The Indian government has released a draft health data management policy which will serve as guiding principle for protecting data privacy of people willing to enroll for the National Digital Health Mission (NDHM).
The draft policy has been released on the website of the NDHM and will be available for public comments and feedback till September 3. The policy will be finalised after receiving suggestions from public.
The focus of the draft policy is on data privacy, consent management, data sharing and protection.
The draft policy says that any person enrolling for the health mission will get a Health ID free of cost and they will have complete control over their individual personal data. People are free to take back the consent already given in order to restrict any sharing of personal data linked to the ID.
This will be in compliance with all applicable laws and international standards for the collection and processing of health data, according to the NHA (National Health Authority), which has released the draft policy.
Dr. Indu Bhushan, Chief Executive Officer, National Health Authority said, the Draft Health Data Management Policy is the maiden step in realizing NDHM’s guiding principle of “Security and Privacy by Design” for the protection of individuals’ data privacy.
The NDHM programme was announced by Prime Minister Narendra Modi during his Independence Day speech on August 15.
What is NDHM?
NDHM is an Indian government plan to simplify access to the medical records of people to enable them to share digitally-stored comprehensive health profiles with providers for treatment and follow-up purposes. Currently, people find it difficult to maintain long trails of paper-based records for health interventions. These records are critical for monitoring an individual’s health status and ensuring continuity in treatment.
Under NDHM, Indians, who enroll for it, can get access to a unique and easy-to-remember health ID carrying details of their health and treatment history. Through this ID, individuals will not only be able to search for verified hospitals and laboratories, but can also evaluate the quality of services, on the basis of feedback shared by others.
Aside from individuals, all doctors, hospitals, diagnostic laboratories, and pharmacies will also be given a digital identity to enable a single and standardised process for completing their identification, certification and audit formalities
Participation in NDHM will be voluntary for both individuals and health-care providers. Participation is free of cost, with the use of Aadhaar being mandatory.
NDHM will also offer services such as telemedicine as part of its digital suite.
What will NDHM collect?
The draft policy has set out a framework for the secure processing of personal and sensitive personal data collected from individuals.
Individuals enrolling for NDHM will have to share with the government what are typically referred to as ‘sensitive personal information’. It can be one’s sex life, sexual orientation, caste, religious , as well as genetic and biometric data.
The draft policy indicates that NDHM will need financial information (modes of payment), physical, physiological and mental health data, and transgender/intersex status.
The data, of course, is the ownership of the individuals. Personal data will be collected only after a formal consent from individuals, who, if they want to, can revoke their consent later. The government is putting in place a framework for data privacy protection in compliance with applicable laws and regulations.
Data collected across the digital health ecosystem will be stored at three levels – the central level, the state or Union Territory level and at the health facility level.