New health data policy may be misused for surveillance: Chhattisgarh minister writes to Vardhan
In a letter, TS Singh Deo said that state governments should be given time to provide their feedback since health is a state subject.
Chhattisgarh Health Minister TS Singh Deo on Saturday wrote to Union Minister Harsh Vardhan, expressing his reservations about the Centre’s National Digital Health Mission that seeks to create a digital health ID for citizens. He said the policy can be “misused by an authoritarian state for surveillance purposes”, and use sensitive personal information for manipulation in addition to “overt coercion”.
The National Digital Health Mission seeks to digitise the personal health records of Indians by creating a digital health ID, using Aadhaar, the 12-digit unique identification number linked to a person’s biometric details, as one of the means of authentication. It was formally announced by Prime Minister Narendra Modi on Independence Day, but has been in the works since July 2018.
The draft health data policy was announced on August 26 by the National Health Authority, an agency that functions under the health ministry. In the document, the agency outlined how this data would be collected, processed, stored and shared. It covers “personal and sensitive personal data”.
Initially, the Centre invited public comments on the draft till September 3. In his letter to Vardhan, Deo said that the period of seven days granted for public feedback and comments was “insufficient and undemocratic” given the magnitude of the policy. “During COVID times mass consultations and gatherings are not possible thus, an extended period of three months is extremely important to discuss such a crucial issue,” he said.
The National Health Authority has extended the deadline for feedback till September 21, after Delhi High Court heard a public interest litigation which challenged the short window, arguing it does not allow for a scrutiny of fundamental questions about the policy.
Deo, who is the health minister of Chhattisgarh, added that state governments should be given time to provide their feedback since health is a state subject. He further added that the state administrations are the most prominent stakeholders and immediately accountable to its people for the implementation of the policy.
But “dishearteningly, the Central Government has never had a dialogue with the states about the implications of the policy and has also not sought any feedback from the state governments about the data privacy,” he added. “Hence, the Centre should accommodate Centre-State deliberations on the subject matter and grant more time to the states to report constructive feedback.”
Also read:
Explainer: Does India need digital health records and can the draft policy protect sensitive data?
Privacy concerns
The Chhattisgarh health minister then listed some of the privacy concerns related to the policy. Deo said that the draft policy doesn’t mention creation of mechanisms or structures that would provide for a “long lasting legal and the constitutional safeguards”.
“In the currently prescribed structure any protection promised therein are only executive in nature and can be altered by mere executive instructions,” he added. “This instead should be done by an Act of Parliament with adequate constitutional safeguards inbuilt into.”
The Chhattisgarh health minister further pointed out that the draft policy did not mention the Personal Data Protection Bill 2019, which is still pending before Parliament. “This is a serious dilution of the main provisions of a bill before the Parliament, especially in regards to the governance of data protection,” he said.
The state health minister also raised questions about the data points classed as “sensitive personal data”, which include an individual’s financial details, their physical and mental health, sex life, medical records, gender and sexuality, caste, religious and political beliefs as well as genetic and biometric records.
“It is astonishing that what could be the ulterior motive behind accumulating this critical information which has nothing to do with health in general, and instead surfaces to be a surveillance among other things..,” he said.
Besides this, he said the repeated assertion in the NDHM strategy document that all registries and other master databases of NDHM will be built as “Single Source of Truth” should be a matter of great concern. “Countries with greater liberal traditions have knowingly insisted on multiple sources of identity and information to prevent capture of knowledge by executive power located in a single institution,” Deo said.
The letter added that the current draft policy “completely neglected” the need for creating better access to quality of health services and improve health outcomes, such as infection control, disease prevalence, morbidity and mortality estimates. “Data management and digitization cannot become a stand-alone purpose,” Deo wrote. “In its current structure, the draft policy may be good for the telecom or IT industry but not good for anyone who wants a better health outcome.
Deo also asked the Centre to ensure that the lack of an ID should not become a basis for denial of access to publicly financed healthcare.
Also read: