Digital Health Mission faces privacy and infrastructure concerns

Every Indian will get an Aadhaar-like health ID card that will record details of every visit to a doctor or a pharmacy, Prime Minister Narendra Modi had announced this Independence Day. This process of digitising the patient landscape has been in the works since 2018.

Led by the National Health Authority (NHA), the central agency implementing the health coverage scheme, Ayushman Bharat, the National Digital Health Mission (NDHM), as it is called, aims to provide people with a unique, digital health identifier, gathering all records in a unified system. So far, over 100,000 people have got these IDs.

“The pandemic has revealed the need for a strong three-tier integrated, accessible and affordable health care system. NDHM aims to be a one-stop care solution and the new health ID is said to be voluntary with an opt-out option,” said Anand K, CEO, SRL Diagnostics.

According to him, NDHM will also offer telemedicine as part of its digital suite. By being able to access quality health care advice remotely, travel costs of patients will be reduced. Nearly two-thirds of health expenses in India is paid out of pocket, he added.

Private stakeholders will have an equal opportunity to integrate with the NDHM and create their own products, said Indu Bhushan, CEO of NHA. “However, core activities and verification, generation of health ID or approval of a doctor/facility shall remain with the government.”

The $23-million programme will help with analysis of big data on health, and lead to better planning, budgeting and implementation for states and health programmes, Bhushan said in an interview to Bloomberg.

Currently, India spends only about 3.5 per cent of its gross domestic product on health care — among the lowest, according to World Bank. A 2018 NITI Aayog report highlights that about 60 million Indians are pushed into poverty every year because of health expenses, 60 per cent of which are borne out of pocket.

But, a recent BCG-Ficci report estimates that over the next decade, NDHM can potentially unlock an incremental value of Rs 1.5 trillion for the health care industry.

“It’s a step-by-step process. The more data you collect, the better services you’ll provide,” said Suresh Munuswamy, head, health informatics and technology innovations, Public Health Foundation of India.

A crucial aspect that is, however, yet to get due attention is diagnostics, said Anand pointed. “Around 70 per cent of health care decisions are based on diagnostic results. A nationwide testing ecosystem becomes a prerequisite for the correct medical diagnosis and treatment.”

The programme, once rolled out nationwide, could be a game changer. “Data is the new wealth and data science provides insights for informed decision-making. Traditionally, the importance given to data management in health care has been marginal and obscure. NDHM has the power to change this,” said Karthik Anantharaman, a health care professional with a background in medtech, pharma and biotechnology. This could have huge implications in handling medical emergencies, monitoring drug response and prognosis of each patient, he added.

However, digital illiteracy, connectivity challenges, health care resource crunch and data privacy are question marks.

“The NHA was set up under an executive notification, not a law of Parliament. After a rushed consultation and without trial, it is now already collecting health data and generating IDs, even though the policy document has not been finalised,” said Raman Jit Singh Chima, Asia policy director at Access Now, a non-profit focused on internet rights.

The NDHM health data policy document allows a variety of government and private parties access to data. In case of a breach of trust, there is no recourse because India doesn’t have a data protection law or an independent data protection authority, explained Chima, accusing the government of rushing to deploy the programme preempting legal or regulatory challenges.

The NHA has, however, maintained that the adoption of NDHM will ensure security and privacy by design.

Some steps to ensure data security could be to not store all information at one place and advertise it, Munuswamy said. “Data must be stored in a distributed way, and in a de-identified way. That is, if someone hacks into one data centre, it should not have the personal identifier and service provision together.”

He also advised that when the data is viewed together, it should have a dynamic key that changes every day. “This is fairly common as far as credit cards go,” he said. “Another option is a limit on how much data can be downloaded by one person or in one attempt. This will help prevent unauthorised data downloads and in case of a breach, it could be quickly rectified,” he added. – Business Standard