Analysis Of National Digital Health Blueprint
________________________________________________________________________________
This Blog is written by Dhruv Agarwal from Symbiosis Law School, Noida. Edited by Ravikiran Shukre.
________________________________________________________________________________
INTRODUCTION:
Today, digital technologies play a major role in the delivery of health care. The National Digital Health Blueprint (NDHB) offers an approach to developing fundamental components of IT that will enable the health ecosystem to streamline knowledge flows through players in the ecosystem while keeping people, their privacy and data confidentiality at the forefront. Good design will help speed up the implementation and improvement of health services in both the public and private sectors. The NDHB identifies key building blocks by looking at the most common health ecosystem requirements.
To establish a comprehensive National Digital Health Blueprint (NDHB), it is pertinent to identify the key actors in healthcare systems, which are given below:
• Person – Patient, Family Member, Beneficiary
• Care Professional – Doctors, Nurses, Lab Technicians, ASHA workers etc.
• Care Provider – Hospital, Clinic, Diagnostic Centre
• Payer – Insurer, Health Plan, Charity
• Governing Bodies – Ministry, Professional bodies, Regulator
• Research Bodies – Researcher, Statistician, Analyst
• Pharmaceuticals – Drug, Device Manufacturers and Supply Chain players
Identifying The Building Blocks:
In architectural terms, the building block is a package of functionality designed to meet business needs. Building blocks need to be interoperated with other building blocks. Better choice of building blocks will lead to changes in legacy system integration, interoperability and versatility in the production of new systems and applications. Where there is a need for interoperability, it is essential that interfaces
The building block is published and relatively stable. There’s a building block, it is intentionally designed to be cross-functional, allowing its generic functionality to be applied to different contexts. Each building blocks must have the following characteristics:
• Provide stand-alone, useful, reusable and enforceable capabilities in the health field.
• Cross-functional across the value chain by design
• Applicable to multiple use cases in healthcare
• Interoperable with other building blocks
• Use shared digital infrastructure (to the extent feasible)
• Standards-based and
• Designed for scale
Each Building Block must have a specific “Business Owner” and “Technology Owner” The owner of the company is responsible for determining the rules and policies that are important to the effective management of the building block. The technology owner will be responsible for handling the company requirements and enforcing those requirements effectively.
Building Blocks, once identified, must be implemented using workflow-based modules and will communicate with other building blocks using open APIs. The Building Block of the Personal Health Identifier (PHI) will be the centrepiece for integration with all other components of the health ecosystem and for the maintenance of the Personal Health Record (PHR).
Identifying new blocks is an ongoing activity, with more blocks coming up over time.
SIGNIFICANCE OF THIS DEVELOPMENT:
Layer I: Infrastructure:-
1.Secure Health Networks:
- Blueprint should be built to work on public networks by default.
- Secure connectivity like MPLS or VPN may be used wherever access to sensitive or aggregated data is involve
- High bandwidth network systems may be specially designed for applications like tele-health, tele-radiology that require strong data links to systems like PACS low latency
2. Health Clouds:
Builds on the MeitY initiative of Government Community Cloud (GCC) with stronger security and privacy policies and infrastructure, key data hub management services must be on it.
3. Security & Privacy Operations Centre:
All events on the Health-Cloud and the Health Network need to be under 24×7 security surveillance ensuring “every data byte is highly secure”.
• This will be done via a Security Operations Centre (SOC); the Committee recommends setting up a dedicated Privacy Operations Centre (POC) to drive compliance on privacy requirements.
• POC will monitor access to private data, review consent artefacts, audit services for privacy compliance, etc.
Layer II: Data Hubs
1. Personal Health Identifier (PHI):
The PHI program will gather information on demographics and places, family / relationship information, and contact details. FHIR specification must be followed; contact details can be easily changed as India has a huge churn of mobile numbers. Further elaborating in a later section, the blueprint says that “uniqueness is a key attribute of PHI” and the algorithm that issues a PHI must try to return the same identifier for the individual in all cases. It continues:
“While Aadhaar assures uniqueness of identity and provides an online mechanism for authentication, it cannot be used in every health context as per the applicable Regulations,” the PHI design must allow for multiple identifiers for the design the structures and processes relating to PHI.”
The Committee recommends that the Ministry of Health, in consultation with MeitY and UIDAI, finalize the design of the PHI after taking into account the “regulatory, technical and operational aspects.”
