But data security and privacy will be metrics of its health
The Ayushman Bharat Digital Mission (ABDM) is undoubtedly a promising initiative and very relevant in today’s digital age. The broad objective is to maintain health records of citizens in a digital format so that these can be easily accessed by doctors, whether in an emergency or otherwise. The government plans to allot every citizen a 14-digit health ID, much like Aadhaar and, with the medical documents stored online, health practitioners can check out a patient’s medical history no matter where he or she is. Indeed, centralising and digitising pertinent information does seem a good and convenient way to work and would be especially useful when patients are switching health providers.
However, concerns about the privacy of the data cannot be wished away. Medical records contain very sensitive and private information and, while the PM has assured us the data would be safe, the exact mechanics of how this would be ensured are unclear. After all, we do not yet have a data protection law in India—the Personal Data Protection Bill is yet to be passed. The law could have been a deterrent with some severe punitive measures. Fears that the records could be leaked, sold or otherwise misused, therefore, are not in the least irrational, given that so many individuals—theoretically—can access the information.
A recent occurrence, when a large number of people citizens were automatically assigned their digital health IDs when they signed up to the CoWin mobile app, using their Aadhaar, tells us how vulnerable the system could be to misuse. One is not sure whether the consent clauses were clearly presented in the permission for CoWin, but it does not look like people were asked about their consent upfront. Such episodes are disconcerting and since not everyone may be familiar with technology important matters—like consent—need to be highlighted. Indeed, given how several sets of stakeholders—including healthcare providers and other agencies—will have access to the records, ensuring confidentiality would be very difficult, even impossible. In fact, most hospitals and clinics in the country today already have a store-house of customer data with them and it is important to make sure the information is safe. To be sure, users can deactivate or delete their health IDs as they please, though whether this option is accompanied by any riders is not known yet. However, to what extent this would help is not clear since the data would already have been captured in the system.
Again, while participation is voluntary, it could very well turn out to be an Aadhaar-like scenario wherein the health ID becomes integral for almost everything health-related. Already, hospitals today require patients to provide wide-ranging information and personal details. Under the circumstances, it could be extremely difficult to ensure patients are not turned away and deprived of medical care because they have not registered with the ABDM. The ABDM must try and use the data collected to frame and implement policies that make healthcare services more efficient, affordable and inclusive. At the same time citizens should feel comfortable using the system and confident their privacy will not be violated.