To announce a national mission to digitise health records in the middle of a pandemic—when healthcare infrastructure, financial and human resources are all stretched thin—is either visionary or gimmicky. The line between the two begins to blur when one factors in the lack of an actual financial commitment.
The blueprint for digitising India’s patient landscape has been in the works since at least 2018. It was lightyears ahead of earlier efforts to standardise health records, which didn’t go very far. On 15 August, India’s 74th independence day, Prime Minister Narendra Modi launched the National Digital Health Mission (NDHM). Every individual will get a “health ID”, a health account that contains all medical reports—everything from prescriptions to diagnostics.
Overnight, via a 41-page document , the NDHM subsumed the government’s 2018 scheme to provide insurance to 500 million Indians, popularly known as Ayushman Bharat. At least on paper, it became a unified health system for every citizen and the central verifier of all truths in healthcare.
The bureaucracy swung into action. It launched pilots in six Union Territories (UT).
By the end of August, 55,700 individuals were made to register for a health ID. That number has since crossed 100,000. On 26 August, the National Health Authority (NHA), which runs Ayushman Bharat—and will implement NDHM—put out a Draft Health Data Management Policy for public consultation. Despite the importance of this policy —it will determine NDHM governance—it was open to public feedback for only a week. After a public outcry, the deadline for feedback was extended to 21 September.
But forget the policy for a moment, and focus on its vision and execution.
Based on the tech stack of Aadhaar, India’s unique ID programme, a health stack has been created for NDHM by software think tank iSpirt. Its building blocks include a unique health identifier, DigiDoctor, registry of healthcare facilities, consent manager, electronic and personal health record standards (which allow portability of data), and so on.
In theory, a patient who has a health ID could seamlessly move from one healthcare provider to another. She could fetch her desired health records on a phone or any other device, show it to the doctor, even have it deleted at the doctor’s end within a stipulated period of time. She could also choose to have all her longitudinal health records stored in the Digi-Locker, or a health locker provided by a private company.
You can’t fault the vision—this is the Holy Grail of digital health. Healthcare systems across the world have struggled to make health records digital and interoperable. Developed countries like the US are trapped in the battle of multiple electronic record formats and data ownership. In principle, NDHM solves both these problems.
Except, the startup way to ‘move fast and break things’, and the un-government way to build or borrow technology from the private sector through the back door, is not how a country of 1.33 billion should erect its digital health infrastructure. Even more so when the Personal Data Protection (PDP) Bill is still under parliamentary discussion, some distance from becoming a law. Among many things, the Bill defines data anonymisation, and along with granting individuals the rights over their data, it legitimises the use of anonymised data for commercial purposes.
In early June, the Prime Minister’s Office decided that NDHM would be its banner show on 15 August. The NHA, iSpirt and Swasth, a guild of sorts, had a few weeks to cobble up a prototype.
An IT advisor to the NHA told The Ken that more than 20 companies are queuing up in Delhi to volunteer ideas and technology to NDHM. These include the likes of digital preventive health companies such as GOQii and insurers Acko and PolicyBazaar. Some of the largest startups from Swasth Alliance, , have offered to “donate their apps” to NDHM, which NHA CEO Indu Bhushan is considering.
The IT advisor to the NHA, who is also an iSpirt volunteer, acknowledged that he “guided” Swasth towards building a reference app for NDHM, especially for processing digital insurance claims. NHA had floated a Request for Proposal (RFP) in order to hire tech vendors like Wipro, TCS or IBM to develop its digital claims platform. However, an internal Swasth presentation sourced by The Ken shows Swasth has an inordinate level of influence over the platform: “Swasth will define specs for all key aspects of the claims platform; derive from work done so far by partners”.
Owing to this backdoor activity, the India chapter of HIMSS , an international association of global health information and technology communities, issued letter to the NHA in late July. It listed gaps and technical recommendations, specifically calling out the lack of transparency in how the NHA moved away from its stated RFP and adopted a closed-door strategy.
Several hospitals, large and small, within and without the Ayushman Bharat network, said they didn’t know what the NDHM was about. Other than one webinar organised for healthcare providers by government think tank Niti Aayog, there’s been little consultation. This, when NDHM’s real success depends on getting healthcare providers—who have been resistant to digitisation— onboard.
In all this, it’s the patient or the average person who’s been rushed to create an ID, to add to a statistic that can be peddled as a milestone on social media.
Mandatory for some, voluntary for the rest
Six UTs are running pilots to create health IDs and register doctors (DigiDoctor) as well as healthcare facilities. This began with government-run hospitals.
In Chandigarh—one of the UTs where a pilot for enrolment of citizens to digitise all their health records is underway—an order was issued by the teaching hospital Post Graduate Institute (PGI) Chandigarh. The 28 August order stated that “the registration for generating Health IDs is mandatory for all citizens of our country.”
After the order hit social media and news reports started pouring in, the NHA jumped in to control the damage. The very next day, PGI said that creation of such an ID is not ‘mandatory,’ but it has put pressure on its staff and students to create their health IDs.
