Syllabus: General Studies Paper 2
Context:
The cowin portal came under criticism due to the absence of a privacy policy.
Health data management policy:
The national health authority (NHA) has released the health data management policy of the national digital health mission (NDHM) in the public domain for comments and feedback.
The policy seeks to develop a national health information system, by facilitating the creation of unique health identification (UHID) for individuals and healthcare providers; and the collection, storage, processing and sharing of personal health information, as electronic health records (EHRS).
Every individual’s UHID is linked to his or her EHR. While digitisation enables seamless and efficient exchange of information, it also entails significant risks to privacy, confidentiality and security of personal health data.
The policy purports to mitigate these risks, through two guiding principles: “security and privacy by design” and individual autonomy over personal health data.
However, fundamental design flaws may end up increasing instances of personal health data breaches.
The policy rightly sets out privacy by design and individual autonomy as its guiding principles. However, vague provisions and on-ground implementation are failing to adhere to these principles.
Against the right to information:
the supreme court, in puttaswamy, held that the right to informational privacy is a fundamental right and any encroachment on this must be supported by law, also calling for enacting comprehensive data protection legislation.
Contrary to this, the digitisation process being rolled out under the policy is not supported by any law.
This remains a concern as unauthorised disclosures and breaches would cause serious and irreparable harm to individuals.
The policy itself establishes the ndhm, which will function like a regulator performing legislative, executive and quasi-judicial functions.
Setting up a regulatory authority entails a law that defines the boundaries within which it can function, while ensuring independence from government interference and accountability to parliament.
Instead, the policy leaves it entirely to the ndhm, an executive authority, to define its own governance structure.
Weak accountability:
Recently, the insurance regulatory and development authority of india warned insurers against using leaked personal health records of covid-19 patients to deny coverage or block claims.
The problem of weak accountability extends to personal health data as well.
For example, the policy does not require reporting of personal data breaches to affected individuals.
This not only impedes the rights to information and access to grievance redress, but also increases the possibility of illegitimate state surveillance.
For instance, a recent rti query revealed that the chief medical officer of the kulgam district in jammu and kashmir was surreptitiously sharing aarogya setu users’ data with local police authorities.
The privacy by design framework may be bogged down by weak accountability mechanisms vis-à-vis secondary use of digital health data for research and policy planning, particularly by private firms.
The policy permits sharing of aggregate and anonymised health data, on the premise that anonymisation conceals individuals’ identity.
However, several studies have shown that anonymised datasets can be easily de-anonymised to link back to personally identifiable information, risking individual privacy.
Risk to individual privacy:
The policy also does not limit the use of aggregate health data to public health purposes, and prohibit data monetisation.
Without strict purpose limitation, private firms may use people’s health data to enhance profits, at the cost of individual rights and societal interests.
For example, insurance companies may freely use granular health data to profile and score individuals, leading to denial of coverage for high-risk groups and volatility in premium amounts.
The other guiding principle of individual autonomy is invoked through ‘informed consent’ for collecting and processing personal health data.
However, the proposed consent framework is so constricted that individuals may ultimately end up with little or no control over their data.
For one, the policy mandates informed consent only prior to the collection of data, in case of any change in the privacy policy or in relation to any new or unidentified purpose.
This suggests that one-time consent for one or more broad purposes may be sufficient, as opposed to informed consent for every instance of personal data processing.
Need for public health surveillance system:
In 2019, the world health organization (who) in partnership with the government of india launched the integrated health information platform (ihip) within the idsp program.
The ihip is a digital web-based open platform that captures individualized data in almost real-time, generates weekly and monthly reports of epidemic outbreaks and early warning signs and captures response by ‘rapid response teams’, for 33+ disease conditions.
Predicting/forecasting and preparedness for epidemic outbreaks for communicable and emerging epidemics of non-communicable disease, such as mdr-tb, nipah outbreak etc.
Guiding prevention and health promotion strategies: identify new/hidden reservoirs and sources of infection, block chains of rapid transmission and limit the resulting morbidity, disability or death.
Responding to outbreaks and guiding future programs of disease control: surveillance can help create standard protocols to interpret actionable medical data in real time and subsequently use tools like genetic mapping to target variations or susceptible hosts.
way forward:
The design is geared to generate vast amounts of data resulting in some of the largest health databases with secured aggregated data that will put india at the forefront of medical research in the world.
With the adoption of the technology approach, the government’s
policies on health and health protection can achieve:
Continuum of care as the stack supports information flow across primary,
secondary and tertiary healthcare
Shift focus from illness to wellness to drive down future cost of health
protection
Cashless care to ensure financial protection to the poor
Timely payments on scientific package rates to service providers, a strong
lever to participate in government-funded healthcare programs
Robust fraud detection to prevent funds leakage
Improved policy making through access to timely reporting on utilization
and measurement of impact across health initiatives and
Enhanced trust and accountability through non-repudiable transaction
audit trails.
© 2024 Civilstap Himachal Design & Development