The Centre for Internet & Society has made its submission to the National Digital Health Blueprint 2019 public, it addresses challenges and caveats in implementing an EHR system in India, wherein digital literacy and literacy levels are low. It explains that PHR benefits have been useful to those who are technically competent. It also flags issues with Digilocker and eSign, both of which are building blocks in the Blueprint. It also recommends that consent frameworks be designed around consent as a product. Comments for the Blueprint closed on August 4, and haven't yet been made public. The Ministry of Health held a public consultation on the Blueprint; our report of the day here. A summary of the Blueprint document is here. Here are detailed notes from CIS' submission (embedded below): Anonymisation: DPA should create standards, only authorized bodies should access anonymised data The Srikrishna Committee report has talked about the failure of anonymisation/de-identification, which can become redundant if quasi-identifiers are used. The EU and South Africa, among others, have put anonymised data outside the scope of data protection law. India has similar provisions in the PDP Bill, and additionally, also criminalises de-identification of anonymised data, without the consent of the data fiduciary. The Data Protection Authority, as envisioned in the PDP Bill, should "create these standards that the health data under NDHB should follow, to ensure the privacy of individuals", as the Srikrishna Committee report has also recommended. To address the possible failure of anonymisation, CIS recommends that the NDHB…
