48% Indian citizens are against usage of their anonymized data for research, diagnostics with external agencies
The National Health Authority has come out with a draft National Health Data Management Policy which proposes to create a 'digital health id' for all citizens so an individual's personal health records, medical history, etc. can be stored and made available digitally within the health ecosystem, when an individual is seeking access to healthcare.
The draft of the policy was released on August 26th, 2020 with a week given for public feedback. However on Sep 1st, 2020, the Government extended the public feedback deadline to Sep 10th. LocalCircles conducted a survey translating the 23-page document into 4 easy-to-answer questions for the public. The survey received 34,000 responses from citizens residing in 272 districts of India and has attempted to bring out what the masses feel about the idea of creating a citizen digital health id.
In the first question, citizens were asked about their views on the creation of such a digital health id. 23% said it should be created as it could help in faster access to healthcare, while 18% said it should not be created as it could lead to personal sensitive data getting compromised. 59% said it should be created but data sought should be restricted to just health information. The results of the poll show that 82% support digital health id creation provided it only seeks and stores health-related information and not sensitive personal details like banking information, sex life, caste, religion, political affiliation, etc.
The main objective of the draft policy has been stated as providing guidance and creating a framework for secure processing of personal data of individuals who are a part of the national digital health ecosystem. NHA has earlier rolled out schemes like Ayushman Bharat, Pradhan Mantri Jan Arogya Vojna, which gave health benefits to millions of Indians.
The Government in its draft National Health Data Management Policy which proposes to create a digital health id for citizens will be storing the data selectively at three levels i.e. central, state or UT and at the health facility level. Citizens were asked how they feel this should be done. 11% said storage should beat central, state and health facility levels is fine, while 21% said storage should only be at central level and access by state and health facility after my authorization. 10% said storage should be at central and state levels and access by health facility after their authorization, and 57% said it should only be done for health information and it should be stored only at central level with authorization needed for use by health facility.
This shows that majority want digital health id to have only health information with storage only at central level and authorization-based access for State Government and health facilities. The key concern among people with information storage at state level or at a health facility level is the risk of information getting compromised. So, while people are ok with their State Government and the different health facilities accessing their information upon their authorization, they do not want this information stored in private hospital computers or in State Government and District Health facilities. People prefer that their private sensitive information be deleted post usage by these entities.
In the next question, citizens were asked what information they approve to be stored in their digital health id under the National Health Data Management policy. 79% people approved storage of biometric, health and medical records data only. The remaining 21% were more open and willing to share additional personal sensitive information of different types.
In regards to the digital health id creation per the draft National Health Data Management policy, a data fiduciary (company, state, person, health information provider, etc) may make aggregate or anonymized data of people available to the purpose of research, promotion of diagnostic solutions, etc. to other external agencies. Citizens were asked if they approve of such data sharing. 48% responded in a clear 'no' while 45% answered in a ‘yes'. 6% were unsure about it. People seem to be almost split equal when it comes to permitting usage of their anonymized health data for purposes of research, diagnostic solution promotion to external agencies, etc. The policy draft outlines how this data would be collected, processed, stored and shared. This indicates that one in two citizens is not willing to give their consent to anonymized sharing of their data for research or to external agencies outside the Government.
The Health Data Management Policy adopts the Personal Data Protection Bill, 2019, which has already been presented in the Parliament, as an anchor. The Ministry of Electronics & Information Technology also released the National Personal Data Protection Policy draft for public comments in July 2020 which focuses on anonymized/aggregated data of Indians. The Digital Health ID will have to sync itself with both these policies to ensure that the citizens data stays protected and only information that is absolutely essential for availing health service is sought for storage.
The biggest benefit of such a digital id to citizens can be in the current COVID-19 pandemic situations where many from rural areas and small towns are coming to metros and tier 1 & 2 cities to get treatment. A digital health id could easily make available to the treating physician all their details on fingertips and the patient can even be directed to the most optimal health facility based on their condition and location. On the flipside, if there aren't enough safeguards and such information gets into the wrong hands, an individual could face serious consequences financially and socially, get rejected from a job based on their health condition or find it difficult to rent a home.