Aadhaar Meets AI: Inside The Govt’s Plan For a Health Data Empire

The digitisation of sensitive health data has been proposed without any data protection law in place. 

Tech and Auto
5 min read
Hindi Female

On 15 July, the Centre released the ‘blueprint’ of its plan to set up a health data empire in India. Minister for Health and Family Welfare, Dr Harsh Vardhan, unveiled the ‘National Digital Health Blueprint’, saying that he was ‘taking an oath to achieve a new dream’ – of a digitised healthcare ecosystem.

What Does This Mean and What Will It Look Like?

Among the key principles of the datafication of India’s medical ecosystem is a unique health ID for citizens, with Aadhaar as a key identifier.

What the blueprint essentially does is lay out the ‘building blocks’ for the implementation of the National Health Stack (NHS), which aims to deploy Artificial Intelligence (AI) in leveraging health records.

A 2018 proposal of the NITI Aayog, the NHS has been developed in consultation with iSPIRT – an organisation of private sector ‘volunteers’, some of whom have also been involved in building the Aadhaar infrastructure and running operations that leverage it. 

‘Enormous Amounts of Data’ For Capturing

Acknowledging that medical data exist in silos and without standardisation, the government has now set its eyes upon a data-rich trove – the Ayushman Bharat scheme.

The blueprint states that the scheme “will generate enormous amounts of health data, mostly in the digital space.”

Keeping true to the government’s larger agenda, of ‘data as a public good’, the blueprint also proposes the linking of multiple databases to generate greater and granular data that can be leveraged by the public as well as private sector – including insurance companies, hospitals, apps and researchers.

“Getting authentic healthcare data is a big challenge and our data suffers from three basic challenges. I refer to them as the 'three ‘I’s' – Integrity, Integration and Intelligence of data,” said Professor Rajendra Gupta, former advisor to the Union health minister.

“Also, the health ministry must stop printing three data reports – National Health Profile, Annual Health Report and Rural Health Statistics. If you read these three reports on the number of (hospital) beds, you will probably find three different data sets on the same topic.”
Professor Rajendra Gupta, Former Advisor to Union health minister

Gupta’s point about data discrepancy is echoed in the blueprint and the National Health Stack. Both emphasise “a single source of truth” as a major objective and propose the creation of national and regional registries pertaining to doctors, hospitals, pharmacies and healthcare professionals.


What Does the Blueprint Aim to Achieve ?

The health ministry felt that the components of NITI Aayog’s ambitious National Health Stack needed to be examined. Therefore, the ministry set up a committee headed by J Satyanarayana, former chairman of the Aadhaar-issuing UIDAI.

The National Digital Health Blueprint, submitted to the ministry on 24 April and placed before the public on 15 July, invites comments and suggestions till 4 August.

The policy document essentially lays the implementation plan and defines the ‘building blocks’ of the NHS. In doing so, it lays down the following objectives:

  • To establish national and regional registries to create single source of truth in respect of Clinical Establishments, Healthcare Professionals, Health Workers and Pharmacies.
  • Creating a system of Personal Health Records accessible to the citizens and to the service providers based on citizen-consent.
  • Promoting the adoption of open standards by all the actors in the National Digital Health Ecosystem.
  • Promoting Health Data Analytics and Medical Research
With ambitious principles of unique IDs, privacy by design, interoperable data and open standards/APIs as core driving principles, the blueprint declares that it seeks to build an ecosystem of integrated databases of patients, health records, hospitals.

Dr Girdhar Gyani, Director General of Association of Healthcare Providers of India feels that standardisation of data across health sectors is key.

“During this first stage, the government will be doubly careful about selling. We have been requesting the government for four years to standardise health records,” he said.

The digitisation of sensitive health data has been proposed without any data protection law in place. 
Union Health Minister Dr Harsh Vardhan at the release of the National Digital Health Blueprint.
(Photo: Twitter/ Dr Harsh Vardhan)
The digitisation of sensitive health data has been proposed without any data protection law in place. 
Union Health Minister Dr Harsh Vardhan at the release of the National Digital Health Blueprint.
(Photo: Twitter/ Dr Harsh Vardhan)

A Data Mission Without a Data Law

This National Blueprint illustrates yet another example of the Centre moving forward with a major digitisation program involving the data of millions of citizens without a data protection law in place.

While the government has moved ahead with sale of vehicle registration data of millions, released a tender for a nationwide facial recognition system and also passed Aadhaar amendment and the DNA Technology Bill, it is yet to table the data protection bill.

The draft data protection bill was submitted to the Electronics and IT Minister Ravi Shankar Prasad by the BN Srikrishna Committee on 27 July 2018.

“Data security is a prerequisite for any data movement. Currently, data privacy in health is a gray area,” said Dr Raman Kumar, president, Academy of Family Physicians of India.

Dr Kumar emphasised that the cost of such sensitive data getting exposed is massive.

“For example, if this sensitive data is exposed, an insurance company can refuse or hike the premium, hospitals can refuse someone saying she has multiple morbidity for example. This requires greater debate on core issues such as data security, data sharing,” he said

Health data is categorised as sensitive personal data and is subject to most stringent privacy regulations. While the European Union governs it through the General Data Protection Law (GDPR), the United States has HIPAA (Health Insurance Portability and Accountability Act of 1996) that provides data privacy and security provisions for safeguarding medical information.

Mired in Alleged Private Sector Interests

Data researchers and activists, however, have expressed concerns about the development of this policy, which proposes a health data set-up on a foundation of India Stack – a bouquet of privately-owned proprietary software applications.

“The health stack was proposed by the lobby group iSPIRT,” said Srinivas Kodali, an independent researcher.

National Health Stack is intended to be built atop India Stack, which too, has been developed with iSPIRT as pro-bono partners. 

IndiaStack is a set of APIs that allows governments, businesses, startups and developers to utilise the Aadhaar infrastructure for businesses like eKYC and UPI digital payments.

“In fact it was found that NITI Aayog was emailing all consultation documents to iSPIRT while they did not place them in public domain. The Blueprint appears to give more legitimacy to stacks, which have been under criticism,” added Kodali.

The Quint has accessed copies of the e-mail exchanges between NITI Aayog and iSPIRT officials.


Where is it Headed ?

The blueprint proposes a National Digital Health Mission “as a purely government organisation with complete functional autonomy adopting some features of some of the existing National Information Utilities like UIDAI and GSTN.”

Among the primary outcomes of this mission from the citizen’s perspective is enabling ease of accessing her medical records.

  • All citizens should be able to access their Electronic Health Records, preferably within five clicks
  • Citizens need to undergo any diagnostic test ONCE ONLY, during the course of an episode, despite taking treatment from different health service providers
  • Integrated health services at a single point, though multiple agencies/ departments/services providers are involved
  • NDHM shall assure Continuum of Care to the citizens, across primary, secondary and tertiary care and across public and private service providers

Experts, however, emphasise on the need to accurately collect and digitise data at the grassroots levels.

“Currently, we are at zero and digitisation must start at the OPD level. We won’t be able to identify meaningful patterns unless we have data for at least three years,”
said Dr Gyani.

“Currently, most data is captured at the highest tertiary care level, most of which is fully diagnosed. Data from only tertiary levels will be misleading” said Dr Raman Kumar.

(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)

Speaking truth to power requires allies like you.
Become a Member
3 months
12 months
12 months
Check Member Benefits
Read More