Subscribe To Print Edition About The Tribune Code Of Ethics Download App Advertise with us Classifieds
search-icon-img
search-icon-img
Advertisement

It’s about data, not health

The new policy draft reads like a warrant to attack ‘privacy’ of citizens
  • fb
  • twitter
  • whatsapp
  • whatsapp
Advertisement

In his Independence Day speech, the PM announced the setting up of the National Digital Health Mission (NDHM). The announcement was made in the context of various government initiatives to address challenges posed by the novel coronavirus. On the surface of it, it appeared as a logical corollary to the Ayushman Bharat scheme that provides healthcare to the poor through government and private hospitals as well as government-run wellness centres. But the devil is in the fine print. In this case, the devil is the data management policy, draft of which was released by the government on Wednesday for ‘public consultation.’ The draft reads like a new warrant to attack privacy of citizens, and not a policy for better health of people. In this draft, citizens have been reduced to what it calls ‘data principals’, hospitals and doctors are dubbed ‘health information providers’ and the government and its agencies are going to be ‘health information users.’ Reading through the draft makes one feel that it is a draconian framework for trading of citizen’s personal health data. Hardly a week’s time has been given for ‘public consultation’ for a policy draft which amounts to a grievous attack on the people.

Digital technologies in the health sector have been deployed for overcoming inefficiencies, ensuring better utilisation of available resources, delivering certain services and follow up, etc, for faster data collection. Their use in several disease-specific programmes such as TB control and immunisation has yielded good results. NDHM seeks to go beyond such segmented use of digital technologies by creating integrated databases containing health records of all citizens and to provide every citizen a unique health identification card so that health records of individuals could be accessed anywhere. Electronic health records of patients will become nationally portable, instead of remaining locked in the facility where a person is treated.

On paper, it appears nice. In practice, it could pose technological and logistical challenges in implementation, besides leading to minefields of ethical and privacy issues. Creating electronic health record for every citizen will be many magnitudes higher than UID (Aadhaar) which included a static set of datapoints (demographic information, iris data and fingerprints). For the health ID, data would mean ‘facial image, fingerprint scans, iris scans, or any other similar personal data resulting from measurements or technical processing operations carried out on physical, physiological, or behavioural characteristics of a data principal (citizen), which allow or confirm the unique identification of that natural person.’

Advertisement

Hospitals and governments, as per the draft, will be allowed to collect ‘sensitive personal data’ of patients. Such data would include financial information (bank account and payment instrument details); physical, physiological and mental health data; sex life and sexual orientation; genetic data; caste or tribe; and ‘religious or political belief or affiliation’. This makes one wonder if the draft is about our health or a new surveillance tool in the garb of digital health.

The definition of ‘data fiduciaries’ allowed to collect citizen’s data is so wide ranging that even a neighbourhood yoga or wellness centre or pharmacy would be free to do so, not just doctors and hospitals. And the onus of getting consent of people and security of data will be with these entities. At the same time, doctors, hospitals and diagnostic centres collecting personal data of patients will have to make the data available to the government and its agencies whenever called to do so. They will also be free to ‘make anonymised or de-identified data in an aggregated form available for the purpose of facilitating health and clinical research, academic research, archiving, statistical analysis, policy formulation, the development and promotion of diagnostic solutions and such other purposes.’ This provision is so wide that it will permit the use of personal data for practically anything, though consent of individuals will be required before their data is shared.

Advertisement

For providing health IDs to citizens, it is proposed to establish a national digital health authority, having a similar architecture to that of the Unique Identity Authority of India (UIDAI). There is no surprise here because the expert committee that prepared the blueprint was chaired by a former president of UIDAI, and may have been driven by the same technological philosophy. Besides creating health IDs, a national register of all health providers will have to be developed to tag every record to a provider, to ensure traceability and accountability of medical records.

The medical community is still divided over the benefits of electronic medical records (EMRs) on the quality of care and clinical outcomes. India needs to generate own evidence on the usefulness of digital health records, given the fact that the state of health systems varies from state to state. Right now, there is almost nil local evidence to justify investments in developing universal digital health identity system.

It may be worth generating data through pilot studies to see the feasibility of the idea, and also draw lessons from countries like Australia which have implemented similar schemes. The ‘My Health Records’ of Australia has had mixed response. Responding to privacy concerns, the government had to introduce ‘opt out’ option. General physicians, accredited to the government health system, have found that the percentage of records accessed by them is miniscule compared to records uploaded onto the system. Questions have also been raised on letting police and other agencies to access health records even without court orders. Such situations could arise in India, as seen recently in Kerala where mobile phone data of Covid patients was accessed without their consent.

Digital technology could help improve the functioning of health systems, but digital health can’t be a panacea for a bad public health system.

Advertisement
Advertisement
Advertisement
Advertisement
tlbr_img1 Home tlbr_img2 Opinion tlbr_img3 Classifieds tlbr_img4 Videos tlbr_img5 E-Paper