kinds of data.
It is important to note that until these bills are passed and become law – the Centre must find alternate ways to secure the data of its citizens and residents, especially when it relates to healthcare. The security and integrity of healthcare data is not simply an economic issue, the implications of lax healthcare data protection extend to national security as well.
Take the example of Strava, a mobile application that collects, processes and stores wearable technology health data. They released a global heatmap showing 13 trillion GPS points from their users. An international security researcher was able to use this data to identify US military forward operating bases in Afghanistan, Turkish military patrols in Syria, a Russian guard patrol in Syria, a French military base in Niger, an Italian military base in Djibouti and even CIA “black" sites.
The United States has the Health Insurance Portability and Accountability Act. The legislation was created to modernize the flow of healthcare information and to stipulate how personally identifiable information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft. With surging demand for wearable technology and the advent of the NDHM, Indians are generating soaring volumes of healthcare data. We will also need similarly elaborate legislations to protect the health data of our citizens and residents.
The Ministry of Electronics and Information Technology (hereafter, MEITY) took the bold move to ban hundreds of mobile applications for stealing and surreptitiously transmitting users’ data in an unauthorized manner to servers which have locations outside India. While commendable, MEITY needs to continue their work in the same stride in relation to healthcare and fitness mobile applications.
Technology companies rely on data to build their valuation, which means they are financially motivated to amass data at all costs. Many wearable technology-enabled devices are on sale without the necessary compliance requirements. Regulatory authorities, like MEITY and the Ministry of Health and Family Welfare, have to investigate these technologies to ensure they are compliant with our country’s rules and regulations.
Make no mistake, I believe the digitization of healthcare will democratize consumer access and will lead to a new dynamic between stakeholders in the industry. Individual ownership of his or her own health data has the potential to truly realign the current incentive structures in the healthcare industry. However, without the right checks and balances in place to prevent data misuse or theft, these efforts will be in vain. Health data is innately private in nature, and the prioritizing of this privacy is non-negotiable. With thoughtfully designed systems and intricate regulation, we can ensure that this prioritization remains intact as India moves towards a digitized future.
The author is founder & CEO at GOQii. Views expressed are his own.