The National Digital Health Mission (NDHM) announced by the Prime Minister on Independence Day has the potential to transform the healthcare sector, making it more technologically advanced, inclusive and delivery-driven. The move to use technology to streamline processes such as medical record-keeping, sharing of healthcare data, appointments and similar healthcare processes to help citizens make informed decisions on treatments, is well-timed. The NDHM envisages creating a national health ID for every Indian, an idea mooted by the NITI Aayog in 2018 when it recommended creating a centralised system to manage healthcare in the country. The NDHM is part of the Centre’s National Digital Health Blueprint, which aims to enhance healthcare delivery by setting up a core e-health database of international standards and, on paper, allowing patients to have control over their health data. The NDHM is supposed to cover all government health programmes to begin with. This will be a huge exercise, akin to the Aadhaar project, and would require more resources than the currently allocated ₹144 crore, making private participation a necessity given the strained finances of the Centre.
However, the initiative gives rise to logistical challenges and privacy concerns. Considering that the mission involves government collaboration between hospitals in both public as well as private sectors, laboratories, insurance firms, pharmacies and telemedicine, there is a risk of exposing individual healthcare data to hacking and commercial misuse. Although the NDHM is now a voluntary exercise, like the Aadhaar was at the outset, it could become mandatory for availing government health services. In such a context, ensuring the safety of individual health data becomes paramount. The government must gain the confidence of all stakeholders, including rights groups, before going ahead. There should be more clarity on questions such as: who will maintain and manage the centralised repository of citizen’s health data; who will own the data — the individual or the state; whether individuals can transfer the data between service providers (which is an opaque and cumbersome exercise in the offline world today) and whether the individual has the right to erase irrelevant healthcare data and maintain ‘his or her right to be forgotten’— an issue that has raked up a controversy in the European Union. Insurance companies should not be allowed to misuse personal data. The NDHM must also be in compliance with the global best practices on data privacy, such as the EU’s General Data Protection Regulation.
Such centralised data, combined with real-time Big Data analytics, can become a surveillance tool. Considering the way healthcare data from wearable devices are getting mainstreamed, with healthcare providers, doctors and patients using them for diagnosis, if not for treatment, the NDHM should spell out its stand on collecting such data from individuals and integrating it with the unique health ID. The potential and pitfalls of digitisation of health data must be appreciated before moving ahead.