Decrease in Consultative Time and an Increase in Concerns blot the Draft Health Data Management Policy 2020

[Profile of the author: Architi Batra is a fifth-year law student at Vivekananda Institute of Professional Studies, affiliated with GGSIPU]

WHAT IS THE NATIONAL HEALTH POLICY?

In 2017, the Ministry of Health and Family Welfare released the National Health Policy to create a digital health technology eco-system aiming at developing an integrated health information system. The aim of this policy is to digitize India’s healthcare system and to significantly improve the efficiency, effectiveness, and transparency of healthcare services in the country.

OBJECTIVE:

‘‘To create a National Digital Health Ecosystem that supports Universal Health Coverage in an efficient, accessible, inclusive, affordable, timely and safe manner, through the provision of a wide range of data, information and infrastructure services, duly leveraging open, interoperable, standards-based digital systems, and ensuring the security, confidentiality and privacy of health-related personal information.’’

The blueprint of the National Digital Health was released in furtherance to this cause in 2019. Some of the key points of this blueprint were:

• Citizen centricity, quality of care, better access, universal health coverage, and inclusiveness
• Increase the use of digital technologies in the healthcare field
• Establish and manage the core digital health data and the infrastructure
• Promotion the adoption of open standards by all the actors in the National Digital Health Ecosystem (NDHE) that spreads across the sector from wellness to disease management.
• Creating a system of Personal Health Records as per the International standards which are easily accessible to the citizens and to the service providers on citizen consent.
• To follow the best principles of a cooperative federalism structure
• Promotion of Health Data Analytics and Medical Research
• Efficiency and effectiveness of Governance
• Quality healthcare service
• Better use of the information system already existing in the healthcare sector

The launch of the National Digital Health Mission (NDHM) was publically announced on the 74th Independence Day i.e. 15th August 2020 by Prime Minister.

HOW WILL THE NATIONAL DIGITAL HEALTH MISSION WORK?

NDHM seeks to go beyond just the segmented use of digital technologies by creating an integrated database containing health records of all citizens. It aims to provide every citizen with a unique health identification card so that the health records of all persons can be accessed anywhere. Electronic health records of patients will become nationally portable, instead of just remaining locked in the facility where a person is treated.

The Ministry of Health and Family Welfare in collaboration with World Health Organization (WHO) and the Global Digital Health Partnership (GDHP) in 2019 February launched the blueprint for the NDHE which included and is not limited to the following features:

• Unique Identification - The NDHM shall be in hands of each citizen of this country in form of a unique identification of Persons which would include – Facilities required, Diseases and Devices via the Personal Health Identifier (PHI), and Health Master Directories & Registries.

This information can be accessed through a combination of Aadhaar-based Identification/ Authentication and through other specified types of identifiers.

Given the significant spread of smartphones and the prospects of its further growth, the blueprint emphasizes the ‘Mobile First’ principle for the majority of stakeholder-facing services.

• Citizen Control: The 2019 blueprint assures citizen control i.e. the confidentiality, security, and privacy of health records shall be in hands of the citizens through Consent Manager, Anonymizer, Data Sharing and Protection, and Privacy Operations Centre.
• Storage of Data and Availability: Data is to be stored at three levels – Central, state or Union Territory and health facility. Although the ownership of personal data lies with the individual, anonymised data in an aggregated form may be made available for research, statistical analysis and policy formulation.
• Service and Delivery: It shall be implemented via a combination of Web (India Health Portal), Mobile (MyHealth App) and Call Centres besides Social Media Platforms. This shall enable real-time monitoring and real-time interventions if needed.
• Liability of Breach of Data: In the event of any incident of a data breach, the person responsible for such breach shall be liable in accordance with the provisions of applicable law.

THE DRAFT HEALTH DATA MANAGEMENT POLICY 2020

On 26th August 2020, the draft was opened for feedback. The general public can give suggestions and raise concerns till 3rd September 2020, 05:00 PM. (To access and give your feedback go to: https://ndhm.gov.in/stakeholder_consultations/ndhm_policies)

CONCERNS WITH THE DRAFT RELEASED

1. Maintaining sufficient standards of health as asserted
2. The data privacy protection – Sensitive personal information of individuals on a public platform is a big concern. Although India has realized the Right to Privacy, it is still lacking in rolling out laws for the protection of different kinds of datasets being used by the government, like Aadhar, DNA profiling, Aarogya Setu etc.
3. The policy draft appears to be more in the sector of a data management policy instead of a healthcare plan.
4. Limited-time period for public consultation of merely a week is a big alarm. Usually, the time given to seek responses from the public is one month to three months
5. Collection of data - For the health ID, collection of biometric data (Proposed Section 40 (b)) which includes ‘facial image, fingerprint scans, iris scans, or any other similar personal data resulting from measurements or technical processing operations carried out on physical, physiological, or behavioural characteristics of a data principal (citizen), which allow or confirm the unique identification of that natural person’ at such a scale would be a tedious task for both the agencies and persons.
6. Retaining data after the treatment - Hospitals and governments, as per the draft, will be allowed to collect ‘sensitive personal data’ of patients and retain it with themselves perpetually.
7. Inclusion of sensitive information which is not associated with an individual’s health needs or treatment - As per the proposed Section 4(ee), "sensitive personal data" means such personal data, which may reveal or be related to, but shall not be limited to,
   (i) financial information such as bank account or credit card or debit card or other payment instrument details; (ii) physical, physiological and mental health data; (iii) sex life; (iv) sexual orientation; (v) medical records and history; (vi) biometric data; (vii) genetic data; (viii) transgender status; (ix) intersex status; (x) caste or tribe; and (xi) religious or political belief or affiliation.
8. Broad definitions give anyone a right to retain your data – (Proposed section 4(h)) The definition of ‘data fiduciaries’ allowed to collect citizen’s data is so wide-ranging that even a neighbourhood yoga or wellness centre or pharmacy would be free to do so, not just doctors and hospitals. And the onus of getting the consent of people and security of data will be with these entities.
9. Data available to the government - Doctors, hospitals and diagnostic centres collecting personal data of patients will have to make the data available to the government and its agencies whenever called to do so.
10. Non-availability of resources to access digital records in various parts of the country – Would the electronic medical records (EMRs) be actually beneficial for the quality of care and clinical outcomes? India needs to generate its own evidence on the usefulness of digital health records, given the fact that the state of health systems varies from state to state. Right now, there is almost nil local evidence to justify investments in developing universal digital health identity system.
11. Accessibility of data to external agencies - Letting police and other agencies access health records even without court orders is a gross violation of the ethical handling of people’s personal data.

The evolving policy model on consultations in this country as also suggested by the EIA draft 2020 decreases public participation and leaves limited time to actually process the information provided and critically comment on it is an undemocratic way of rushing into policymaking.

Disclaimer: This article is an original submission of the Author. Niti Manthan does not hold any liability arising out of this article. Kindly refer to our Terms of use or write to us in case of any concerns.