Digital Health Mission in the crosshairsNovember 9, 2020
Even as National Digital Health Mission (NDHM) envisions a unique personal health ID for every Indian citizen, digitized health records and a national registry of doctors and health facilities, Indian Medical Association (IMA) has expressed strong reservations over National Digital Health Blueprint (NDHB) published recently. The blueprint charts out an ambitious plan to bring about a digital ecosystem comprising digital health networks under NDHM. IMA, the largest body of allopathic practitioners in the country, has made it clear that it does not favour the content of the blueprint, its rollout plan and the administrative mechanism.
A major contention of IMA is that the country still lacks adequate healthcare infrastructure and manpower. “There is no standardization of the many streams of treatment adopted in the country. The government is adopting various strategies to allow untrained and partially trained individuals to practice medicine to address the shortage of manpower. The infrastructure deficiencies have not been addressed. Strategic purchasing through Ayushman Bharat has not made any impact due to the lack of adequate fund allocation and non-empanelment of tertiary care hospitals due to unrealistic package rates. Primary care has lost its focus and the proclaimed wellness centres have not yet made an impact,” stated IMA.
IMA alleged that funding for such an ambitious project is not appropriately described in the blueprint.
“Any diversion of funds from National Health Mission will further jeopardize public-funded healthcare, especially primary care. There is a definite possibility of the plan becoming a non-starter if the investment in the health sector is not significantly increased,” said Dr R V Asokan, Secretary-General, IMA. He warned that in such a situation, people may have to shell out more from their pocket.
NHM, which envisages the achievement of universal access to equitable, affordable and quality healthcare services in the country, is already suffering from a serious shortage of funds.
Privacy under threat
IMA termed privacy an utmost concern. Dr Asokan said that privacy protection laws in India are weak and practically nonexistent. In NDHB, privacy is assured through the consent manager. “Consent on a digital platform in a country where literacy is low is a cause of concern. The consent mechanism described in the document is inadequate,” he added.
IMA has pointed out that accessibility of health documents to treating doctors is ill-defined in the blueprint. The body added that medical records are a document equally owned by the treating doctor, the patient and the institution and the right of accessibility should remain with all the three. It termed the concepts of data ownership and erasure etc described in the documents as a violation of this principle and objectionable.
Expressing its concerns over data protection, IMA stated that the management of analytical data by the agency is poorly defined in the blueprint. It alleged that the management of analytical data will be governed by data-protection laws that are practically non-existent at present.
The umbrella body of India’s allopathic practitioners has also expressed its reservations over whether the union government is vested with the requisite legislative powers to formulate a pan-India policy to establish the mechanism outlined by the NDHM. It observed that the legislative powers of a state government stemming from Entry 6, List II under the 7th Schedule of the Constitution cannot be superseded by a policy fronted by the union government. “Prima facie, it appears that the proposed policy would not find shelter under the residual powers of the Parliament in light of the aforesaid entry. It would also raise serious questions as to whether a legislation having far-reaching implications on public health can be proposed as a policy,” said Asokan.
Even if it is assumed that the union government is competent to bring forth the NDHM policy into force, it would appear to face hurdles in its implementation, observed IMA. The practice prevalent in the healthcare community vis-a-vis the confidentiality of a patient’s medical records is entrenched in the fundamental principle of the doctor-patient confidentiality relationship. This principle finds legislative backing in the Indian Medical Council (Etiquette and Ethics) Regulations 2002. According to IMA, a medical practitioner is obliged to maintain the utmost secrecy of a patient’s medical records in the course of his or her practice. “The policy does not appear to account for these regulations, although it attempts to salvage itself with the boilerplate clause of offering itself to be read along with, and not in contradiction to, laws presently applicable in India,” stated IMA.
Although the policy sets out ‘Privacy by Design’ as its guiding principle, IMA said, it does not explicitly recognize a data principal’s (a person to whom the data is related) fundamental right to privacy, in as much as according legislative recognition of the said right of the data principal. “Merely because the participation of the data principal is made voluntary under the policy, the information including sensitive personal data does not cease to lose its ability to violate the data principal’s fundamental right to privacy. A patient requiring critical and time-sensitive healthcare may not be in the right frame of mind to review the potential effect of granting express consent to the sharing of his or her health and medical information for the purpose of the policy,” stated IMA. It added that subsequent attempts to review the consent initially provided could be an exercise in futility.
Chances of misuse high: Experts
Supporting the views of IMA, advocate Shiju P Veetil, Senior Partner, India Law LLP, said: “India still doesn’t have a data protection law. Rushing to a digital health record [database] without a statutory data protection framework is callous and can have dangerous consequences.”
Existing policies provide for the collection of relevant medical data for the broader purpose of medical research and analysis. In such circumstances, it appears that the NDHM policy poses a higher risk to sensitive data, in return for a repetitive policy exercise. According to IMA, the NDHM policy does not satisfy the rigours of protecting the fundamental right to privacy under Article 21 of the constitution of India. IMA claimed that the policy strikes a discordant note with the existing rules and regulations pertaining to medical practice in India.
A data science expert, who does not like to be quoted, said: “Medical information is of a very sensitive kind. Unless and until you have a proper data protection law, there are high chances for the misuse of the data. Without data protection law, it won’t be possible to take legal action if the highly sensitive data is misused. The government says that it is voluntary. But in fact, no government scheme is voluntary and it’s just for namesake.”
IMA observed that the implementation of the National Electronic Health Record (EHR) is a complex task, and it requires serious, well-thought-out planning backed with strong global healthcare informatics expertise. It warned that a badly designed national EHR system will not only be a pain for clinicians but could also endanger patients as seen in other countries where a subsequent redesign involved significant cost.
Meanwhile, Rahul Matthan, Partner, Trilegal, said that having a digital health record has several benefits. “It allows a doctor to have access to the history of the patient and the medicines he or she has taken in the past. It also allows for getting bigger population-level insights. If we had digital records before the COVID-19 outbreak, we would have been able to get a sense of where the disease was coming from as everyone is having his health records in electronic format. It will also benefit researchers and doctors.” However, he said that the country may need to build digital infrastructure in the rural areas for implementing the project.
While talking about the privacy concerns, Matthan said, “The moment you go digital, there are privacy concerns because right now we are protected by the fact that there is no record. Though there are privacy risks, we should minimize privacy risks and maximize benefits.”