BackDigital health IDs face privacy challenge
A health ID is the first step towards creating safer and efficient digital health records for you and your family. You can opt-in to create a digitally secure health ID, which allows you to access and share your health data with your consent
PremiumNEW DELHI : Last month, the Delhi and Tamil Nadu governments announced plans to introduce digital health identities (IDs) for their residents. The aim is to use the power of cloud computing to allow users access to their health records from just about anywhere.
Delhi and Tamil Nadu’s systems are in line with the National Health Policy (NHP), 2017, which aimed to implement the National Health Stack (NHS), for which a committee under the Ministry of Health and Family Welfare (MoHFW) produced the National Digital Health Blueprint (NDHB)--an action plan to “comprehensible and holistically implement digital health".
"Using a Health ID is the first step towards creating safer and efficient digital health records for you and your family. You can opt-in to create a digitally secure Health ID, which allows you to access and share your health data with your consent...," explains the government's National Digital Health Mission (NDHM) website. The site adds that a health ID enables a citizen's interaction with participating healthcare providers, and "allows you to receive your digital lab reports, prescriptions and diagnosis seamlessly from verified healthcare professionals and health service providers".
The idea is good in principle, say experts. But there are challenges such as interoperability of databases and privacy protection that must be addressed, say experts.
For one, each state has its own database of records. This means that pulling out records from these databases will require very good bandwidth. “Each state going about its own Electronics Health Records (EHR) system is fine. But when you’re trying to have one final integratable infrastructure across the country, the bandwidth of the connectivity from the government hospitals to the cloud infrastructure has to be increased considerably," points out Srinivas Prasad, former CEO of Philips Innovation Campus and founder of Neusights.
Having the right bandwidth is required because health information can be quite large. The Electronics Health Records (EHR) and Personal Health Records (PHR), an integral part of the electronic health systems India is aiming for, can include images from X-Rays, MRI scans and more--all of which have very large file sizes. Not having the right infrastructure in place could lead to common issues where links don’t work, data isn’t updated, etc.
Prasad added that ensuring interoperability standards is also important, failing which bringing the systems built by different states into one national network will be a “huge effort and a huge spend". “Even in a hospital, what I have noticed is that when decisions are made to upgrade to a certain system, the big picture is never looked into," he said.
The work with respect to e-health in India is being done “in silos", corroborated a person involved in the implementation of these platforms. This implies that the various health platforms including the centre’s Aarogya Setu and Cowin platforms, and Delhi and Tamil Nadu’s systems, are not connected to each other. He requested anonymity, given the sensitivity of the matter.
“Aarogya Setu is just a geolocation-based heat map (of covid infections), based on personal confirmations. Cowin, too, is a standalone and static database of vaccinations in India. Right now, all these databases exist, but they are islands unto themselves," said the person cited above, who is involved in development of e-health initiatives. “Is there a roadmap to connect them? At least the ones we have right provide no answer to that," he added.
“The very fact that they are in place is an indication that digitization of healthcare data is a serious subject at the centre," the person cited above, added. “However, if you go through their charters, you will realise their priorities and how they are going about it," he said. The NDHM was launched last year, and the NHS is being built by the Indian Software Product Industry Roundtable (iSPIRT), which built the Unified Payments Interface (UPI).
Additionally, digital health IDs are being introduced in India without a data protection bill in place. The Personal Data Protection (PDP) bill has been under review by a Parliamentary committee since 2019 and was pushed to the Winter session earlier this year. “This is a huge reason why we’ve all been talking about why there’s an urgent need to get the PDP out," said tech policy analyst Prasanto K. Roy. “In the absence of the PDP, you have these completely arbitrary ad-hoc things around privacy rules around different sectors," he added.
The NDHM website does explain that "NDHM does not store any of your health records. Your health records are stored with healthcare information providers as per their retention policies and are shared over the NDHM network with encryption mechanisms only after your express consent". But that is not enough, according to Roy.
Health ids, which are supposed to be national, have a privacy and consent framework around them, acknowledges Roy. However, they make certain assumptions about underlying privacy related legislations, which don’t exist right now. “The current NHDM framework is pretty detailed, but it has gone with a lot of assumptions, which could all be impacted by the PDP," Roy concludes.
Milestone Alert!Livemint tops charts as the fastest growing news website in the world 🌏 Click here to know more.
