National Digital Health Mission Will in no way help in improving health of people: IDPD
Ludhiana, September 30, 2021: Indian Doctors for Peace and Development (IDPD) has expressed its grave concern on National Digital Health Mission (NDHM) recently launched by the Prime Minister of India. The NDHM is short on details about how sensitive medical records will be secured and it doesn't inspire confidence that the very real security issues are being adequately addressed.
One of the main concerns with the NDHM is that it suggests a framework that severely overlaps with the fundamental right to privacy. Specifically, it does not align fully the privacy principles recommended by the Group of Experts on Privacy (Justice A.P. Shah Committee) and the more recent, Justice B.N. Srikrishna Committee report whose recommendations on data protection form the core foundation for the draft Personal Data Protection Bill, 2018. Extensive due diligence is required by all stakeholders to ensure that a right balance is created between the public healthcare needs and the legal rights of the citizens, specifically the right of privacy and data protection
The opt-out mechanism also appears to be flawed, as a person’s record isn't erased if they opt out but instead simply locked. The government of India doesn't have a good track record with cyber security, and the strategy doesn’t allay one’s concerns
Many issues mentioned under "sensitive personal data" are bewildering. It says that “such personal data, which may reveal or be related to, but shall not be limited to, financial information such as bank account or credit card or debit card or other payment instrument details; physical, physiological and mental health data; sex life; sexual orientation; medical records and history; biometric data; genetic data; transgender status; intersex status; caste or tribe; and religious or political belief or affiliation”. Why sensitive personal data should include religious or political belief or affiliation of data principals or about their sex life or sexual orientation for that matter?
Additionally, the blueprint does not provide sufficient safeguards against commercial exploitation of Sensitive Personal Data that may be caused by private entities that will be linked to public entities under this system. These include insurers, pharmaceutical companies, and device manufacturers.
In the present form, there exist serious concerns about the privacy of an individual’s health records. Hence, implementation of the blueprint in the absence of an enforceable data protection law seems impractical. I
Data leakage is another serious threat, which needs to be address robustly. How long would the system protect its data of many millions getting stored in the decentralised system holding transferable data? Informed consent may mean nothing to a patient or relatives even in normal times let alone in a time of medical emergency.
“The IDPD demands that the NDHM should meet data privacy issue robustly to ensure that there is no exploitation of data by private players”, said Dr SS Soodan (president), Dr Arun Mitra (senior vice president) and Dr Shakeel Ur Rahman (general secretary) of the IDPD in a joint statement here today.