A recent publication by BCG and FICCI titled “Leapfrogging to a Digital Healthcare System: Reimaging Healthcare for Every Indian”, expanded on the opportunities of Open Digital Ecosystems (ODEs) in India’s National Digital Health Mission (NDHM).
But there are many concerns on confidentiality, security and privacy of patient health records and the like.
Rahul Guha, Managing Director & Partner, Health Care & Pharma Practice Lead at BCG explains how regulatory requirements to safeguard confidentiality, security and privacy of patient health records have been built into the NDHM. In conversation with Viveka Roychowdury, he also touches on how in the long run, the basis of competition for providers will change as they will start to increase focus on delivering comprehensive value-based care versus focusing on immediate profitability
While the National Digital Health Mission (NDHM) is an idea whose time has long come, has it been rushed thru without regulatory safeguards like data protection and privacy? Playing the devil’s advocate, concerns are being raised around the efficacy of patient data protection through a policy which is not based on any statutory law. Though the National Digital Health Mission draws on the draft Personal Data Protection Bill (PDP Bill), this is still at draft stage. So as now, it does not seem to have judicial oversight. What are your comments on this?
While the said bill is still in draft stage, the NDHM has laid out principles, such as security by design, for mitigating the risks around data security and poor data quality. The IT systems envisaged will be designed and the existing IT systems enhanced suitably to meet the requirements specified in the Personal Data Protection Bill and Non-personal Data Framework, as well as the IT Act 2000 and the Aadhaar Act 2016, the rules and regulations notified thereunder and other relevant acts, rules and regulations.
The need for maintaining the confidentiality, security and privacy of the health records cannot be over-emphasised. These regulatory requirements are built into the design of NDHE a priori, rather than being retrofitted. The Blueprint achieves these complex and mandatory requirements through a combination of a few Building Blocks, namely, Consent Manager, Anonymiser and Privacy Operations Centre. It will create a system where patient health data will be recorded and stored in a federated manner.
While the data might be generated at different touchpoints, it will be owned only by the patient with no central repository of individual patient records. Additionally, anyone who wants to access the health records will require electronic consent from the patient, which would be logged leaving behind non-repudiable audit trails.
Besides these Building Blocks, application-specific features and relevant international standards defined in the Blueprint fortify the privacy regime. Some of the recommended standards as per the NDHM strategy document are regarding Consent Management: ISO/TS 17975:2015 Health Informatics ‐ Principles and data requirements for consent in the collection, Use or Disclosure of personal health information and Consent Framework: Electronic Consent Framework (Technology Specifications v1.1) with its subsequent revision(s) published by MeitY.
While the use of digital platforms has increased during the pandemic, will this continue post the pandemic? How will these digital platforms alter existing operating models of hospital spends, insurance etc? Can you cite some examples.
The recent lockdown period has given an impetus to digital delivery of healthcare services. Emerging global trends show that while the digital adoption peak will wane off, it is likely to normalise at a much higher level as compared to the pre-lockdown phase. For examples in the US, weekly teleconsultations peaked at 114 per cent of the base level (pre-March 2020) before plateauing at 108 per cent by October (Source: commonwealthfund.org). Similar trends were seen across most other countries.
India too is likely to see a similar trend. While the regulatory changes have facilitated the provision of such services, it has also aided a gradual shift in the physician and patient behaviors. Recent BCG survey covering 800 clinicians revealed that – 85 per cent of the clinicians used digital platforms for patient interactions during the lockdown. 50 per cent of the clinicians found these platforms to be an effective medium for providing care. Additionally, 60 per cent patients (out of 500+ respondents) across metro and tier 1 cities reported they would continue using digital platforms for primary care in the post COVID world due to the fundamental benefits of shorter waiting time and easy access to qualified doctors.
Digital platforms provide a plethora of opportunity for healthcare providers. It allows them to expand their services beyond the physical boundaries, while also entails lower cost of service delivery. The open digital health ecosystem being envisioned by NDHM will help define standardised registries and interoperable standards which will allow for all such efficiencies to kick in.
For example, with the implementation of NDHM, we expect major shifts for insurance players that will drive rapid penetration of health insurance in the country.
We anticipate that claim processing will greatly simplify with the creation of a national digital claims engine. Standardised e-objects such as e-claim form, e-discharge summary along with standardised health registries will reduce cost of claim processing significantly and improve margins for payors. This will also result in much faster turn-around times (instantaneous in many cases) and will improve the ability of insurers to detect and control frauds.
