Privacy law and ethical use of digital health technologies - Hindustan Times

Privacy law and ethical use of digital health technologies

ByHindustan Times
Jul 05, 2023 07:07 PM IST

This article is authored by Amar Patnaik, lawyer and Member of Parliament, Rajya Sabha from Odisha.

Digital health technologies have the potential to revolutionise health care not only in India but the world over, particularly in the geographies where access to conventional health care will remain a challenge for several years to come given the crunch in public resources. It has become increasingly popular in India due to its potential to improve healthcare delivery and outcomes, felt particularly during the covid pandemics. However, strong privacy laws are a sine qua non for ensuring that individuals' health data is not accessed and processed without their consent or misused in any manner, which may cause them harm. In the light of recent allegations from several quarters about possible leakage of data stored in the CoWin application, this assumes real time significance and urgency.

Digital healthcare (StockPic) PREMIUM
Digital healthcare (StockPic)

The Indian government has launched several initiatives to promote the adoption of digital health technologies. Under the Ayushman Bharat Digital Health Mission (ABDM), the government is creating a National Health Stack, which is envisaged as a public digital infrastructure that aims to provide a secure and interoperable platform for health care data exchange by creating longitudinal as well as cross-sectional electronic health record of every citizen. To date, about 38 crore Ayushman Bharat Health Accounts have been created, and over 26 crore health records are linked to the ABDM.

With India as the G20 president, the country’s focus on digital health can serve as a model for other countries to replicate. India plans to use its G20 presidency to build consensus on building global health resilience.

It is unfortunate that India still lacks a Personal Data Protection law. In its absence, we find guidance in the Supreme Court’s landmark judgment in Justice KS Puttaswamy (Retd) Vs Union of India [AIR 2017 SC 4161], where it held that privacy of personal data such as medical/health data is a fundamental right under Article 21 of the Constitution. Consequently, any policy with a significant bearing on this right must meet the four-prong test laid down in the said judgment, i.e. the measure must be a procedure established by law, aimed at a legitimate goal, just, fair and reasonable, proportionate to the objective sought to be achieved; and have procedural guarantees to check against abuse by state or non-state actors.

According to the Cost of a Data Breach Report 2023 by IBM and Ponemon institute, health care breach costs have been the most expensive industry with an average breach in healthcare costing $ 10.10 million. A health data breach can cause significant harm to an individual in terms of their physical, mental, and financial well-being. Health data breaches can expose an individual's sensitive and personal information, such as their medical history, social security number, and financial details. This can lead to identity theft, fraud, and harassment. Health data breaches can also result in discrimination against an individual, particularly in areas such as employment and insurance. For example, if an individual's genetic information is leaked, it could be used to deny them employment or health insurance coverage. Health data breaches can have a profound impact on an individual's mental health, leading to anxiety, stress, and depression. This is particularly true if the breach involves sensitive information.

There are several global institutional arrangements which also advocate for having stronger privacy laws as a prerequisite to digitisation efforts. Article 12 of the Universal Declaration on Human Rights and Article 17 of the International Covenant on Civil and Political Rights guarantee the right to privacy and safeguard them from arbitrary interference with [their] privacy, family, home or correspondence, nor to attacks upon [their] honour and reputation. The Global Strategy on digital health 2020-2025 of the World Health Organization states that digital health will be valued and adopted if it is accessible “in a system that respects the privacy and security of patient health information.” The World Health Assembly has also, recognised the potential of digital technologies to support health systems, but called upon member-States to develop legislation around issues such as data access, sharing, consent, security, privacy, and inclusivity, that are consistent with human rights obligations.

In the absence of data protection legislation, temporary guidelines can be issued under Section 2(1) of the Epidemic Diseases Act 1897 as was done when there were concerns raised about safety and security of personal data of citizens after registering into the contact-tracing application, ArogyaSetu which was developed during the onset of the pandemic in the first phase to empower citizens to maintain social distancing. These guidelines should specify the standards and safeguards to be followed while storing and processing health data, including retention timelines and related policies. These regulations must remain in force until data protection legislation is enacted and specific guidelines issued for its ethical and secure implementation. While these guidelines must necessarily include provisions for obtaining informed consent from patients before collecting their personal data, additionally, they should mandate appropriate security measures to be adopted by entities for safeguarding personal data against unauthorised access, use, or disclosure. Measures like using encryption for sensitive data, access controls, and regular security audits to identify potential vulnerabilities; anonymisation of personal health data; and transparent privacy policies and data collection practices will help prevent the misuse or exploitation of personal health data for commercial purposes, thereby promoting public trust in the health system. By establishing clear standards and regulations for data governance and interoperability, privacy laws can help to enhance public trust and awareness of digital health interventions.

This article is authored by Amar Patnaik, lawyer and Member of Parliament, Rajya Sabha from Odisha.

Continue reading with HT Premium Subscription

Daily E Paper I Premium Articles I Brunch E Magazine I Daily Infographics
Share this article
Story Saved
Live Score
Saved Articles
My Reads
Sign out
New Delhi 0C
Monday, July 15, 2024
Start 14 Days Free Trial Subscribe Now
Follow Us On