More APIs and plans for the National Health Stack have been made public after Bangalore-based private think tank iSpirt initially demoed the health data consent manager on May 23. Over webinars held on May 30, June 6, and June 13, iSpirt revealed further plans including that of building registries, including a doctor registry. It also revealed that test environments for some of the Health Stack components will go live on June 30, and will be open to everyone, and not just members of the Swasth Alliance. Certain players in the health information flow will have to be certified, which will begin on July 27.

Here are some of the most important developments:

1. API Bridges: What they do and their certifications

Consent managers in the Health Stack will let patients consent to have their data flow between hospitals, labs, and clinics which have their health records (Health Information Providers) and doctors and first-care responders to want to use it (Health Information Users), as we had explained earlier.

On May 30, iSpirt explained that HIPs and HIUs will plug into the consent manager ecosystem through entities called “API Bridges”. iSpirt had made their APIs public earlier on May 23. HIPs and HIUs can either build their own or plug into a third-party API Bridge. “Private companies can also innovate on the API bridges, and innovate on providing PDF uploads to small labs. Some may offer cloud solutions,” Shetty said. “It’s fairly simple to get up and running, it should take two-four weeks in being [Editor: to develop?] an API bridge,” Shetty said.

API Bridges and Consent Managers will have to be certified:

Both the consent manager (CM) apps and API bridges are part of the health information flows and will be hosted by the gateway (see image below). Each consent manager app and API Bridge will have to enroll on their respective registries, which will include their metadata, IDs, access URL, certificate information, other transactional information about activity, timestamp, and so on.

“The entry criteria for being part of this registry is a certification process, every entity will have to be certified against both functional attributes relevant for interoperability and non-functional attributes such as high availability, scale, and security,” Shetty said. “Once they complete their certification based on those test cases, they can be added to the registry. Both registries, hosted by the gateway, will be publicly accessible to anyone in the gateway,” he added. Certifications for this will begin on July 27.

A few questions:

  1. Who will be the certifying body? Will it be iSpirt? The test environment is going live in 2 weeks, but there is no sign of a government or regulatory oversight. This, when the HealthStack is being built with players who have worked closely with the government. The Swasth Alliance is both riding on Aarogya Setu’s popularity and has onboarded Kant and Bhushan as advisors.
  2. Who will set the standards for the test environment? Who will analyse the findings? Who will ensure fair play?

2. Registries are being built, including a doctor registry

Players in healthcare need to be identified via an interoperable system to enable digital health, iSpirt volunteer and NHA tech advisor Anandampillai explained. “The Health Stack recommends that master data for various entities in the ecosystem be built into registries,” he said. The goal of the registries is to enable trust in the ecosystem in both teleconsultation and offline scenarios, another iSpirt volunteer Vikram Srinivasan said on June 6. It is developing a facility registry (all labs, hospitals, clinics), a doctor registry, and a beneficiary registry (every beneficiary of Ayushman Bharat for instance).

Each registry will be governed by the following design principles, they will ensure that the doctors can upload their own information, that each element is verified, and that access is layered. The Doctor Registry will contain the following, and each element will be verified:

  1. Demographics: Name, Year of Birth, Gender, “could be verified using eKYC from UIDAI”
  2. Contact info: Mobile, email – will be verified via OTP
  3. PAN Card – will be used for eSign – will be verified via NSDL APIs
  4. Medical registrations – can initially be verified by using uploaded certificates, following integration with state medical councils

The registries will enable doctors to sign eSign prescriptions, diagnostic reports, and discharge summaries from their phones or online, thus allowing them to “easily participate in the digital health ecosystem”. Insurance companies can ensure that the doctor signing off on eClaim documents are legitimate. Doctors can also collect CME points online; they can get online services from state medical councils.

3. Test environments for the doctor registry and PHR will go live on June 30

iSpirt will go live with the test environment for the doctor registry and the Personal Health Record (which includes the API Bridges and Consent Managers mentioned above) on June 30.

It has already released APIs for the PHR (May 23), and two sets of APIs for the doctor registry public (June 6). The test environment for the doctor registry was supposed to go live two weeks earlier on June 15, but iSpirt clubbed it with the test of PHR at the request of some developers. “Everything is on track [for the June 30 test environments to go live],” Sharma said on June 6.

4. iSpirt says the test and certifications are not restricted to Swasth Alliance members 

The test environment and certification for APIs in the National Health Stack is “completely open”, and will be available to everyone, and not just to members of the Swasth Alliance, iSpirt’s Sharad Sharma said on May 30. In fact, Sharma himself brought up the question and made the answer explicitly clear. “The APIs are public, and the test environment will be published as well, when it’s ready,” Sharma said. It’s completely open, iSpirt volunteer Siddharth Shetty reiterated.

“You are not required to be part of the Swasth Alliance, although we do encourage you to consider it. You will then be among people who are working on the same infrastructure,” Sharma said. We are hoping that there will be a home-brew computer club effect where competitors also share tacit knowledge with respect to bucks, hacks, and workarounds,” he added on May 30.

Given iSpirt’s track record and history, it is obvious why this came up. When the UPI ecosystem  whose APIs iSpirt developed as well  was nascent, select players got early access, preferential treatment, depending on inner circles. By the time CitrusPay got a UPI license, the market was already a duopoly of PhonePe and BHIM. iSpirt is developing the HealthStack in association with the Swasth Alliance, which includes key telemedicine and health-tech companies including Practo, 1mg, mFine, among others. iSpirt is acting as the “design architect and advisor”, as Indu Bhushan, the CEO of both National Health Authority and Ayushman Bharat has said (our concerns about this are here).

5. Teleconsultation is going to be a focus for the next few months: Swasth will announce their own platform

On June 6, Sharad Sharma ronce again said that “the focus for the next few months is going to be only teleconsultation. Swasth Alliance will announce their own app / platform.” Both telemedicine and Aarogya Setu are part of the Health Stack, Sharma had said on May 23.

Currently, teleconsultation is free and hence untrusted, and providers see it as a source of referral fees. Patients see it as a racket and there are no real standards of care, which means the market does not grow, he said. “The golden scenario is the teleconsultation is paid, the providers should compete to provide the best service, and don’t see the frontend apps as a threat,” he said. “Trustworthy transactions will happen when there are standards of care and transparency in business:The protocol server, doctor registry, and the PHR will bring in trust.” The transparent business rules, will be enforced by the Open Health Services Network (OHSN) layer and by an auditable money settlement system (or the electronic claims engine).

6. Consent managers are expected to invent on IVRS, and SMS

“Different consent managers will target different users. Some can focus on self-service, assisted experience, some may even offer it through IVR call, or inbound or outbound SMS. It depends on the user segment the manager is targeting,” Shetty said.

The consent manager has to provide a UI for facilitating discovery and linking, for showing the consent request to the user in an informed enough manner, and then allowing accepting or rejecting it, and showing a log of consent. It’s tasks are:

  1. Providing UI for discovery and linking,
  2. Showing consent request and showing it simply: this will vary depending on the kind of user
  3. Allowing accepting or rejecting of the consent, showing the users a log of consents

*

Links:

Read more: 

  1. iSpirt demos a key part of Health Stack — the health data consent manager. Some questions. [read]
  2. The state of Telemedicine policy, law and digital infrastructure in India, by Anand Phillip on Kaarana [read]