No central storage of data, onus on hospitals to keep it safe: NHA chief
There will be no central vault to store health data of patients who use Ayushman Bharat Health Account (ABHA) numbers, National Health Authority chief RS Sharma said in an interview to HT
There will be no central vault to store health data of patients who use Ayushman Bharat Health Account (ABHA) numbers, with the onus being on affiliated hospitals to store and protect the data, National Health Authority chief RS Sharma said in an interview to HT.
The unique ABHA number is generated under the Ayushman Bharat Digital Mission (ABDM), which aims to develop the backbone necessary to support the integrated digital health infrastructure of the country.
“It will bridge the existing gap among different stakeholders of the health care ecosystem through digital highways,” Sharma said. ABDM is set to complete a year of its launch on 27 September.
India’s health data management policy acts as a guiding document for the national digital health ecosystem, Sharma said. “It sets out the minimum standards for data privacy protection, which should be adhered to by the participating entities in ABDM. However, as ABDM follows the principle of federated architecture, the onus of storing the digital health data and their respective compliance with privacy and data protection standards is completely on the health care professionals and facilities.”
The “period of retention of different types of data” is currently being regulated by their respective acts, rules and regulations, Sharma said. “For example, the Preconception Pre-Natal Diagnostic Techniques (Prohibition of Sex Selection) Acts, 1994, prescribes retention of relevant health records for two years, or the IMC (Professional Conduct, Etiquette and Ethics) Regulations, 2002, prescribes retaining indoor patient records for a period of three years,” he said.
The amendment to such acts and regulations falls beyond the domain of the health authority, Sharma said.
“With critical health data being digitised extensively across the country as a result of the Ayushman Bharat Digital Mission, the National Health Authority recently released version 2.0 of the draft Health Data Management Policy,” said Kazim Rizvi, founder of The Dialogue, a think tank. “Followed by the NHA data sharing guidelines, the digital health ecosystem has several safeguards against the violation of individual privacy. The data management policy grants data principals the right to portability, access and confirmation, and disclosure. It also clarifies that entities must comply with any upcoming data protection regulation as well.”
So far, over 243 million ABHA numbers have been created. Many people have found that their ABHA number was created without their consent.
Responding to this, Sharma said that people were asked during the vaccination drive against the Covid-19 pandemic whether they wanted to create an ABHA number. “In case a number has been created, it is the choice of the user whether to share it or not. ABHA number only collects minimal data — name, gender, age and means of communication.”
At the same time, he stressed that privacy is a fundamental right. It will up to the user whether or not they share the data, Sharma said.
“There is a consent manager worked into the system. The patient has to agree to share the data, which is similar to them agreeing to share physical records. This requires their explicit consent,” he said. “NHA will ensure minimal data collection.”
“It will also be interesting to examine the manner in which consent managers are regulated within the health ecosystem, in tandem with the account aggregators used by the Reserve Bank of India,” Rizvi said. “Consent aggregators will form a crucial element of the dashboards accessed by citizens.”
Speaking about the digital ecosystem that ABDM aims to create, Sharma said it will generate a registry of health providers, professionals, drugs and nurses. “It will be the building block of a digital health system,” he said.
Referring to data sharing with policymakers, Sharma said only anonymized metadata will be shared. “The metadata or aggregated anonymized data will help identify, ascertain and provided targeted health services. For example, if the sale of paracetamol goes up in an area, then there may be a chance a lot of people are suffering from fever. In this case, health services can be better administered in such areas,” he said. “The privacy of an individual will not be compromised.”
As far as the next project, the Health Stack, is concerned, Sharma said that it will aim to create an interoperable and seamless health experience. “Once the registry, which contains five components, is completed, it will make it easier for users to utilise health services,” he added.