India needs a digital health mission. But it also needs data privacy law to ensure it works
Ilanomics

India needs a digital health mission. But it also needs data privacy law to ensure it works

If patients wish to change a healthcare provider, they have to carry pieces of paper. NDHM envisions changing that by digitally storing their health records.

   
The National Digital Health Mission announced by PM Narendra Modi falls within the purview of the National Health Authority, headed by Indu Bhushan | Image: Ramandeep Kaur | ThePrint

The National Digital Health Mission announced by PM Narendra Modi falls within the purview of the National Health Authority, headed by Indu Bhushan | Image: Ramandeep Kaur | ThePrint

Prime Minister Narendra Modi announced the launch of a National Digital Health Mission (NDHM) in his Independence Day speech, to address serious concerns about the lack of patient records and data in the Indian health system.

Led by the National Health Authority (NHA), the NDHM is set to be India’s major step towards achieving a citizen-centric healthcare system. Unique health IDs that store digital health records of individuals will be created.

However, legal and enforcement issues about data privacy need to be tackled at the same time as regulations and digital systems for patient records are being created.


Also read: What is digital health ID? All about the 14-digit number and privacy concerns around it


The need for digital health records

The health records situation in India is as fragmented as its healthcare market. Public and private hospitals often have varying technological capacity. The government has been trying to get hospitals to voluntarily adopt digital health records by notifying standards and recommendations under existing legal frameworks, such as the Clinical Establishment Act, 2010, with limited gains.

The issue of inadequate record-keeping in public hospitals has been documented in the reports of the Comptroller and Auditor General (CAG) of India. For instance, the CAG performance audit report for UP hospitals (2019) highlights that hospitals fail to keep records of basic parameters such as date and time of consultation and diagnosis.

A typical government hospital is unable to keep a uniform record for services received by the patient during their treatment. The lack of health information leads to inconvenience, duplication of diagnostic and consultation services, delays in treatment, and increase in expenditure. Loss of records and delays can even lead to misdiagnosis and other harms to patients.

For example, mortality from Covid-19 is significantly increased by comorbidities, or the presence of other underlying conditions like hypertension or diabetes. However, with poor or non-existent health records, doctors cannot prioritise patients based on their Covid-19 test results.

A fragmented private healthcare market consisting of single-doctor clinics, nursing homes, non-profits and corporate hospitals have varying adoption rates of digitisation. Corporate hospitals like Max, Apollo, Fortis, etc. have voluntarily adopted electronic health records standards notified by the Indian government. However, it is not possible for a patient to digitally transfer their health records from one type of hospital or a healthcare provider to another.

Non-portability of records unfairly locks in a patient with the first hospital she visited, or her most frequently visited hospital. If she wishes to change a healthcare provider for cost or quality reasons, she cannot access her health records. She has to carry pieces of paper — prescriptions and test reports — from one doctor to the next in plastic bags.

Centralised digital health records were first sought to be adopted in 2018 for the Ayushman Bharat-Pradhan Mantri Jan Arogya Yojana (AB-PMJAY) under the NHA. However, the government of India expanded the scope of digitisation of health records to a national level. Consequently, the National Digital Health Blueprint (NDHB) was released for public consultation in October 2019.

Unique digital IDs will provide a single source of health information for the patients, government and healthcare providers through interoperable health records. Research shows that the adoption of Electronic Health Records leads to an increase in the quality of care received by the patients while decreasing costs of these services. However, the lack of a legal framework for data protection in the country has increased the risks related to digitisation.


Also read: Ayushman Bharat and all other govt health schemes to integrate with digital health mission


Data protection and role of NHA

India has been debating on the requirements under its Draft Personal Data Protection Bill for the past two years. Under the bill, data relating to health, finance, genetics etc. is considered ‘sensitive personal data’ as its disclosure can cause serious harm to individuals and institutions.

The threat of such harms has been seen in the past in the banking and financial sector. For instance, in 2016, 3.2 million debit cards were recalled by various banks due to data breach. Similarly, in September 2019, RBI notified that the practice of non-banking financial companies or NBFCs sharing financial data of their consumers with ‘unregulated entities’, including fintech start-ups, was illegal.

National policies are being formulated to allay these concerns about healthcare records. Dr Indu Bhushan, CEO of the NHA, assured that these policies are being designed while being mindful of the contentions raised in Parliament and the Supreme Court.

The imminent adoption of NDHM in the absence of a data protection law has led for the policymakers to plan for two policies — security of health systems, and privacy of personal health records.

These policies will adopt globally accepted norms such as privacy by design, risk management and fiduciary principles framework for building the upcoming digital health records ecosystem. This requires building appropriate technical, legal and institutional knowledge.

The NHA will play a crucial role in the development of these policies and managing NDHM.

As a government regulator for NDHM, it would be responsible for regulating the healthcare market while ensuring consumer protection.

It would need to adhere to principles of transparency and accountability while functioning as the de-facto regulator for digital health records in India. Its experience in working with the healthcare ecosystem for the AB-PMJAY scheme can guide the agency in formulating future steps for NDHM. For instance, the NHA has been forthcoming in initiating public disclosure of data, hospital accreditation protocol and fraud reports for the AB-PMJAY scheme.

Looking ahead, issues related to the protection of fundamental rights, such as the right to privacy of individuals, as well as the need for the government to assess and analyse India’s disease burden, will have to guide the legal and regulatory framework.

Ila Patnaik is an economist and a professor at National Institute of Public Finance and Policy.

Harleen Kaur is consultant, NIPFP.

Views are personal.


Also read: Why India needs to regulate Ayurveda to win the world market for natural remedies