Identity Project

Who will own your data when your electronic health records are linked to Aadhaar?

The draft health privacy law will be made public to invite comments in the coming weeks, government officials say.

After making Aadhaar necessary to access a number of services, the government is now ready to start linking health records to the biometrics-based identity number system. In October 2016, Scroll. in reported that officials from the Ministry of Health and Family Affairs had started collecting Aadhaar numbers of those seeking treatment at government hospitals and medical colleges.

“Patients’ Aadhaar numbers will be linked to a second health ID and these will be used in electronic health records,” said Sunil Sharma, joint secretary with the health ministry. “Government facilities in Haryana, Telangana are already collecting Aadhaar numbers from patients. This will allow continuity of care when patients go to a facility and the records can be shared electronically. This will avoid duplication.”

The health records will contain all the information related to the patient including name, address, and the health records produced during his or her visit to the hospital such as X-ray reports, blood test reports among others.

As health records contain sensitive information, the health ministry awarded a contract to the National Law School of India University in February 2016 to draft a law guaranteeing privacy and confidentiality of health data in electronic health records. The legal sub-group within the health ministry discussed the initial draft with the legal experts from the university in June 2016, and the draft legislation was submitted to the ministry in July 2016.

The National Law School of India University faculty experts have since then submitted two revised drafts of the proposed law, including one which was discussed with the health ministry’s legal subgroup last month.

Ministry officials and legal experts say a fundamental question that remains unresolved is that of who will own the data – the individual or the government. Ownership of the data implies control over the data.

“The NLSIU shared a draft a few weeks back and we sent it back as the draft is very focused on individuals’ privacy,” said Sharma. “Yes, patients will have the right to access their records and give consent for sharing. But after the records have been anonymised, they will also be used for big data analytics. The right to use the data has to be there with the government.”

The use of data could include epidemiological analysis related to disease outbreaks, for instance.

The current draft of the law provides civil and criminal remedies to individuals for breach of data. It provides for correcting data, but does not provide a right to individuals to get any data deleted from their records.

The final draft of the law is expected to be made public for public comments in the coming weeks, said Sharma.

Collecting health data

The Aadhaar Act says demographic information collected under Aadhaar Act will not include “medical history”.

demographic information includes information relating to the name, date of birth, address and other relevant information of an individual, as may be specified by regulations for the purpose of issuing an Aadhaar number, but shall not include race, religion, caste, tribe, ethnicity, language, records of entitlement, income or medical history.

— Section 2(k), Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits, and Services) Act 2016.

The Unique Identity Authority of India, the agency that enrolls residents in Aadhaar and manages the database, is not empowered to collect information on residents’ medical history. However, the new law on health privacy that is tentatively titled “Electronic Health Data Privacy, Confidentiality and Privacy in India” will provide for collecting Aadhaar numbers linked to medical records.

The National Health Policy published earlier in March had also states that the government will be “exploring the use of “Aadhaar” (Unique ID) for identification” and “creation of registries (i.e. patients, provider, service, diseases, document and event) for enhanced public health/big data analytics, creation of health information exchange platform.”

Some government websites instruct patients to link Aadhaar numbers to their medical data.

National Aids Control Organisation website asks HIV patients registered at treatment centers to share their Aadhaar numbers.
National Aids Control Organisation website asks HIV patients registered at treatment centers to share their Aadhaar numbers.

Safeguarding personal data

The health ministry’s legal sub-group has representatives from the health ministry, the National Health Portal, the Ministry of Electronics and Information Technology, the Centre for Development of Advanced Computing, the Maulana Azad Medical College, Apollo Hospitals, the Federation of Indian Chambers of Commerce and Industry. This group met with the National Law School of India University’s expert committee members in the last week of March. The committee does not have representatives of civil society working on public health.

A person at the meeting pointed out differences arising within the group over two major questions in the process of finalising of the policy.

One is who will own and control the data.

“If the data is legally owned by the person to whom it belongs, one concern is that data once ‘de-identified’ should also be available to the government and researchers,” said an expert committee member who did not wish to be identified. “For example, for policy-making on HIV treatment, I as a policy-maker need to know how many individuals are HIV positive.”

De-identification is temporarily de-linking data from information that might be used to identify a patient. Such de-identification is different from anonymisation of data.

“Since the owner of the data may not be in favour of sharing any personal information, the legislation draft provides for anonymisation, which will destroy the identifiable pieces of information permanently at source,” said the expert committee member.

