Govt sets ball rolling on NDHM, comes out with draft policy on health data

The NDHM seeks to provide a unique health ID for each citizen who wishes to have one
The Centre has set the ball rolling on the prime minister’s ambitious National Digital Health Mission (NDHM) by coming out with a draft policy on health data management. 

The government’s proposal, now put up for public review, focuses on necessary data privacy measures that need to be put in place in order to safeguard the confidentiality of sensitive health information of citizens. 

After the official announcement of the NDHM, which aims to create a digital health ecosystem across the country, the primary concern has been the issue of data privacy and security. 

The National Health Authority (NHA), the implementing agency for the NDHM, had reassured that the data would not be pulled into any central server and that a prime feature of the scheme was the concept of a consent manager. 

The NDHM seeks to provide a unique health ID to each citizen who wishes to have one and also on-board the healthcare service provides (hospitals, pharmacies and diagnostic labs, among others). It will have an online database of doctors (DigiDoctor) and personal health records (PHRs). 

To access one’s PHR, any doctor or institution would have to seek permission from the health ID owner, who can give selective access authorisation too. This authorisation can even be revoked. 

The Centre has now reiterated the same in the draft health data management policy – everyone enrolled for the mission will get a Health ID free of cost and have complete control over his or her data.

The government has proposed a framework and a set of minimum standards for data privacy protection to be followed across the board in compliance with applicable laws and regulations.

Data collected across the National Digital Health Ecosystem (NDHE) will be stored at the central, state or the union territory level and at the health facility level. It will adopt the principle of minimality at each point, according to the document.

Indu Bhushan, chief executive officer (CEO), NHA, said, “The Draft Health Data Management Policy is the maiden step in realising NDHM’s guiding principle of ‘Security and Privacy by Design’ for the protection of individuals’ data privacy.”

The provisions of this policy will apply to the entities involved in the NDHM and those who are a part of the NDHE. These include all entities and individuals who have been issued an ID under this policy, health care professionals, governing bodies of the health ministry, the NHA, relevant professional bodies and regulators. 

It would also apply to any health care provider who collects, stores and transmits health data in electronic form, insurers, charitable institutions and pharmaceuticals. It will include all individuals, teams and entities who collect or process personal or sensitive data of any individual as part of the NDHE.

Business Standard is now on Telegram.
For insightful reports and views on business, markets, politics and other issues, subscribe to our official Telegram channel