Identity Project

Despite the comparisons, India's Aadhaar project is nothing like America's Social Security Number

It has more uses and fewer safeguards.

From food rations to marriage certificates, entrance exams to train ticket concessions, mobile phone cards to banking, Indians are now being asked to produce a 12-digit Aadhaar number to access both government and private sector services.

This number is connected to their fingerprint and iris scans that are stored in a centralised database. As of September 2016, this database held the demographic and biometric information of more than 105 crore people – more than 80% of India’s population, and three times the population of the United States.

India’s Unique Identification project is the world’s largest biometrics-based identity programme. Initially, the project had a limited aim – to stop theft and pilferage from India’s social welfare programmes by correctly identifying the beneficiaries using their biometrics. But now, the use of Aadhaar is expanding into newer areas, including business applications.

As the uses of Aadhaar proliferate, what are the rewards and risks?

Over the next week, a special series on will take a closer look at the many dimensions of Aadhaar, from its use for social welfare, to its expansion in the private sector, to concerns over privacy and data violations.

First, a quick comparison with the Social Security Number of the United States. The nine-digit number, which is used widely by government agencies in the US, is seemingly as ubiquitous as Aadhaar. It is often used as an example of an advance economy successfully doing something similar to India’s unique identity project. But there are important differences between the two, starting with the fact that the Social Security Number is, well, not an identity number.

Aadhaar is an identification number. Social Security Number is not.

The Social Security Number has its origins in the years of the Great Depression. During this period of economic recession in the US, the Roosevelt government launched the “New Deal”, a series of programmes to provide relief and employment to the poor.

In 1936, under the Social Security Act, it began using a nine-digit number, the Social Security Number, to track the earnings of workers and compute the amount of social security benefits to be credited to their accounts.

Over the years, the ease of using the number led more government agencies to incorporate it in their records. In 1961, for instance, the Internal Revenue Service began using the Social Security Number for taxpayer identification, similar to the Permanent Account Number in India.

With no legal restrictions on use of the Social Security Number by private companies, several businesses such as credit bureaus started asking individuals for their Social Security Number and storing it.

But in 1977, the Carter administration clarified that while it may used to be verify whether an individual had the legal permit to work, the Social Security Number could not serve as an identification document.

The Social Security Administration website states in a 2009 bulletin: “The card was never intended to serve as a personal identification document that is, it does not establish that the person presenting the card is actually the person whose name and SSN appear on the card.”

By contrast, Aadhaar has been designed as a single, universal, digital identity number that any registered entity, whether public or private, can use to “authenticate” an Indian resident. Anyone who has lived in India for 182 days can enroll in Aadhaar for proof of identity, while only citizens and those authorised to work in the US can obtain a Social Security Number.

Aadhaar authenticates a person. The Social Security Number does not.

Aadhaar authenticates a person by matching his or her demographics or biometrics with the records in its database. The government says this will help prevent identity fraud – for example, no one will be able to collect wages or food subsidies in another person’s name.

The Social Security Number was never intended for authentication purposes and has not been built to do this on a national scale. It matches a name and associated Social Security Number against its records only in limited circumstances, such as before issuing a replacement Social Security Number, or establishing a claims record.

It “does not verify an individual’s identity”, notes the Social Security Administration website, explaining the verification methods.

Aadhaar captures biometrics. The Social Security Number does not.

Aadhaar collects biometrics, which include the scan of all fingerprints, face and the iris of both eyes. Aadhaar Act’s section 2(g) states that “other biological attributes” may be collected in the future, a provision that was intensely debated in Parliament.

The elderly and the poor is India have hardened, wrinkled hands.
The elderly and the poor is India have hardened, wrinkled hands.

In contrast, when the Social Security Number was created in the 1930s, the US government decided not to collect fingerprints. “The use of fingerprints was associated in the public mind with criminal activity, making this approach undesirable,” notes the Social Security Administration website. The Social Security Number is thus printed on a small paper card and does not carry even a photograph.

In recent years too, the Social Security Administration has restrained from collecting biometrics of residents. In 2007, when the Intelligence Reform and Terrorism Prevention Act asked the SSA to improve the security of Social Security Number cards, the SSA considered adding the holder’s photograph or biometrics to the card but eventually decided against it.

“A biometric identifier, such as a fingerprint, can be an effective and highly accurate way to establish the identity of an individual, but it can also facilitate a much higher degree of tracking and profiling than would be appropriate for many transactions,” said Marc Rotenberg, the president of Electronic Privacy Information Center, a research organisation, in a testimony to the House of Representatives.

He added: “The problems that will arise when biometric identifiers are compromised are severe. What will happen at the point that your biometric identifiers no longer identify you?”