Thus, de-identifying patient data can be reversed. This is useful for doctors to access data when a patient returns to a hospital or visits another doctor or is incapacitated.

But the government wants to anonymise patient data, which will no longer allows the data to be traced back to the individual, which is a more permanent de-linking.

The expert committee member added: “At the meeting, the National Informatics Centre officials were of the opinion that such a model of completely anonymising the data is not possible, and that at present they do not use such models because of technological reasons. We pointed out that this is a common practice and is being done by governments of other countries.”

The government and legal experts are also divided over whether an authority need to be created to regulate the process of collecting and storing data, regulating exchanges where the information will be stored and assigning licenses to private medical establishments.

The draft law advocates for the creation of a National e-Health Authority or NeHA for regulating public and private health information exchanges and for enforcing laws and regulations related to privacy and security of health records.

“But the government is now saying they want to create a National Digital Health Authority (NDHA) under a separate statute,” said another committee member who declined to be identified.

Joint secretary Sharma who is also a member of the legal sub group, however, said this was not a significant point of difference. “Whether it is NeHA or NDHA, it is a just a matter of name,” he said.

Sharma added that besides unique numbers for individuals seeking treatment, identifiers called National Identification Numbers will also be assigned to all health facilities starting with public facilities. “We have assigned verified unique IDs to 2 lakh medical establishments already,” said Sharma.

Concerns about privacy

Legal and medical experts are closely watching how the final legislation resolves questions over data confidentiality, privacy, and patients’ rights.

Many countries that already have such legislation focus not just on “who owns the data” but “what patients’ rights will be”.

“The General Data Protection Regulation of the European Commission, for instance, does not provide that patients ‘own’ their medical data, but that everyone has a right to the protection of personal data,” said lawyer Vrinda Bhandari. “The Regulation provides that no health data can be processed except in few specific conditions, such as if required in course of a law, putting the onus on the government to adhere to these conditions.”

The United States has the Health Insurance Portability and Accountability Act, 1996 – a privacy law that gives individuals right to their health information and sets rules and limits on who can access health information. As per the law, in the course of conducting research, the researchers are permitted to use health data only with individual authorisation and under limited circumstances without authorisation.

RS Nilakantan who works as data scientist in Chennai has worked with the United States government on the electronic medical records said that to access these records, he was required to travel to the United States. “They did not allow the data to leave their network,” he said.

Meanwhile, in a blatant violation of patient rights, some patients have been turned away from government medical facilities and denied treatment for failing to produce their Aadhaar numbers, public health activists have pointed out.

A news report that appeared in Hindi newspaper Dainik Bhaskar, Raipur edition, on March 24 on the denial of medical treatment for lack of Aadhaar cards.
A news report that appeared in Hindi newspaper Dainik Bhaskar, Raipur edition, on March 24 on the denial of medical treatment for lack of Aadhaar cards.

“If a health privacy law is still being drafted, why is data already being collected?” asked Bhandari. “Even under the Information Technology Act, 2000, medical records and history is categorised as sensitive personal data and should not be collected without informed consent of individuals, on what their rights of data protection, data access will be.”

Notice to patients at Bhimrao Ambedkar Hospital at Raipur in Chhattisgarh requiring patients to submit Aadhaar numbers for treatment under Rashtra Swasth Bima Yojana. (Photo credit: Jan Swastha Abhiyan)
Notice to patients at Bhimrao Ambedkar Hospital at Raipur in Chhattisgarh requiring patients to submit Aadhaar numbers for treatment under Rashtra Swasth Bima Yojana. (Photo credit: Jan Swastha Abhiyan)

Anant Bhan, an expert in bioethics, said that Indian health systems are informed by very poor evidence and need better data but at the same time the government needs to be transparent and accountable in data collection.

“If we are handing over of data, then at least we have a right to know what is being done with it,” said Bhan. “If by default, using a healthcare facility and creating an electronic health record involves your data being used for analysis, then the government is responsible to make people aware about it. They should display public notices outside hospitals talking about it.”

However, Dr Amar Jesani who edits Indian Journal of Medical Ethics said that linking electronic records with Aadhaar will invade privacy and violate autonomy by forcing patients to provide blanket consent for use of their medical data. Since these records require patients to produce Aadhaar or proof or enrolment or undergo biometric authentication when they visit hospitals there may be cases of exclusion, The scientific basis for collecting such data might also be unsound, he pointed out. “It is scientifically problematic because epidemiological estimates based only on the data which are in electronic records, could be misleading in the estimation of disease burden of the community,” he said. “A priority setting in the health policy using such data could therefore be erroneous.”

We welcome your comments at letters@scroll.in.
Sponsored Content BY 

What’s the difference between ‘a’ washing machine and a ‘great’ washing machine?

The right machine can save water, power consumption, time, energy and your clothes from damage.

In 2010, Hans Rosling, a Swedish statistician, convinced a room full of people that the washing machine was the greatest invention of the industrial revolution. In the TED talk delivered by him, he illuminates how the washing machine freed women from doing hours of labour intensive laundry, giving them the time to read books and eventually join the labour force. Rosling’s argument rings true even today as it is difficult to deny the significance of the washing machine in our everyday lives.

For many households, buying a washing machine is a sizable investment. Oddly, buyers underestimate the importance of the decision-making process while buying one and don’t research the purchase as much as they would for a television or refrigerator. Most buyers limit their buying criteria to type, size and price of the washing machine.

Visible technological advancements can be seen all around us, making it fair to expect a lot more from household appliances, especially washing machines. Here are a few features to expect and look out for before investing in a washing machine:

Cover your basics

Do you wash your towels every day? How frequently do you do your laundry? Are you okay with a bit of manual intervention during the wash cycle? These questions will help filter the basic type of washing machine you need. The semi-automatics require manual intervention to move clothes from the washing tub to the drying tub and are priced lower than a fully-automatic. A fully-automatic comes in two types: front load and top load. Front loading machines use less water by rotating the inner drum and using gravity to move the clothes through water.

Size matters

The size or the capacity of the machine is directly proportional to the consumption of electricity. The right machine capacity depends on the daily requirement of the household. For instance, for couples or individuals, a 6kg capacity would be adequate whereas a family of four might need an 8 kg or bigger capacity for their laundry needs. This is an important factor to consider since the wrong decision can consume an unnecessary amount of electricity.

Machine intelligence that helps save time

In situations when time works against you and your laundry, features of a well-designed washing machine can come to rescue. There are programmes for urgent laundry needs that provide clean laundry in a super quick 15 to 30 minutes’ cycle; a time delay feature that can assist you to start the laundry at a desired time etc. Many of these features dispel the notion that longer wash cycles mean cleaner clothes. In fact, some washing machines come with pre-activated wash cycles that offer shortest wash cycles across all programmes without compromising on cleanliness.

The green quotient

Despite the conveniences washing machines offer, many of them also consume a substantial amount of electricity and water. By paying close attention to performance features, it’s possible to find washing machines that use less water and energy. For example, there are machines which can adjust the levels of water used based on the size of the load. The reduced water usage, in turn, helps reduce the usage of electricity. Further, machines that promise a silent, no-vibration wash don’t just reduce noise – they are also more efficient as they are designed to work with less friction, thus reducing the energy consumed.

Customisable washing modes

Crushed dresses, out-of-shape shirts and shrunken sweaters are stuff of laundry nightmares. Most of us would rather take out the time to hand wash our expensive items of clothing rather than trusting the washing machine. To get the dirt out of clothes, washing machines use speed to first agitate the clothes and spin the water out of them, a process that takes a toll on the fabric. Fortunately, advanced machines come equipped with washing modes that control speed and water temperature depending on the fabric. While jeans and towels can endure a high-speed tumble and spin action, delicate fabrics like silk need a gentler wash at low speeds. Some machines also have a monsoon mode. This is an India specific mode that gives clothes a hot rinse and spin to reduce drying time during monsoons. A super clean mode will use hot water to clean the clothes deeply.

Washing machines have come a long way, from a wooden drum powered by motor to high-tech machines that come equipped with automatic washing modes. Bosch washing machines include all the above-mentioned features and provide damage free laundry in an energy efficient way. With 32 different washing modes, Bosch washing machines can create custom wash cycles for different types of laundry, be it lightly soiled linens, or stained woollens. The ActiveWater feature in Bosch washing machines senses the laundry load and optimises the usage of water and electricity. Its EcoSilentDrive motor draws energy from a permanent magnet, thereby saving energy and giving a silent wash. The fear of expensive clothes being wringed to shapelessness in a washing machine is a common one. The video below explains how Bosch’s unique VarioDrumTM technology achieves damage free laundry.

Play

To start your search for the perfect washing machine, see here.

This article was produced by the Scroll marketing team on behalf of Bosch and not by the Scroll editorial team.