The ambitious National Digital Health Mission under which every Indian will get a health ID has many pros. But there are also concerns about privacy and confidentiality which should be addressed

During my internship at the Mahatma Gandhi Institute of Medical Sciences, Sevagram, Maharashtra, in 1979, an unconscious person arrived at the hospital. All the doctors and staff tried to find out his medical history, the medicines he was taking, etc., but in vain as he had no medical records with him.

Once he recovered, we found that he was a well-known industrialist and was on his way back to Hyderabad. We see such cases every day—diabetics coming with hypoglycaemic coma, victims of road accidents with head injuries, poisoning, those with suicidal tendencies and sudden unexplained deaths.

Even during the Covid pandemic, when people are mostly working from home, patients visiting tertiary hospitals are asked to produce all their medical prescriptions and past records. Many a time, patients are unable to preserve their medical records and they get torn or destroyed due to regular visits.

To overcome this problem, Prime Minister Narendra Modi unveiled an ambitious National Digital Health Mission under which every Indian will get a health ID that will ease access to medical services. This Mission was announced as part of the Ayushman Bharat Pradhan Mantri Jan Arogya Yojana.

The unique medical identity, provided under the scheme to every patient, is expected to improve efficiency and cut down hospital paperwork for new patients. The ID will show up their previous medical history, prescriptions, diagnostic reports, allergic history and summaries of previous discharge from hospitals and the treatment they were provided at district and block level healthcare centres.

The Mission is expected to bring efficiency and transparency in healthcare services in the country. This digital database will be linked to the registry of doctors and health facilities across the country.

The digital health ID is a “unique” identifier and hospitals and labs can look up a health ID through Aadhaar or a mobile number. The health ID can be created at any public hospital, community health centre or any provider in the healthcare infrastructure registry. People may also need to provide their basic demographic and content info to the consent manager, per the document. People can also create their health ID on their own by linking it with their Aadhaar card or mobile number.

Once created, it will allow data sharing between hospitals and doctors digitally. This will also help those seeking benefits under government schemes under the Aadhaar Act. Linking health IDs with Aadhaar will allow authentication via biometrics, face, or OTP. Such a policy will ensure that nobody is denied a health service and medical errors will not arise.

The health ID will be offered as a service with a set of Application Programming Interfaces. All government health programmes, notified under applicable statutory provisions, are required to integrate with the service. All government health insurance schemes are also expected to adopt and link the health ID for “benefits linkage”. It means that health IDs will be mandatory for accessing government health schemes for which Aadhaar is a must.

Health data sharing will be driven by consent, which will be revocable. Individuals will also have the right to share only partial data, and will have the right to opt out of sharing their records.

Records from previous government schemes such as Ayushman Bharat will be integrated with the patient’s personal health record. Users can add data from “wearables” (those that can be worn on wrists, etc) and other apps to their record as well. Users can also delink their health records across healthcare service providers, but they cannot ask this data to be deleted as providers are legally required to store it for a certain period.

Also, the storage of health data will be decentralised and HIPs (an intrusion prevention system) will have to follow minimum standards defined by the Mission with regard to privacy, security and storage.

The Mission will require healthcare providers to share digital copies of any health reports which are already being physically shared with the patient “to enable longitudinal health records”, per the strategy.

This will include diagnostic reports, discharge summaries, clinical notes, prescriptions, and immunisation records. “HIPs will keep a digital copy of both inpatient and outpatient health records they issue to patients as per policy,” as per the strategy document.

Healthcare facilities will be expected to adopt software to become Health Information Providers, also known as Health Data Fiduciaries. This will be any entity that is creating health information pertaining to a user and is ready to share it digitally with users, “by adopting software compliant with NDHM standards and policies”. To become an HIP, the healthcare facility will have to enrol in the healthcare infrastructure registry made for the Mission.

Until digital services are made mandatory, providers have to maintain physical records in formats that the Mission will lay out. “For an initial period, the design will allow for existing PDF and image files to be shared in a FHIR-R4 resource wrapper,” as per the document. The Mission also expects that artificial intelligence can be used to extract relevant information from existing health record formats.

In addition, a person who does not want to create a health ID should be allowed to get treatment, the strategy document says. HIPs will be “required to ask patients for a Health ID, educate and create Health IDs for patients as required, keep a link of the Health ID with the medical documents they produce, and issue the medical documents only with patient’s consent”.

However, the fact remains that there are privacy and confidentiality concerns about sensitive health information, especially of politicians and industrialists. Also, will the government control this information? How successful will this scheme be considering the lack of cooperation between the government and private sector?

Also, medical colleges may not like to share their methods of treatment. AIIMS, the premier hospital in the country, for example, does not like to share documents with patients or other doctors, especially the private doctor. They keep the records with themselves and give the patient only the treatment sheet. Transparency of treatment and possible mistakes by doctors will get exposed. Could this lead to medical suits?

Like any scheme, this ID too is prone to many ifs and buts, but when it comes to health the overall picture should be seen.

Dr KK Aggarwal

President CMAAO and Past National President IMA