Around 2011, American authorities considered introducing a new biometrics-linked identity card for work authorisation for residents. Called the Biometric Enrollment, Locally-stored Information, and Electronic Verification of Employment or BELIEVE card, it aimed capture fingerprints or scans of veins on the back of hands.

BELIEVE card supporters presented it as necessary for immigration reform but many opposed it. “We pointed out that a biometrics ID system would be expensive, intrusive and ineffective, and requiring such an ID card would fundamentally transform the information demands the US government places on its citizens,” said Michael Froomkin, a professor of law at Miami University.

Ultimately, the proposal was dropped.

Aadhaar links databases. The Social Security Number does not.

One of the key concerns around Aadhaar is that the government has “seeded”, or introduced the number in multiple databases, which makes it easier for government agencies to converge personal information of individuals across databases.

Millions of Aadhaar numbers have been linked to the bank records, ration lists, educational records, and telecom documents of individuals. New analytical data techniques mean this “big data” could reveal much more about a person than standalone data could in the past.

The PRS Legislative Research has pointed out the Aadhaar Act of 2016 does not specifically prohibit law enforcement and intelligence agencies from using the Aadhaar number to search various datasets. This could lead to inappropriate profiling and innocent individuals identified incorrectly as potential threats by law agencies could face harassment.

There is no seeding done using the Social Security Number. Federal agencies and private entities that collect the Social Security Number for a specific service store the number at the organisational level. The US government has cautioned against the use of the Social Security Number as a single, unique identifier.

For instance, the Department of Homeland Security in 2007 directed its officials: “Department of Homeland Security programs shall not collect or use an SSN as a unique identifier; rather, programs shall create their own unique identifiers to identify or link information concerning an individual.” The Department of Defence removed SSNs from military identity cards by 2011, and instead issued departmental-level IDs.

The emphasis is on using different identifiers for specific purposes, to reduce the risks associated with a single identifier.

Aadhaar does not have privacy safeguards quite in the same way as the Social Security Number.

In response to growing concerns over the accumulation of massive amounts of personal information, the US government passed the Privacy Act of 1974. The law was passed in recognition of the dangers of the widespread use of Social Security Numbers as universal identifiers.

Subsequently, the Computer Matching and Privacy Protection Act of 1988 tightened regulation, by providing for the establishment of Data Integrity Boards at each agency.

India does not have a privacy law either at the national or state level. As per section 8 of the Aadhaar Act, requesting agencies are required to obtain the consent of individuals before collecting their identity information and inform them of what information will be shared. But as per section 47, a person whose information is collected and shared without their consent cannot invoke the criminal penalty. The Act says such a complaint can only be made by Unique Identification Authority.

Further, when the Unique Identification Authority of India authenticates the identity of individuals against the Aadhaar database, it generates millions of authentication logs every day, containing the request received, the response, and the metadata related to the transaction.

The Authority retains the authentication data for six months, and archives it for five years. It also requires the requesting entities – both public agencies and private companies – to maintain the logs, including the Aadhaar number, for two years, and then archive it for five years, and even longer in case of a court order.

Experts caution against the retention of data for such long periods. Data breaches could potentially violate people’s privacy. In 2014, European Union’s highest court ruled that data retention is illegal.

Aadhaar is designed to be used by private companies. The Social Security number was not, but its use by the private sector has led to identity theft.

Identity theft affects over 90 lakh Americans every year.

Over the years, commercial enterprises, particularly in the financial services sector, have created a system of files containing the personal and financial information of a majority of the American adult population, based on their Social Security Numbers. This information is sold and traded freely, in some instances leading to identity theft, particularly of elderly pensioners and students. Privacy expert Rotenberg has described financial companies as “among the strongest opponents of SSN restrictions.”

A major government report on privacy in 1973 said that legislation should be adopted prohibiting use of the Social Security Number “for promotional or commercial purposes”.

In most states, legally, an individual is required to provide their Social Security Number to a business only if the transaction requires so under Internal Revenue Service or federal Customer Identification Program rules. A few states such as Colorado, Arizona and California have passed laws that restrict the disclosure and use of the Social Security Number by private actors.

In contrast, Aadhaar has been designed for use by both public and private entities. Billionaire software entrepreneur Nandan Nilekani, who is the founder chairperson of Unique Identification Authority of India, while explaining the differences between Aadhaar and the Social Security Number, said Aadhaar had been designed “as an open platform on which you can build applications”.

In a foreword to a Credit-Suisse report, he noted that the use of Aadhaar by the financial sector could open up a $600 billion business opportunity.

The Unique Identification Authority of India has already entered into agreements with a number of companies providing authentication and identification services using Aadhaar as a platform.

Aadhaar functioned without a legal framework till recently. The Social Security Number was created through a law.

