The digital health IDs under the National Digital Health Mission (NDHM) are expected to make it easier to access quality healthcare, says Dr Indu Bhushan, CEO of the National Health Authority implementing the mission. In an interview to The Sunday Express, Bhushan discusses the benefits of the scheme, its pilot in six Union Territories, privacy concerns and how the private sector is expected to participate. Edited excerpts:
Why is NDHM and the Digital Health ID beneficial?
The digital ID is the unifier across all your records. I want to put this out in public that it’s voluntary.
Right now, if you look at any hospital, you would find people carrying their records in some file or some plastic bag … in tattered forms. Sometimes, these records are not fully there. The doctor doesn’t have the benefit of having the full picture of their medical history, so the treatment or the kind of test and diagnostics (they) recommend may not be most optimal.
Here, everything digitised. The patients will have greater information about the kind of treatment given. They will also have access to all the records coming from different hospitals, labs and diagnostic centers and also from public health programs — we have the intention of giving the health ID as the child is born until the death.
It also helps in keeping the health system accountable.
What is the status of the NDHM pilot in six Union Territories?
We’ve started rolling (NDHM) out. The three basic platforms–creation of health ID, creation of doctors registry and the creation of health facility registry — has been completed. Close to 3,000 IDs have been made…across the six Union Territories.
What is the need for a separate Health ID when most of the country already has an Aadhaar card?
The Supreme Court directions are very clear that we can’t use (Aadhaar) for any specific purpose. We can ask for (it) for all those programmes which provide government subsidies…but, as you know, in health there will be a lot of people who don’t have any government subsidies. So, asking and keeping Aadhaar may not be allowed.
It’s not aligned to the Aadhaar Act also.
What factors will encourage private sector participation in NDHM? Could there be a potential for conflict of interest because of their involvement?
The private sector is going to be involved in this mission in a big way, and they will be involved not because of any intent for the welfare of people, but for their own interest and profit motives.
This whole infrastructure is going to be created, owned and controlled by the government, but we will be using a lot of private sector resources in creating it…but, that’s only part of it.
For example, when we develop a road, it is developed, financed, owned and controlled by the government, but not necessarily built by the government. So, we hire private contractors to build it under our supervision. But, on that road, we don’t say that only government vehicles will be running. Private vehicles will run, it will generate a lot of other demands…maybe some dhabas and other services will come up along the line, maybe some malls will come up. So, that road leads to a lot of direct and indirect commercial activities.
The same thing is going to happen with this health backbone infrastructure we are creating. I think that it has the potential for unlocking a lot of creativity and getting a lot of private sector initiatives.
The potential for conflict of interest doesn’t really arise because the whole architecture and the way it has to be developed, is defined by us. We’re just asking them to help us build it. That requires some additional people.
There are some privacy and security concerns flagged with the health IDs. What measures are you implementing to safeguard patient data?
(People) shouldn’t be apprehensive about it all because we, in terms of our policy, ensure that we have privacy by design, and the data is secure and cannot be used for any purpose that it was not intended for. The system is going to improve on the current status quo in a big way. We have this policy framework which has been put in place under this mission.
No personally identifiable information can be shared by any of the hospitals who keep the data.
We (also) have what we call the information security policy, (where) we are following very strict ISO 27,001 norms as a standard and NIST as a framework. There are more than a hundred checks and balances in terms of what kind of firewall should be kept to the kind of protocol that should be in place for data protection.
All these things are evolving issues…as the technology will evolve, so will the policy and the approach that we take for protecting people’s privacy. I am quite confident that our norms and protocols will measure up to the best and latest standards in the world.