Most healthcare leaders have hailed the launch of the Ayushman Bharat Digital Mission (ABDM). While the National Health Authority (NHA) is right to ‘develop the backbone necessary to support the integrated digital health infrastructure of the country’ which ‘will bridge the existing gap amongst different stakeholders of healthcare ecosystem through digital highways’, niggling concerns remain.
There is no doubt that a single health id cross all treatments, diagnostics etc will offer citizens many benefits. (https://www.expresshealthcare.in/news/pm-launches-ayushman-bharat-digital-mission/431324/)
In fact, it’s a win-win-win because all healthcare providers, both government as well as the many private sector players, will get real world health data to track use of facilities, outcomes, epidemiology trends etc. The goal is the improve efficiencies, reduce cost and expand access. All very laudable goals but is there a catch?
As always, the devil is in the details. Is India ready for this? Have we put in the required safeguards? It is this very health data, the veritable pot of gold, that industry pundits are worried about. If our financial data can be misused, so can health data and there are many recorded cases of health data theft.
The National Health Authority (NHA) had published the consultation paper on Unified Health Interface (UHI) on July 23 this year and sought inputs/ suggestions on its fundamental development and design aspects by August 23. Many in the sector asked for time beyond this deadline as they felt it was a rushed through.
Comments/ feedback received from stakeholders during a live webinar conducted on August 4, where the NDHM shared an overview of the consultation paper, show that the NHA leadership has to address concerns put forth by a range of stakeholders.
For example, Qasim Ali, on behalf of Practo put forth the concern that the UHI in its present format could lead to the ‘creation of digital monopolies of global giants in eHealth’, as platforms with the highest digital traffic will benefit, while the ‘hard work of network creation and experience curation done by smaller digital platforms will be laid waste. Essentially, the Government would have done the hard work and investment, commoditised a key aspect of the value chain. Such commoditisation will only provide a quick and easy plugin to all digital giants to dominate the eHealth space.’
Could this just be the first signs of a turf war, between present stakeholders, who fear that the UHI will put too much power in the hands of the government and larger healthcare stakeholders?
Moving to another submission, consider just one of the most pertinent observations from Swasth Digital Health Foundation’s response to the UHI consultation. The note makes the point that ‘the most crucial factor for a thriving health network would be building trust in the network’s activities, including patient safety, clinical outcome orientation, boarding/deboarding of participants, search/discovery rules, transparency in transactions, and security and privacy of sensitive information data.’ The network (in this case the UHI) would also need to balance the motivation for patients and service providers.
Their note raises important aspects like the clear articulation of ‘where the duty of care and liability lies’ in open networks with multiple parties interacting to provide health services.
Access Now, an international non-profit organisation which works to defend and extend the digital rights of users at risk globally, lays out five key recommendations in their 14-page noted, stressing that ‘absent a clear and adequate law governing the use of health data, the development of any framework for health data would not be appropriate.’
Their recommendations start with digital Health solutions must not exacerbate inequality or create exclusion, the NDHM should not be developed without a sufficient Data Protection Law and regulatory framework in force in India as the UHI has inadequate safeguards for privacy. They stress the need for adequate regulations and enforcement mechanisms, that ‘” interoperability” without privacy safeguards is dangerous while underlining the privacy risks of a centralised system and a centralised ID.
Their recommendations also lay out the need for safeguards to govern law enforcement’s access to data, restrict the secondary use of data, including anonymised data, the lack of cybersecurity safeguards and finally the need to learn from the mistake made in the Unified Payments Interface (UPI).
Questions posed during the webinar are in indication of operational concerns. For example, Niraj Garg, Siemens Healthineers asked, Is this workflow of booking services, price -discovery, service-discovery etc. applicable for emergency/acute-care situations also?
The insurance sector too had queries related to consent while sharing health records. For instance, Raunaq Pradhan, Bajaj Finserv asked if the consent is implicit while sharing or receiving records for appointment and if the appointment has been linked to a provider from the PHR app (QR Code journey). To explain, he laid out a practical scenario: If the patient goes to XYZ hospital, with all the health records, which they can share with Dr A, or Dr B who are a part of the hospital XYZ. The question is, while sharing records across Dr A or Dr B, is a consent needed again? Or is it implicit?
While it is indeed laudable that the NHA seems to be very transparent about garnering and displaying the more than 100 such remarks/feedback on the concerns surrounding the UHI, have these concerns been addressed? Or will they be addressed as the initiative is implemented? And is this wise?
While a unique health id is an idea whose time has certainly come, perhaps we need some more time to build in the firewalls. Yes, ‘data is the new oil’ but at stake is not just data, but the very health security of millions of India’s citizens. We cannot afford to get this wrong.