New Delhi: In his Independence Day speech from the ramparts of the Red Fort last week, Prime Minister Narendra Modi announced the creation of a digital health ID for every Indian under the National Digital Health Mission (NDHM).
The NDHM aims to create a digital ecosystem for healthcare through the creation of personal digital health IDs, unique identifiers for doctors and health facilities and personal health records. At a later stage, there is also a plan to integrate telemedicine and e-pharmacies into this.
Here’s a breakdown of the jargon associated with the digital health ID, how it will be generated, what data will be stored, and the privacy concerns around it.
What is the digital health ID?
The digital health ID is a 14-digit number that can be generated on the website, healthid.ndhm.gov.in, as and when the scheme is implemented. The pilots have been rolled out in six UTs — Andaman & Nicobar Islands, Chandigarh, Dadra & Nagar Haveli and Daman & Diu, Lakshadweep, Ladakh and Puducherry — where the facility is currently available. There will be two options for generating it — one by using Aadhaar and the other by using the phone number.
Once the 14-digit number has been generated, the system will also give an option to generate an alias. This will be similar to an email ID — firstname.lastname@example.org for example — and a password. This is to ensure ease of access and to do away with the need to memorise a long and random number.
Asked about how much difference would using a mobile number make instead of Aadhaar in creating the ID as most numbers are linked to Aadhaar, a senior National Health Authority (NHA) official explained: “Aadhaar does not allow any user data including biometrics to be accessed in such a manner unless a person has specifically given either the Aadhaar number or a virtual Aadhaar number.”
NHA, which administers the Pradhan Mantri Jan Arogya Yojana (PMJAY), the secondary and tertiary care of Ayushman Bharat, will lead the implementation of NDHM.
Can it also be physically generated?
Yes. The digital ID can be generated in a health facility, after rollout — currently, it is available in the six UTs. Here again, there is an option of using Aadhaar. The NDHM strategy document requires all government health programmes to be integrated into the NDHM ecosystem.
Once that happens, when a person enrolls in any of these programmes, the generated ID will automatically be the digital health ID.
Sources in the NHA said the process of integration of PMJAY is already on and in the next few weeks, or may be less, the PMJAY ID generated will automatically be the digital health ID for every new beneficiary.
However, there will continue to be an option of not being a part of the NDHM ecosystem for those that do not want to be. “That will not affect their entitlements or benefits,” the official explained.
What data will be linked to the digital health ID?
The digital health ID will also come with a health locker that will have the option of storing health records in the cloud with the ownership lying with the individual. If an ID is generated at a health facility or during the enrollment of a person in a government health programme, the data from that programme will be available for the user.
Subsequently, as more data gets generated and more and more hospitals and doctors come under the NDHM umbrella, the data stored in their servers for the individual will also get integrated, thus generating longitudinal health records.
There will also be the option of the individual uploading old paper records into the digital format for posterity.
The NHA is also looking at the option of digitisation of paper records stored in various hospitals and clinics to ensure that all the stored data gets integrated into NDHM in digital format, and as and when the users become part of the ecosystem, their data is put together. Some of this may also happen at common service centres.
There have been persistent questions about the privacy of stored health data.
To address this, a National Policy on Security of Health Systems and Privacy of Personal Health Records will be developed, in accordance with the Personal Data Protection Bill 2019.
“The individual will be able to view the content of their health records via a web interface and a mobile application. Access will be provided only after the user authenticates using any of the authentication methods supported by the underlying Health ID. Sharing of health records must be enabled only with consent. Applications must follow the consent (time, access etc.) as given by the individual and related rules & regulations,” according to the NDHM strategy document.
The official quoted above explained that since the primary custodian of all such data is the user, there will be an elaborate system which allows the person to grant access to those they desire should access their data — for example, a doctor — and that can also be done for a specific period.
When that period is over, the permission to view the data is automatically revoked. The consent manager would work through the mobile phone so whenever somebody tries to access their data, the person will get a message.