In a country where social/societal approval and acceptance is a measure of a person’s well-being and being ill or diseased serves as a ‘social deflator,’ an individual wishing to access health services anonymously constitutes privacy.
For a hitherto under-documented country such as India, National Digital Health Mission has been widely hailed as a game-changer of sorts envisioned to completely redraw the health delivery services map of the country. Going a step further than giving unique health identity to 130 crore people, the Mission envisages the digitisation of entire health ecosystem including professionals, healthcare facilities, insurance firms, pharmacies, labs and diagnostic centres. Like any mission of national importance with cyber technology at its core, it is bound to spark questions on security and privacy of health data of patients. Given the innately very private nature of healthcare records, the supremacy of the privacy/security of data must remain non-negotiable.
In a recent case of breach of health data, in February this year, a German security firm had discovered the leakage of over a million medical records and 121 million medical images including X-rays and scans of Indian patients. Apparently, this breach was a configuration issue and was a result of poor protocol practices. In another instance, Religare Health Insurance had found the private data of over 5 million of its users and employees leaked on the dark web. Security of health data therefore remains a primary concern when it comes to the implementation of the National Digital Health Mission.
Staggering scale of the Mission
For a Mission covering more than 130 crore people serviced by nearly 12 lakh practitioners, 69,000 public and private sector hospitals including 25778 government hospitals, 3000 drug companies and 18-19 lakh retail pharmacies inclusive of 5000 organised retail pharmacies, this is a staggering quantum of data to negotiate. As such, a security breach would not be totally out of the ordinary.
Vulnerabilities in the health data system
Given the interconnected nature and the scale of the programme involving such a large spectrum of players underpinned by an assortment of technologies, it is intrinsically riddled with data vulnerabilities. Indeed in the draft on Health Data Management Policy, rules have been laid down for health information providers and users to access data through designated consent managers only after obtaining an informed consent of the data principal with “true ownership and control” remaining with the data principals. Yet, none of these are an iron-clad safeguard against an unscrupulous hacker from outside. That the consent manager is to be an electronic system again makes it even more vulnerable. Then the provision for sharing anonymised data for research and policy formulation is a tricky one because when combined with other data sets, anonymised data can be reidentified putting a big question mark on the privacy of data. Similarly, the provision for personal health identifier to distinguish one data principal from another is also fraught with risks.
What should be done?
Robust foundational infrastructure – common digital standard
Since the whole Mission is steered by the government, it is critical that the government invests sufficiently in laying down the foundational physical infrastructure which must be of top quality. Given the federated nature of this health exchange system, device and platform differences must be eliminated as much as possible while evolving a common digital standard applicable across the continuum of care for inpatient, outpatient and remote patient monitoring. The interoperability and portability of the patient data from one health facility/hospital to another must be ensured.
Software for Indian context
The software standards must be adapted for the Indian context with a built-in flexibility keeping in mind the socio-cultural and economic milieu of the country. Then only those software must be deployed where the support through regular security patches and updates is provided. In terms of EMRs and EHRs, a balance between patient privacy and practitioner’s ease of use must also be accounted for. Some critical software would include anti-malware software, data loss prevention software, two-factor authentication software, patch management software disc encryption software and logging and monitoring software.
Latest encryption technologies
Not only is there a need for employing encryption technologies but latest encryption technologies must be adopted. Remember, while it’s relatively simple to encrypt data at rest in the cloud, data in use — that is, data being used by an application, and not sitting in storage — is much harder to encrypt.
24/7 surveillance & regular auditing
There is a need for 24×7 security surveillance ensuring every data byte is highly secure. Then the systems must be audited on a regular basis through an independent auditor. The auditor must be able to audit every configuration change made to multiple server components, including File Servers, and track user permission changes. Stringent access processes through password protection must be in place. Ethical hackers must be part of the cyber security teams to regularly check data protection standards and spot vulnerabilities if any. Data security measures at individual healthcare facility/practitioners levels
At the same time, it is also incumbent on the partner healthcare facilities, practitioners, drug companies, diagnostic centres, pharmacies, and even individuals to prepare themselves with utmost data security measures. For instance, since EHRs in hospitals need to upload/download large files, images and radiology scans from remote servers, a dedicated broadband pipe must be there within the hospital. Then picture archiving and communications system (PACS) server for Digital Imaging and Communications in Medicine (DICOM) files must be made secure completely through robust access processes.
Privacy vs. security of health data
Although privacy and security of data are intricately linked with each other, there is a subtle distinction between the two. In a country where social/societal approval and acceptance is a measure of a person’s well-being and being ill or diseased serves as a ‘social deflator,’ an individual wishing to access health services anonymously constitutes privacy. Against this, security is more about authorities misusing that data for surveillance purposes or businesses/individuals illegally using that data for private or commercial use. In sum, only a continued spotlight on data security will eventually lead to a foolproof system. Remember, this is a top-down system initiated by authorities. Unless the people and the workforce are adequately trained in digital technologies, the system will remain vulnerable to misuse.