The launch of the Nationwide Digital Well being Mission (NDHM), an built-in and interoperable digital well being framework offering every citizen with a singular well being identifier, has met with a blended reception.
Whereas it can’t be denied that the NDHM holds immense potential in leveraging expertise to catalyse well being outcomes, the venture additionally has far-reaching implications for the well being sector and processing of well being information, particularly by way of its privateness implications.
The engine of the NDHM is the Nationwide Well being Stack (NHS) proposed by the NITI Aayog. The NHS is a set of cloud-based providers primarily based on open Utility Programming Interfaces, designed to create a big well being database, by amassing well being information from everywhere in the nation.
Cognisant of the privateness considerations such large-scale information assortment may elevate, the Nationwide Well being Authority subsequently floated a draft well being information administration coverage for the NDHM (Coverage) to behave as a “steerage doc” for the mission.
Nonetheless, it isn’t but clear how far the Coverage meets the necessities of the Private Knowledge Safety Invoice, 2019 (PDP Invoice), for the well being sector. Given the sweeping nature of the NDHM and the unconventional shift in healthcare facilitated by the scheme, it’s important to make sure that the digital well being ecosystem as imagined by the NDHM is privacy-preserving and inclusive. For a similar, we’ve recognized two interventions that might protect particular person autonomy whereas selling inclusive and progressive healthcare options.
First, the NDHM should be sure that a person’s well being information stays accessible to them in an ‘simple to grasp’ kind always.
The Nationwide Digital Well being Blueprint (Blueprint) thought-about this integral to the NDHM — noting that holding affected person information on the closest bodily location to the affected person, and residents having ‘full management’ of the processing of their private information are key rules driving the mission’s structure.
This ‘federated structure’ is an architectural sample requiring the constructing blocks of the NDHM ecosystem to be constructed on the native, State and Central ranges. Nonetheless, it isn’t specified how the ecosystem shall be sure that digitally illiterate plenty, or individuals residing in distant areas, are in a position to train full management over their private information.
On this context, we suggest that the federated structure, as envisaged beneath the Blueprint, think about two components on the stage of design and implementation — socio-economic standing and geographic terrain. By doing so, we hope to make sure two outcomes; first, the State can establish geographically-distressed areas the place public well being infrastructure should be supplemented with digital infrastructure by establishing digital well being centres; and second, the upskilling of conventional healthcare employees (corresponding to anganwadi employees) in rural or low-income neighbourhoods to make sure that the weak teams are empowered to take privacy-preserving well being selections.
Higher safety safeguards
Second, it’s crucial for the digital well being ecosystem to protect privateness and promote transparency. For this, we advocate that entities accountable for the processing of well being information are mandatorily assigned a ‘information belief rating’ score by an auditor appointed by the Ministry of Well being and Household Welfare. The thought of a ‘information belief rating’ for entities has discovered place in each the PDP Invoice and the Coverage, with a better belief rating which means extra transparency, higher record-keeping and sharper privateness and safety safeguards. Within the wake of the latest controversy surrounding the RTI reply on the Aarogya Setu software, such a measure might be notably helpful for government-driven improvements. The requirement for such functions to satisfy a minimal belief rating can assure operational openness and be sure that data regarding an software’s improvement is freely accessible within the public area.
Whereas the aforementioned interventions act as enablers of privateness and innovation in well being tech, the best way ahead lies in making certain that the frameworks beneath the Coverage and the PDP Invoice are operationalised in a complementary method, with public well being and privateness regulators working in collaboration to boost public well being capacities.
Banerjee is a Analysis Fellow and Menon is a Analysis Scholar at Shardul Amarchand Mangaldas & Co. Views