Analysing the NDHM Health Data Management Policy

Abstract

Propelled by the COVID-19 pandemic, the Prime Minister of India launched the National Digital Health Mission on 15 August 2020. The aim of the Mission is to improve capacities in the Indian healthcare system by creating a digital health ecosystem connecting different stakeholders from the public and private healthcare sector. A key aspect of the Mission is to establish digital health IDs and a digital health records system. In order to guide its implementation, the Government of India notified the National Digital Health Mission: Health Data Management Policy (NDHM-HDMP) in December 2020. In this paper, we aim to provide a broad overview of the NDHM-HDMP and highlight related legal, socio-economic and implementation issues. We analyse the NDHM-HDMP based on five criteria: (a) legal foundation and health system preparedness; (b) governance framework; (c) implications for individual consent and privacy; (d) risk of exclusions; and (e) concerns around access to health big data by private entities. We find that the NDHM-HDMP, in its present form, suffers from a weak legal foundation and inadequate preparatory groundwork; excessive delegation; a constricted digital consent and privacy framework; over-reliance on an Aadhaar-based authentication system; and, vague systems for anonymisation and de-identification, as well as complete absence of strict access control requirements for personal health data. We recommend that the identified shortcomings are addressed prior to the full scale roll out of the digital health ID and digital health records system, in order to meet the objectives of the NationalDigital Health Mission.