By Ashish Srivastava
The Indian Medical Association (IMA) and legal experts have raised a red flag over the National Digital Health Mission (NDHM), launched by Prime Minister Narendra Modi on the occasion of the 74th Independence Day on Saturday.
The IMA officials and legal experts shared serious concerns about the confidentiality and privacy of the health data while calling the initiative an “absolutely unnecessary” exercise.
The IMA questioned the utility of the NDHM launched from the ramparts of the Red Fort in Delhi.
The Prime Minister said that the NDHM would “revolutionize” the country’s health sector, and every Indian would receive a unique health identity card under the mission. However, the IMA believes that the health card is an unnecessary step towards the accumulation of sensitive private health data with concerns of safeguarding the confidentiality and privacy of the patients.
“In our view, it is a ‘hyped’ programme and does not serve a purpose to the patients,” commented R.V. Asokan, Secretary-General, IMA.
“The government reasons that they need to take surveys and collect data for various health programmes as they do through the National Family Health Survey. Nevertheless, this cannot be a reason to get hands-on public health data on such a large scale. Besides, it does not serve a purpose to the patient,” Asokan added.
Asokan also said that the IMA is sceptical if the purpose of the NDHM is only digitization of public health records.
“In our experience, the healthcare of citizens is normally confined to their town; rarely, they go to the district level, and a fraction of them need to go to medical college. The copy of the health documents is always available to the patients, mostly placed in their home towns. What is the need to portable the data on a digital server? I doubt whether the purpose of the programme is only digitalization,” Asokan said.
Meanwhile, experts opined that it is contradictory in law for the government to manage the public health records. Currently, the government cannot access the health document of any patient. It has to be accessed only via the registry of the court of law.
“Our current privacy rules prohibit the government from direct access to health records. The records are also prohibited from sharing on any public domain. This initiative (NDHM) involves a huge risk of the exposure of public health records which are confidential and sensitive in nature where they could be hacked or used to vilify someone’s reputation,” said Vijay Pal Dalmia, Advocate in the Supreme Court, Delhi High Court and expert in Data Protection Laws in India.
“If they want data, they can take the route of the court where they have to justify its reason before the court under ‘Reasonable security practices and procedures and sensitive personal data or information rules under IT Act, 2000’ Here (NDHM), the government goes unaccountable,” Dalmia explained.
“There is no need for the government to keep such a large amount of public data in its hands,” he added.
The IMA also shared their “serious concerns” about the privacy of public health data, which they also put up in a meeting held two weeks back with members of NITI Aayog. The IMA raised red flags there as well.
“We told them that the medical records are the property of the patients and the concerned medical institution. Even family members cannot access the health documents then how the government is forcing itself to collect and manage sensitive health data. What if it is compromised? How would the government ensure the security of the public records of such a large scale?” asked Rajan Sharma, National President, IMA.
“Our concerns were acknowledged there, and we were told the issues would be addressed as it is an ongoing process. Even though they are saying that the privacy of the records will be maintained, we have serious concerns about the rights of the patients that are going into the hands of government institutions. At some point, the medical records will be accessible to the government, who will be a new addition to the alignment of private space of 1.3 billion people,” Sharma added.
In August 2017, the Supreme Court upheld the Right to Privacy as a Fundamental Right of the citizens under Article 21. However, data privacy still needs to be worked under the law.
IANS asked Advocate Dalmia if the privacy law can safeguard the personal data on the scale the NDHM would collect. Dalmia said that the current privacy rules are inept in securing the privacy of the citizens. There is no specific act or provision that can guarantee data security but rules under the IT Act.
“Its section was included in the IT Act, but there is no law. There are only rules that govern data privacy currently. However, our privacy law is not stringent to safeguard the sensitive data that can determine the consequence of leakage. Also, the punishment about the breach of privacy is not that stringent to prove as a deterrent,” Dalmia added.