The Indian government’s National Health Authority (NHA) on Wednesday released the draft health data management policy of its National Digital Health Mission (NDHM) in the public domain.
The draft will be available for public comments and feedback until September 9.
NHA, under the health ministry, is an 11-member agency responsible for the design, roll-out, implementation and management of NDHM across the country.
The digital health mission was announced by Prime Minister Narendra Modi in this speech on the occasion of the 74th Independence Day of India, on August 15. According to the government, the mission aims to create a national digital health ecosystem which enables timely and efficient access to inclusive, affordable, and safe healthcare to all citizens.
The voluntary healthcare programme that houses various stakeholders such as doctors, hospitals and other healthcare providers, pharmacies, insurance companies, and citizens, comprises six digital systems -- HealthID, DigiDoctor, Health Facility Registry, Personal Health Records, e-Pharmacy and Telemedicine.
The data collected, the draft read, will be stored at three levels -- at a central level, at a state or union territory level and lastly, at the health facility level, adopting the principle of minimality at each level.
The draft policy encompasses details of what constitutes sensitive personal information. It also addresses the data protection of physical, physiological and mental health data, medical records and history, transgender status, intersex status, and associated financial information and payment instrument details, among others.
“The Draft Health Data Management Policy is the maiden step in realizing NDHM’s guiding principle of ‘security and privacy by design’ for the protection of individuals’ data privacy. It encompasses various aspects pertaining to health data like data privacy, consent management, data sharing and protection etc,” Indu Bhushan, NHA CEO said in a statement.
One of the main objectives of the draft policy, the statement said, was to create a framework for the secure processing of personal and sensitive personal data of individuals who are a part of the national digital health ecosystem.
The framework is in compliance with all applicable laws and international standards such as ISO/TS 17975:2015 that defines the set of frameworks of consent for the collection and processing of health data by healthcare practitioners and other entities and other relevant standards related to data interoperability and data sharing, the statement added.
Privacy advocates have earlier alleged poor handling of citizen data by the government. During the Covid-19 lockdown, the centre was under the spotlight after France-based ethical hacker Elliot Alderson made public allegations that the Aarogya Setu app had security issues. Later in May, the government released the source code for the Android version of the app, in a move to bring transparency to the app’s functioning.