In a bid to safeguard confidential health data collected from people under the National Digital Health Mission (NDHM), the government has proposed a framework and a set of minimum standards for data privacy protection to be followed across the board in compliance with applicable laws and regulations.
The NDHM was announced by Prime Minister Narendra Modi on the occasion of 74th Independence Day. The National Health Authority (NHA), the central agency responsible for the implementation of Ayushman Bharat Pradhan Mantri Jan Arogya Yojana, which has been mandated to design and roll out NDHM in the country, has released the draft ‘Health Data Management Policy’ in the public domain.
The draft policy, been put up on the official website of National Digital Health Mission inviting comments and feedback from the public till 3 September, mainly seeks to set out a framework for “secure processing of personal and sensitive personal data of individuals” who are a part of the national digital health ecosystem.
Data collected across the National Digital Health Ecosystem (NDHE) will be stored in at the central level, the State or Union Territory level and at the health facility level, by adopting the principle of minimality at each point, according to the document.
The federated structure necessitates the development of a framework that can be utilised throughout the NDHE to safeguard the privacy of confidential health data that has been collected from individuals in India, it stated.
According to Indu Bhushan, the Chief Executive Officer of NHA, “the Draft Health Data Management Policy is the maiden step in realizing NDHM’s guiding principle of ‘Security and Privacy by Design’ for the protection of individuals” data privacy.
It encompasses various aspects of health data like data privacy, consent management, data sharing and protection among others. The provisions of this policy shall apply to the entities involved in the NDHM and those who are a part of the NDHE, that includes all entities and individuals who have been issued an ID under this policy, healthcare professionals, governing bodies of the Health Ministry, the NHA, relevant professional bodies and regulators.
It would also apply to any healthcare provider who collects, stores and transmits health data in electronic form, insurers, charitable institutions, pharmaceuticals and all individuals, teams, entities who collect or process personal or sensitive data of any individual as part of the NDHE.
While protecting the privacy of people, enough steps should be taken to ensure that quality treatment is given at affordale rates in hospitals across the country. Money should not be a criteria to get good medical treatment.