Since its inception, the Social Security Number has been governed by the Social Security Act of 1935.

In contrast, the Aadhaar project functioned without a legal framework for seven years since it was launched by the United Progressive Alliance government in 2009. It was run under an executive order, which meant Parliament had no oversight over it.

An Aadhaar Bill was introduced in 2010 but it was rejected by a parliamentary committee over legislative, security, and privacy concerns. In March 2016, the National Democratic Alliance government passed the Aadhaar Act as a Money Bill, bypassing the Rajya Sabha – a move that was widely criticised.

The use of Aadhaar is expanding. The use of the Social Security Number is getting restricted.

The Privacy Act of 1974 makes it unlawful for a governmental agency in the US to deny a right, benefit, or privilege merely because the individual refuses to disclose his Social Security Number, except when disclosure is required by federal statute.

Section 7 of the Act provides that any agency requesting an individual to disclose his Social Security Number must “inform that individual whether that disclosure is mandatory or voluntary, by what statutory authority such number is solicited, and what uses will be made of it.”

Given privacy concerns over the use of Social Security Numbers, governments have passed several laws and orders since 1996 to restrict and limit its use and collection.

The Social Security Administration website says state entities have begun to delete Social Security Numbers on electronic public records. An executive order of 1943 that required federal agencies to use the Social Security Number when establishing a system of permanent account numbers was rescinded by an Executive Order, which made such use optional in 2008.

Several US states have also passed laws. New York and West Virginia have statutes that limit the use of the Social Security Number as a student identity number. Kentucky allows students to opt out of the use of Social Security Numbers. Arizona law requires companies to give a right to users to opt out. California prohibits businesses from printing Social Security Numbers on bills, and companies must notify individuals in case of data breaches.

The Intelligence Reform and Terrorism Prevention Act of 2004 prevented the printing of Social Security Numbers on driver licenses and other government- issued identity cards. A 2015 law prohibited the inclusion of Social Security Numbers on Medicare cards, though this has not yet been achieved.

In contrast, since the first Aadhaar number was issued in 2010, the government in India has tried to link maximum schemes and benefits to Aadhaar, pausing briefly when the Supreme Court issued orders restricting the government from making Aadhaar compulsory.

The Supreme Court passed at least six orders since 2013 saying the government cannot require people to register for an Aadhaar number and no one can be deprived of a government service for not having an Aadhaar number.

But under section 7 of the Aadhaar Act, the government can ask a resident to produce Aadhaar for any “benefit, subsidy or service”, which has made the ambit of the project very wide. Now even private companies have incorporated the Aadhaar number in their systems.

The current trajectories of two ubiquitous numbers – Aadhaar and the Social Security Number – appear to be in opposite directions.

We welcome your comments at
Sponsored Content BY 

What hospitals can do to drive entrepreneurship and enhance patient experience

Hospitals can perform better by partnering with entrepreneurs and encouraging a culture of intrapreneurship focused on customer centricity.

At the Emory University Hospital in Atlanta, visitors don’t have to worry about navigating their way across the complex hospital premises. All they need to do is download wayfinding tools from the installed digital signage onto their smartphone and get step by step directions. Other hospitals have digital signage in surgical waiting rooms that share surgery updates with the anxious families waiting outside, or offer general information to visitors in waiting rooms. Many others use digital registration tools to reduce check-in time or have Smart TVs in patient rooms that serve educational and anxiety alleviating content.

Most of these tech enabled solutions have emerged as hospitals look for better ways to enhance patient experience – one of the top criteria in evaluating hospital performance. Patient experience accounts for 25% of a hospital’s Value-Based Purchasing (VBP) score as per the US government’s Centres for Medicare and Mediaid Services (CMS) programme. As a Mckinsey report says, hospitals need to break down a patient’s journey into various aspects, clinical and non-clinical, and seek ways of improving every touch point in the journey. As hospitals also need to focus on delivering quality healthcare, they are increasingly collaborating with entrepreneurs who offer such patient centric solutions or encouraging innovative intrapreneurship within the organization.

At the Hospital Leadership Summit hosted by Abbott, some of the speakers from diverse industry backgrounds brought up the role of entrepreneurship in order to deliver on patient experience.

Getting the best from collaborations

Speakers such as Dr Naresh Trehan, Chairman and Managing Director - Medanta Hospitals, and Meena Ganesh, CEO and MD - Portea Medical, who spoke at the panel discussion on “Are we fit for the world of new consumers?”, highlighted the importance of collaborating with entrepreneurs to fill the gaps in the patient experience eco system. As Dr Trehan says, “As healthcare service providers we are too steeped in our own work. So even though we may realize there are gaps in customer experience delivery, we don’t want to get distracted from our core job, which is healthcare delivery. We would rather leave the job of filling those gaps to an outsider who can do it well.”