A doctor in PGI, who did not wish to be identified for fear of retribution, told The Ken that their department sent an official notice to all its members to create health IDs. “Initially, I did not feel comfortable creating such an ID, so I refrained,” the doctor said. Later, the department head sent two follow-up emails to everyone.
One email stated that any person who failed to create an ID would be included in a non-compliance list, which would be sent to the director’s office. The other email stated that anyone who creates an ID should inform the department that they have adhered to its instructions. “I could not risk non-compliance, and hence created my ID by linking my rental address and phone number, but I have chosen not to link my Aadhaar,” the doctor said. Similarly, government hospitals and dispensaries under the National Health Mission—in existence since 2005—received a circular which made it mandatory to register for a health ID. Staff have been instructed to share the circular with their “near and dear ones” and get them registered as well. “It is being perceived by the UT authorities to be a number game, of sorts. There is pressure to generate IDs. Most NHM employees have hence created their IDs…we never got any written notice which said that it is not mandatory anymore,” said a Chandigarh-based NHM employee working in one of the government hospitals.
NHA CEO Indu Bhushan who is heading the implementation of NDHM stated such incidences of ‘mandatory,’ nature have come to the notice of NHA and the UT authorities are being asked to keep it voluntary. But as Devdutta Mukhopadhyay, associate counsel at the Internet Freedom Foundation, points out, if staffers and their families are being ‘forced’ to enrol even as the centre says that enrolment is voluntary, but no legal action is being taken against the erring UT authorities who repeatedly send WhatsApp messages and emails for staffers to enrol, then this is a farcical exercise. “A massive data gathering exercise in absence of a general data protection or an enforcement law is completely illegal,” she said.
The only saving grace is that health IDs are standalone. Bhushan says, “We have still not started linking these IDs to individuals’ Electronic Medical Records as we are waiting for the draft policy on NDHM to be approved to understand the rules of the game, so as to what kind of information can be asked, collected and shared.”
And while the prime minister said everyone would have a health ID, the NDHM document says it’s ‘voluntary’ on the grounds that it’s more complex. Two senior health ministry officials The Ken spoke with raised concerns, especially with regard to public health setups. “Patients have little control over digitalisation of their health data, how much does ‘voluntary’ mean in public hospitals anyway?.” It’s another matter that nearly 70% of healthcare delivery is in the private sector and nearly 70% of that is unorganised. Nobody in the government knows how this unorganised sector will integrate with NDHM and why.
“NDHM is a lot about stakeholder management. It’s voluntary and there are no financial incentives to participate,” said the IT advisor quoted earlier. For now, everyone is counting on the largest cohort, large public health hospitals that could add 100 million users.
UPI of healthcare
In April 2016, United Payments Interface (UPI) was launched to facilitate digital payments. Anyone who created a UPI handle—using a phone number linked to their bank account—could send money to another UPI user, irrespective of the bank they held accounts in. Its adoption skyrocketed post demonetisation (when the government invalidated 86% of the country’s currency) and after the government created a reference app called BHIM .
Now, India Stack has repurposed the UPI tech for healthcare.
A reference app, like BHIM , is now being beta-tested for Android phones. The NHA expects private companies to integrate their own apps with NDHM and popularise its adoption.
What’s considered authorisation in a payments transaction in UPI is the equivalent of consent in healthcare. Just like how UPI is agnostic to the bank or payments app one uses, the NDHM is expected to function similarly. “In NDHM, you’ll have access to your medical records through any provider app irrespective of the healthcare provider. For example, you could be going to Apollo Hospital but use Practo’s app to pull that data,” says an IT professional, who has followed India Stack’s technology road map. The interoperability of NDHM has far-reaching ramifications. Large hospitals with their own in-house apps are wary of integrating them into NDHM for fear of losing patients. Others may allow the app-savvy startups to act as trusted partners. (This discussion happened in UPI as well—should there be third-party payments system players (PSPs), who would act on behalf of the banks.)
In either case, tweaks would be required in the Hospital or Laboratory Information Management Systems (HIMS or LIMS) at the providers’ end to allow for portability. As of now, private healthcare providers have no incentive to integrate with NDHM. This is unlike in the US, where Obamacare had a budget to incentivise this transition. The Indian government has announced no such allocation for NDHM. Startups, though, are drooling over the data on offer.
“Every hospital’s backend technology is different, its features are different. Cost is high and use case low to allow data portability even within a hospital chain,” says the CEO of a large corporate hospital in southern India. “Moreover, data monetisation is a different skill set from what hospitals have in running a business. Even if we integrate, we don’t see much benefit.”
When it comes to insurance, digitisation is already in effect through ROHINI, or the Registry of Hospitals in Network of Insurance. Adding a layer of personal data to this through health IDs—and later, through its linkage to electronic medical records (EMR)—greatly improves the insurance database.
This could explain Swasth’s dash to build out a claims processing platform. “This [NDHM] data will be very useful to give or reject insurance. No insurance company is making money. They’d like to insure; they want to insure,” says the hospital CEO quoted above.
