Opinion

What will make the National Digital Health Mission work?

Phalasha Nagpal | Updated on October 21, 2020 Published on October 21, 2020

The National Digital Health Mission has thrown up some crucial questions on protection of health data   -  K_MURALI_KUMAR

Empowering the people to protect their privacy will go a long way in ensuring better health outcomes

With rising concerns over infrastructure, privacy and other critical aspects of the National Digital Health Mission (NDHM), the pressing question is — what will make the National Digital Health Mission work?

A shared digital infrastructure is a common public good, which would work towards the SDG goal of universal health coverage. Like any public good, it would have positive and negative externalities. The positive externalities are substantial — improving India’s health outcomes, especially for the poor, through accelerating increased participation in the healthcare system through efficient information sharing.

The negative externalities include data misuse, leakages, profiteering, foreign surveillance and so on leading to high socio-economic costs. For the NDHM to be successful, a focus on three fundamental facets is critical.

The three facets

The first critical facet is the right of the individuals, which includes both Constitutional and other rights.

To start with, the system must be operated and maintained within the ambit of safeguarding individuals’ Right to Privacy of data.

In the momentous Supreme Court judgment in the Puttaswamy vs Union of India (2017) case, ‘Right to Privacy’ has been recognised as an intrinsic part of Article 21, ‘Right to Life and Personal Liberty’ of the Constitution.

The confidentiality of sensitive health data and personal identifiers (such as the name, age etc.) is crucial and any breach can lead to serious socio-economic harm. For instance, a breach of information about a citizen’s HIV status, mental health conditions, abortion history, a genetic disorder etc. may lead to discrimination, violence, and embarrassment.

Besides, there is a potential for unscrupulous practises such as data misuse for commercial or profiteering purposes by private health service providers and insurance companies. To mitigate this, the flow of health data must be limited to only to promotion of quality health care and improving public health outcomes, strictly by authorised entities. So it is essential to define both users and user roles.

Other rights

Other rights include providing individuals or owners of data with the exclusive right to access their health records in their format of choice, right to get copies of the same, right to request changes to the information, right to be able to download them, right to access them online, right to grant access to authorised entities, right to withdraw information etc.

This necessitates an appropriate interface and technology to ensure that these rights can be exercised in a consumer-friendly manner. When consumers are provided with the right to actively participate in their healthcare, they are empowered to protect their privacy, leading to better health monitoring, and improved health outcomes.

This includes providing individuals with the right to opt-in for registration (or opt-out) of the system. However, opting out should not act as a barrier for people to make use of social and health welfare scheme benefits.

The second facet is the operation of the NDHM, data ownership and control. This involves addressing concerns over the managing of the the digital architecture — will it be operated by the government or sub-contracted to a private sector entity or run jointly by the government and the private sector entity? Also, matters regarding “revolving door” where senior-level employees of the public sector may move to the private sector or vice versa, acting in their self-interest must be kept in mind.

Regarding data ownership, the NITI Aayog National Health Stack states that “true empowerment occurs when the patient is the controller of the data rather than just the owner.”

Who owns the data?

Other than this reference, there is no mention of the term ‘owner’ and thus it is not clear who owns the electronic health records. A similar reference in the document implies that there may be more than one entity that owns and determines consent-based access to records.

In the absence of clarity on who is the owner of the data, questions regarding who will be able to rightfully grant ‘rights of access’ and who would be entrusted with the rights of the owner of the data therefore arise. Only when ownership is established, can the rights, responsibilities and access be provided, and the secure flow of information be ensured.

Finally, we look at the third facet — digital infrastructure and literacy which requires three pre-requisites.

First, a digital infrastructure (hardware and software to access the NHDM); second, a stable digital connectivity to ensure the real-time operation and updates and digital literacy (such as knowledge to operate the digital health ID) for both the individuals as well as the entities authorised to access the digitised health platform — service providers, insurance companies etc.

Inadequacies in this aspect can seriously derail the NDHM. For instance, if a Community Health Centre does not have wifi connectivity to upload patients’ medical health records then the chain of the continuum of care would break, leaving gaps in the patients’ health records, thereby affecting the quality of health outcomes.

Thus, it is likely to create socio-economic exclusions, outdated/distorted records, and contribute to exacerbating health inequalities.

Overall, these three facets must operate within the ambit of an overarching regulatory body backed by a legal framework to govern the NDHM.

This would include considering questions such as — what are the penalties for non-consensual access, misuse etc. of data? What are the regulations governing the further outsourcing of data by entities? Who governs fraudulent practises and misuse of data by these entities once they have obtained the rights of access? What are the specific cases, if any, wherein the rights to access can be bypassed by the authorised entities? and so on.

The writer is a researcher with Oxford Policy Management. Views expressed are personal

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

Published on October 21, 2020
This article is closed for comments.
Please Email the Editor