Don't let the National Digital Health Mission become the National Digital Surveillance and Exclusion Mission

On Monday, IFF wrote to the National Health Authority as part of the consultation being conducted for the National Digital Health Mission’s Health Data Management Policy. Our primary demands are that deployment of any digital health ID programme must be preceded by (a) enactment of general and sectoral data protection laws by the Parliament of India; and (b) meaningful public consultation which reaches out to vulnerable groups which face the greatest privacy risks.

This is a companion discussion topic for the original entry at

Hi, have any of the technologists here had a chance to take a look at the Health Data Management Policy for the National Digital Health Mission? We’ve looked at some problems like re-identification of anonymised data but would really benefit from any insights about other aspects of the technical architecture like claims that it is federated and not centralised etc.

1 Like

It’s a wishful document with no details on how things will work out in practice.

There’s no EHR standard that’s mentioned. (As per page 10 of things like discharge summaries will have to be digitized in FHIR-R4 but which EHR providers are implementing these standards?) So, what can a data principal give consent for sharing on? How much granularity would there be in giving consent?

This brings on a high risk that the consent will become a blanket consent to share all data.

Also, when is the consent taken? Is it always taken after data is collected? Can a consent that is taken today be valid for data that is generated tomorrow? You can see in hospital admission forms today that there is a “consent” given while getting admitted. Will the NDHM consent become a casually obtained, time-machine like this?

There is repeated mention of revoking consent. How does that work in practice? What happens to data that was already shared? Will the health information user delete the data for which consent was revoked? Who verifies that?

Can HIP deny request for data sharing? Can I, as a doctor, act on behalf of my patient to protect my patient’s privacy by refusing to share data?

The National Digital Health policy does not cap the limit to the personal and sensitive data that can be collected and store in Health ID. Also, the Health ID can be accessed by the patients, family and beneficiary. To further include that any data principal in possession of health ID shall be deemed to be the owner of such ID. Data will become easily accessible by anyone who is holding the ID and there is a high possibility of breach of data security.

Very fair points. There is no operational clarity about how the system will actually work and how it will ensure that consent is informed and specific. We’ll only find out once the system is fully implemented, and by then, it may be too late to undo problematic design choices.