Unlike in UPI, where less than twenty banks needed to integrate for it to work fully, NDHM will have to deal with over 100,000 hospitals.
“In UPI, larger banks like HDFC and SBI did not integrate with UPI, because they had no incentive and were bound to lose. Until demonetisation, when they integrated themselves otherwise they’d be left on the wrong side politically. Something similar will happen in NDHM—iSpirt or NHA [and large startups] will integrate what is possible to integrate. Then you become the largest player in the room, and everyone has to integrate into yours,” says the IT professional quoted above.
Even though UPI is a zero-revenue model, some banks got to amass data. “Just like the NPCI has all the [UPI] data but whoever is the banking partner of top market players like, say Google Pay, also gets data. Which is why digital health companies are queuing up before the NHA for data. If they get early access, they get scale, and all partnerships will come their way. Early adopters will get disproportional benefits,” adds the IT professional.
Predictably, there’s a rush among well-heeled digital health startups. Currently, the tech that India Stack has built has no telemedicine or e-pharmacy module. Companies like Practo, Cure.fit, and 1mg have made a presentation to the PMO for adding a telemedicine stack. The Ken could not ascertain if in “donating” their apps to NHA, these companies are offering their telemed solutions to NDHM.
What NDHM is doing is creating a playground, says Ajay Bakshi, former CEO of Manipal Hospitals and Max Healthcare. “Whoever plays a better game will win. That’s capitalism. What NDHM has to ensure is that the playground is fair and equal opportunity.” Dr Bakshi is a core member of Swasth and co-founder of BuddhiMed Technologies, a health analytics company that, among other things, plans to use artificial intelligence to digitise hospital data.
The question is whether NHA—which is not under the scrutiny of Parliament or the Right to Information (RTI)—and iSpirt/Swasth, a club of tech enthusiasts and affluent professionals accountable to no one, are creating a level playing field.
Governance of convenience
In its July letter to the NHA, HIMSS asked why iSPIRT was allowed to develop health stack solutions while there was a formal RFP already in place. “We believe that iSPIRT being an advisor and moderator should have facilitated the process instead of building their own health stack. HIMSS India Chapter strongly feels that there should be an open, transparent and competitive RFP process to implement all the key building blocks of NDHM,” the letter stated.
Unlike the Telecom Regulatory Authority of India or the Airports Authority of India, the NHA was not created through an act of Parliament. Instead, it was created in 2017 as an agency to solely manage Ayushman Bharat. It was declared an ‘Authority’ by a Cabinet order and placed under government think tank Niti Aayog. By now, it’s apparent how Niti Aayog operates—hustle, assign tasks to the private sector, offer data but no fee, and accept no long-term outcome accountability. How the Covid-19 contact tracing app Aarogya Setu was created , is a telling example.
But those who study governance are a worried lot. The draft Health Data Management Policy (HDMP) , which is nearing the end of its feedback window, does not even mention the PDP Bill pending in the Parliament. Instead, in Section 6, the draft policy states that “HDMP would be governed by structures and rules created from time to time by the NHA.”
All India Peoples Science Network (AIPSN) is one of many civic forums sending in comments on the draft. AIPSN is a national federation of organisations focused on the informed participation of common people in decision-making on science and technology policy issues.
T Sundararaman, a public health expert and senior member of AIPSN, argues that as per the draft HDMP—and by extension, NDHM—governance now becomes an executive function. “Each policy or action is subject to change at any time by executive order, and rights described in HDMP would not be legally enforceable by citizens. Also, the Aadhaar experience has shown how a policy that began with assurances of voluntary participation, gradually became mandatory by a series of executive orders,” he observes. As such, it’s fair to ask that NHA and its NDHM responsibilities be secured by legislation through a proper law.
Saving capitalism by transparency
“It’s a complex system, it can fail,” says BuddhiMed’s Bakshi. Many things could go wrong. “If somebody hacks and tries to steal data or if NDHM is seen as surveillance. Misinformation and radicalism can rub off this initiative.”
That would be tragic. Transparency in healthcare, an industry where the user is always at the receiving end of information asymmetry, can restore both trust and health of the business. Indian healthtech startups are rarely profitable; hospitals aren’t doing great either . If implemented well, NDHM could be good for digital health and even wearables companies like, say, Goqii, which don’t have a channel to sell to people who need smart wearables the most. Until the Apple and Google app stores came, mobile phone app makers had to market their apps themselves.
“If you build infrastructure, preserve privacy, and get data into third-party apps, then it’s a good thing. But letting that process be owned and controlled by a cabal is a recipe for misuse. Google said it would do no evil; today it is doing all kinds of evil to earn revenue,” says the founder-turned-philanthropist of a digital health company which had a successful exit in 2016.
The way to build trust is to be transparent. Reacting to the mounting mistrust and misinformation on Covid-19 vaccines, the American coronavirus vaccine maker Moderna became the first company to release its detailed plan for clinical trials. Because “the only way to win trust was to be transparent to the point of discomfort”. NDHM’s implementers could learn from its example. – The Ken