The Union Ministry of Health and Family Welfare has released a National Digital Health Blueprint (NDHB) to “manage and analyse” the big data generated by the Centre’s flagship health programme, Ayushman Bharat. Released by the MoHFW Minister, Harsh Vardhan, on Monday, the document recommends the “setting up of a National Digital Health Mission” to create an “ecosystem” that would bring together the health records of people who have benefited from Ayushman Bharat. Given that doctors in both the public and private sectors regularly complain about the lack of comprehensive records of their patients, the digital registry envisaged by the NDHB could fulfill a longstanding requirement of the health sector. The proposed data compendium is also in keeping with global trends in healthcare where digital technology is used to make treatment options more personalised and precise. Big data can also be used to prevent epidemics and improve the efficiency of drugs.
Concerns about the large-scale creation, collection and sharing of health data are, however, pressing. The most serious of these pertain to the privacy of patients, and data breaches. Sections 43(a) and 72 of the Information Technology Act do provide the broad framework for the protection of personal information in India, including medical data. However, data breaches in the digital domain are not uncommon. In 2016, for example, the electronic medical records of over 35,000 patients held by a Maharashtra-based pathology lab were leaked. The NDHB does seem to be alive to such concerns. It states that the architecture of the digital systems will have in-built safeguards to ensure privacy. However, it must also be kept in mind that Ayushman Bharat targets the poorest section of the country’s population with low levels of digital literacy. In such a context, a system that places the onus of control on the user, with an assumption that they can control the flow of information, can end up doing more harm than good.
Last year, the MoHFW framed a draft Digital Information Security in Healthcare Act (DISHA). The proposed legislation recognised that existing laws were inadequate to protect the privacy of patients in the digital domain. In contrast with the blueprint released on Monday, DISHA placed the onus of data protection on the service provider. The draft was criticised by industry bodies, which feared the stifling of medical research. DISHA never made it to Parliament. In view of its recent emphasis on digital medical data, the MoHFW would do well to revisit this draft legislation — and seek a balance between the concerns of industry and the rights of patients.