Personal Health Record (PHR): It’s preferable to provide a federated framework with multiple players operating on an interoperable platform to share health data.
• PHR content will allow for evolution, ranging from simplistic content with very little metadata to a highly structured content that follows the criteria set out in the blueprint.
• PHR can only collect data relating to major health and medical incidents and forms of events to be recorded and documented, with modifications Digi locker design should be adopted.
2. Health master directories:
Will hold the master data of various entities. Directories must serve as a “single source of truth” and have to be designed for easy access and use by multiple NDHB users. Health apps must be able to use the registry to verify a doctor and allow him to add or view authorized records.
IMPACT:
On Healthcare Providers:
With the publication of the final NDHB, we plan to promote the implementation of health-care requirements. The paper requires all healthcare players-new, conventional & alternative-to cooperate through accessible and interoperable clinical documentation, despite its detailed nature.
With AyushEHR, we help AYUSH practices move onto the NDHB bandwagon and make sure they are always linked via the changing NHDE to the healthcare community of the whole nation. Following the development of standards-compliant documents, we expect a greater operation of testing and validation in AYUSH leading to greater trust and increased acceptance.
Limits of The Blueprint:
The Blueprint fails to address infrastructural concerns regarding the implementation of a digital health system in India. The Blueprint restricts itself, perhaps purposely, to defining the elements of the new health system, thus refusing to discuss the implementation process. For example, the Blueprint incorporates the idea of Privacy by Design, and the health facility was made responsible for ensuring that the data is kept safe and confidential.
The Blueprint also recommends that healthcare providers adopt the International Standard Organisation’s (‘ISO’) 22600:2014 Health Informatics – Privilege Management and Access Control as a best practice. Implementation of ISO standards, however, may be challenging for most healthcare providers in India and monitoring compliance with data security at the level of healthcare providers may also prove a challenge. Rather, storing data with autonomous agencies that are responsible for running the health system may lead to better data protection outcomes. This approach was explored by the Government in 2018 and they had even published a draft law titled the Digital Information Security in Healthcare Act (‘the Act’).
Legal Challenges:
At a time when the country is right in the midst of a public health emergency, adopting the National Digital Health Blueprint is becoming all the more critical to ensure quality care is delivered to all strata of society. The introduction, however, comes with an expected set of legal challenges.
Some of the key issues with the National Digital Health Blueprint (NDHB) study is that it recommends a structure that overlaps significantly with the constitutional right to privacy. Furthermore, it does not completely match the privacy standards recommended by the Group of Privacy Experts (Justice A.P. Shah Committee) and the more recent report by Justice B.N. Srikrishna Committee, whose data protection guidelines form the central basis for the draft Personal Data Protection Bill, 2018.
In addition, the blueprint provides for the use of Aadhaar-based authentication for schemes under Section 7 of the Aadhaar Act. However, the Aadhaar judgment of the Hon’ble Supreme Court held that only when backed by statute can Aadhaar be used, and even the amended 2019 Aadhaar Act requires Aadhaar to be used only for telecom and banking purposes.
In addition, the blueprint does not provide sufficient safeguards against the commercial exploitation of Sensitive Personal Information (SPI) which may be caused by private entities that under this system will be linked to public entities. These include insurers, pharmaceutical firms, and manufacturers of devices. An illustrative example of this challenge is the use of Aadhaar for the online electronic signature service (e-Sign) as a fast and convenient method for accessing various medical services within the NDHB system.
CONCLUSION:
The move toward digital health is inevitable, making it all the more important for India to ensure that this change takes place in a structured manner that serves patients’ best interests. The Blueprint should be seen as something of a long-term plan that can be put into action after some of the foundational building blocks are laid. India has yet to complete the first step in creating a digital health system that digitizes paper records and develops a uniform way to capture patient data in electronic health records.
When all records have been digitized in such a way as to be available through networks, a health information system can be put in place, which would act as a repository for the medical records of every patient. The Government has taken several measures towards prescribing health record standards and creating a national exchange of health records. Nevertheless, in India, the EHR principles are not generally followed, and the Act remains in the draft stages.
If properly leveraged, the EHR standards and the Act can help speed up the adoption of digital health records and serve as the foundation for all health service providers in India. Once these first steps have been taken, India can finally move towards the long-term goal of adopting a Blueprint-envisioned digital health system. That being said, the Blueprint has aptly crystallized the dream of the future of health care in India, and it is fair to say that the future looks bright.