Meena Ganesh shares a similar view when she says that entrepreneurs offer an outsider’s fresh perspective on the existing gaps in healthcare. They are therefore better equipped to offer disruptive technology solutions that put the customer right at the center. Her own venture, Portea Medical, was born out of a need in the hitherto unaddressed area of patient experience – quality home care.

There are enough examples of hospitals that have gained significantly by partnering with or investing in such ventures. For example, the Children’s Medical Centre in Dallas actively invests in tech startups to offer better care to its patients. One such startup produces sensors smaller than a grain of sand, that can be embedded in pills to alert caregivers if a medication has been taken or not. Another app delivers care givers at customers’ door step for check-ups. Providence St Joseph’s Health, that has medical centres across the U.S., has invested in a range of startups that address different patient needs – from patient feedback and wearable monitoring devices to remote video interpretation and surgical blood loss monitoring. UNC Hospital in North Carolina uses a change management platform developed by a startup in order to improve patient experience at its Emergency and Dermatology departments. The platform essentially comes with a friendly and non-intrusive way to gather patient feedback.

When intrapreneurship can lead to patient centric innovation

Hospitals can also encourage a culture of intrapreneurship within the organization. According to Meena Ganesh, this would mean building a ‘listening organization’ because as she says, listening and being open to new ideas leads to innovation. Santosh Desai, MD& CEO - Future Brands Ltd, who was also part of the panel discussion, feels that most innovations are a result of looking at “large cultural shifts, outside the frame of narrow business”. So hospitals will need to encourage enterprising professionals in the organization to observe behavior trends as part of the ideation process. Also, as Dr Ram Narain, Executive Director, Kokilaben Dhirubhai Ambani Hospital, points out, they will need to tell the employees who have the potential to drive innovative initiatives, “Do not fail, but if you fail, we still back you.” Innovative companies such as Google actively follow this practice, allowing employees to pick projects they are passionate about and work on them to deliver fresh solutions.

Realizing the need to encourage new ideas among employees to enhance patient experience, many healthcare enterprises are instituting innovative strategies. Henry Ford System, for example, began a system of rewarding great employee ideas. One internal contest was around clinical applications for wearable technology. The incentive was particularly attractive – a cash prize of $ 10,000 to the winners. Not surprisingly, the employees came up with some very innovative ideas that included: a system to record mobility of acute care patients through wearable trackers, health reminder system for elderly patients and mobile game interface with activity trackers to encourage children towards exercising. The employees admitted later that the exercise was so interesting that they would have participated in it even without a cash prize incentive.

Another example is Penn Medicine in Philadelphia which launched an ‘innovation tournament’ across the organization as part of its efforts to improve patient care. Participants worked with professors from Wharton Business School to prepare for the ideas challenge. More than 1,750 ideas were submitted by 1,400 participants, out of which 10 were selected. The focus was on getting ideas around the front end and some of the submitted ideas included:

  • Check-out management: Exclusive waiting rooms with TV, Internet and other facilities for patients waiting to be discharged so as to reduce space congestion and make their waiting time more comfortable.
  • Space for emotional privacy: An exclusive and friendly space for individuals and families to mourn the loss of dear ones in private.
  • Online patient organizer: A web based app that helps first time patients prepare better for their appointment by providing check lists for documents, medicines, etc to be carried and giving information regarding the hospital navigation, the consulting doctor etc.
  • Help for non-English speakers: Iconography cards to help non-English speaking patients express themselves and seek help in case of emergencies or other situations.

As Arlen Meyers, MD, President and CEO of the Society of Physician Entrepreneurs, says in a report, although many good ideas come from the front line, physicians must also be encouraged to think innovatively about patient experience. An academic study also builds a strong case to encourage intrapreneurship among nurses. Given they comprise a large part of the front-line staff for healthcare delivery, nurses should also be given the freedom to create and design innovative systems for improving patient experience.

According to a Harvard Business Review article quoted in a university study, employees who have the potential to be intrapreneurs, show some marked characteristics. These include a sense of ownership, perseverance, emotional intelligence and the ability to look at the big picture along with the desire, and ideas, to improve it. But trust and support of the management is essential to bringing out and taking the ideas forward.

Creating an environment conducive to innovation is the first step to bringing about innovation-driven outcomes. These were just some of the insights on healthcare management gleaned from the Hospital Leadership Summit hosted by Abbott. In over 150 countries, Abbott, which is among the top 100 global innovator companies, is working with hospitals and healthcare professionals to improve the quality of health services.

To read more content on best practices for hospital leaders, visit Abbott’s Bringing Health to Life portal here.

This article was produced on behalf of Abbott by the marketing team and not by the editorial staff.