National Digital Health Blueprint – Multiple Challenges On Path To Digital Health Records

Even as the cost of healthcare in India is one tenth of that in the United States, quality needs to improve. The tragic yet preventable deaths of over 140 children in Muzaffarpur in June due to Acute Encephalitis Syndrome (AES) are a case in point. Most Indian states continue spending meagre amounts on healthcare barring a few such as Mizoram, Himachal Pradesh and Kerala, show various surveys and studies. To top it all, Finance Minister Nirmala Sitharaman did not emphasise much on healthcare in Budget 2019. Therefore, the 50-odd page National Digital Health Blueprint (NDHB) document, which the government recently put out for public discussion, warrants attention.

Described as an architectural document, NDHB sets out a long list of laudable objectives. This includes establishing and managing the core digital health data and the infrastructure required for its seamless exchange; promoting adoption of open standards by all the actors in the national digital health ecosystem, developing several digital health systems that span from wellness to disease management; creating a system of personal health records based on international standards, and easy accessibility to citizens and service providers, based on citizen-consent. The NDHB also aims at “ensuring quality of healthcare; and leveraging the information systems already existing in the health sector”.

The chairman of the committee J Satyanarayana pointed out that the blueprint has a federated architecture and nothing will be centralised. He talked about creating a “national digital health ecosystem” that pertains to “establishing and managing the core digital health data and the infrastructure required for its seamless exchange”.

Devi Prasad Shetty, cardiac surgeon and the founder and chairman of Narayana Health said that with NDHB, we are going in the right direction. “If there is no electronic medical record, healthcare will not become safe for patients,” he said, adding that as long as there is paper and a pen, there is a danger of non-standardised delivery of solution. “When you admit a relative in a hospital, you tend to do a background check of the concerned doctor handling the case but you do not do the same for the concerned pilot when boarding an aircraft, even as over 200-300 lives depend on the experience and skills of the pilot. This is because irrespective of his or her experience, no pilot can fly the aircraft in his or her own style. Everything is pre-defined and documented and when things go wrong, steps are taken to ensure the same mistakes do not get repeated,” Shetty explained. Believer in benefits of “converting atoms into bytes”, Shetty suggested to apply the same in healthcare. “If you remove the paper and pen from the hands of doctors and nurses, you can digitally track events. The Electronic Medical Record (EMR) will make healthcare accessible, safer and affordable for patients.” The blueprint also talks about making EMR interoperable.

“One can expect a lot of positives in terms of being able to collect data, which , if properly anonymised, could help in epidemiological studies to better understand the distribution, patterns and causes for various diseases,” says Kiran Karnik, the former president of NASSCOM.

The catch is about how well data is anonymised and how good is its protection. In fact, the blueprint has a whole section on the “anonymiser”, which says it “takes data from the health locker and/or other health data sets, removes all personally identifiable information to protect privacy and provides the anonymised data to the seeker. Tools available can anonymise both structured and unstructured data. At the same time, Anonymiser enables the government or authorised agencies may need to access the health records of citizens especially in some identified cases such as monitoring of notified diseases etc., to take effective decisions to promote wellness in the country and to ensure that healthcare is provided in a timely fashion, as needed…”

However, concerns remain about sensitive information on personal health at a time when the law in India has still to catch up on ways to ensure airtight controls in transfer of data. Experts point out that there is no direct law on data protection and privacy that spells out responsibilities and deterrents. Not many will be able to come up with examples of people being fined heavily or pulled up for misuse of electronic data or data breach. Therefore, it is imperative to have such a law in place before getting into electronic health records portability. One suggestion is that India needs something similar to General Data Protection Regulation (GDPR) in Europe.

GDPR could be a good example around matters concerning personal data. The government had set up the Justice B N Srikrishna committee on data protection law about 18 months ago. It submitted its report last year. Parliament is yet to take action on the draft bill. That said, currently, there is no specific law on the same, although the government is moving in that direction. Experts believe we need to have such a law in place before we move to digital health records and make them interoperable.

The other issue relates to cost of compliance versus access. Given India’s complexities, what compliance standards should one follow? Experts suggest software that is Health Insurance Portability and Accountability Act (HIPAA)-compliant. Developed in the US, HIPAA is a globally recognised standard that handles sensitive patient data and its protection. We may need to make it less stringent in India but putting high deterrents in terms of fines and punishments against failures is imperative.

Finally, the blueprint aims at promoting a culture where systems talk to each other. Incidentally, 75 per cent of the healthcare delivery in India is still through the private sector, which uses different legacy systems. What could be the quantum of capital required to make a seamless transition to an ecosystem where data can be easily exchanged – not just from the public to private entities but also from a primary health centre (PHC) to the All India Institute of Medical Sciences? Only when that can be ensured in a secure fashion with a law in place that is clear on deterrents, could there be positive spin offs of tracing and tracking how a PHC functions and uses the data to tighten up the delivery system across the board. – Business Today