Reduced cost will enable OPD insurance cover and also innovative products around dynamic premiums incentivising for improved health outcomes. Further, a national health claims engine, will simplify the process for payors to empanel and contract with providers (across public and private sector) on disparate technology platforms via a network of open APIs.
While digitisation of health records across all touchpoints will allow creation of aggregated and anonymised health data allowing insurers to deploy better risk models and fraud prevention algorithms, is the data secure? There have been reports of a major path lab storing patient reports in a very unsecured manner. Who takes the liability for such incidents?
The creation of aggregated and anonymised health data doesn’t entail a central repository to store all health data. The principles laid down by NDHM will allow for patient health data to be recorded and stored in a federated manner. While the data might be generated and stored at different touchpoints, a common health ID and open API based exchange systems routed through consent managers will allow for end to end view of health records.
Additionally, the NDHM strategy documents lays down a standardised set of guidelines and protocols for the ecosystem players to function as Health Information Users (HIUs), Health Information Providers (HIPs), or even as health information repositories to effectively manage the personal health records.
The data will be owned only by the patient with no central repository of complete patient records. Anyone who wants to access the health records will require electronic consent from the patient, which would be logged for audit trails.
Only non-personal health data which is aggregated and anonymised that cannot be traced back to any particular individual will be used for data and analytics. Hence, in the incident mentioned above, the liability for such incidents would continue to be with the provider storing the data.
How will the digitisation of prescriptions, lead to information transparency and change the role of the government in the healthcare sector?
More than digitisation of prescriptions, it is the standardised health registries which will allow for information transparency. Currently, India does not have a reliable master data for identifying health facilities, healthcare workers, drugs, procedures etc. The healthcare workers and health facilities need to register with individual state councils for regulatory approvals and other services.
Additionally, the absence of a central registry means that when the doctors move across states or get associated with a new provider, the provider has to validate and verify the details across disparate systems that don’t talk to each other. We believe that standardised health registries will facilitate the creation of a master data set across all the different stakeholders in the ecosystem (such as doctors, hospitals, labs, pharmacies, insurance providers, etc.), and introduce a common vocabulary across drugs, procedures, reagents, and other consumables. Open access to the data in these registries will lead to a single source of truth for the ecosystem, thereby building trust and credibility in the system.
Moreover, a common digital backbone will not only allow a single view of the patient across various government disease programs and government schemes, but also across interactions with public and private health facilities, pharmaceutical companies, and other stakeholders. With all patient data available in a consolidated and conveniently accessible form through patient consent, government health providers will be able to provide improved health services to the patients.
For example, a patient will not need to visit the primary health center multiple times for availing services across different disease programmes. Additionally, it will enable effective implementation of schemes. For example, with a single patient view, it will become easier to reach beneficiaries, that many a times, are same across multiple schemes.
How does the health ODE incentivise providers for greater focus on primary care through a value driven model of care? And what will be the long term impact of this for private hospitals, which until now have left primary care to the public sector as it is not considered remunerative enough?
The health ODE can help bring a true transformation across the patient’s journey and make the dream of an efficient and “patient centric” Indian health system a reality.
With increased access to reliable health information across health facilities and health workforce, the “patients of the future” will be able to make informed decisions on the choice of provider as per desired convenience and service quality. New avenues to access providers will emerge for patients, for example, access to e-consultation platforms will become more convenient. Increased transparency in health facilities data will help create demand-supply matching algorithms that will direct the patients towards appropriate providers.
This will in turn reduce long queues and prevent rushed consultations. With the ability to share digital health records with providers, patients will be able to obtain optimal and higher quality care. The data and analytics engine will create opportunities for standardisation of treatment pathways and protocols, ensuring better and consistent quality of care delivery to patients.
As a result in the long run, the basis of competition for providers will change as they will start to increase focus on delivering comprehensive value-based care versus focusing on immediate profitability. The Patient Health Record (PHR) framework as defined under the NDHM, will allow providers to have easy consent-based access to historic patient health records enabling faster and more accurate diagnosis while also driving cost control measures on the operations and marketing functions. Hospitals will now be able to support patients through the continuum of care, ensuring early identification of symptoms and more accurate diagnosis, appropriate treatment pathways and also post hospitalisation care and support.