In July 2018, the Niti Aayog invited comments on its paper on the National Health Stack (NHS). A year later, the Ministry of Health released the National Digital Health Blueprint 2019, drafted by the J. Satyanarayana Committee, which was formed to look into recommendations received on the NHS. The Ministry held an open-house in August 2019 on the Blueprint, see our report.

The NHS had proposed, among other things, anonymisation of health data, federated PHR, and to digitise health and data sharing in the sector. MediaNama obtained submissions on NHS to the Niti Aayog via RTI. The following are key points industry body FICCI (Federation of Indian Chambers of Commerce & Industry) made on the NHS paper (see their submission below):

Key issues in FICCI’s submission on HealthStack

  • Adherence to EHR Standards
    • Interoperability through open APls and open Standards: Strict adherence to EHR Standards will ensure true interoperability and help automate claims management including processing and adjudication thereof
    • Data Governance: “Mechanisms for anonymisation” should be in line with the appropriate section of the EHR Standards for India 2016
  • Data protection: Open source requires that adequate data protection measures are put in place to ensure that the data remains safe and secure at all times
  • Aadhaar: It should be ensured that an individual’s problems related to Aadhaar does not become a barrier to access essential services
  • E-prescriptions: The platform should also cover electronic prescriptions and pharmacy services
  • Right to be Forgotten: Patient should have the option of “Right to Forget” or not to participate in the collection of data; this will nullify his/her eligibility to service under free care

National Electronic Health Registries contain sensitive personal info, should be secure; beneficiary registry

FICCI warned that since health information is highly personal, sensitive and “consequently ultra confidential”, “beneficiary-to-beneficiary linkages pose a significant threat” and “unless implemented properly, it can lead to legal challenges and significant non-participation by individuals and solution providers”. Patients needing to access programs relating to HIV and mental health may opt out of getting care, if they aren’t convinced that their records are secure.

  • Open APIs: The statement “Creation, updation, and retrieval of data must be possible using open APIs” needs to be elaborated, because the nature of Open APIs makes them prone to vulnerability
  • Beneficiary Registry should capture information beyond health insurance programs, and should have strong focus on prevention, wellness, and curative aspects of care

Health Records should have no retrospective changes

A key guiding principle of part of the Federated PHR in the NHS document was that the proposed framework “must require minimal to no changes to existing IT products”. FICCI replied that any changes to an already-created health record are strictly forbidden and to ensure that no retrospective changes are carried out.

The EHR Standards of India lays down a correct mechanism to deal with this, and this principle in the NHS should be revised accordingly, said FICCI.