The Ministry of Health and Family Welfare sidestepped a question in the Rajya Sabha, asking if the government would store Indian citizens’ data as part of the the National Digital Health Mission (NDHM) with an Indian company, or a foreign one. It only replied that “[t]he selection of vendors for NDHM is compliant with various applicable rules and policies of Government of India”.
Aam Aadmi Party (AAP) MP Sanjay Singh, who asked the question, also wanted to know whether there was any violation of citizens’ privacy if the data was stored with an “external company”. The issue of how the health data of Indian citizens’ is stored assumed significance in recent weeks. The CoWIN ecosystem, the backbone of the Indian government’s COVID-19 vaccination effort, relies on Amazon Web Services (AWS), an arrangement that isn’t kosher even for health secretary Rajesh Bhushan, according to a report by The Ken. Bhushan is said to have favoured the use of MeghRaj, developed by the National Informatics Centre (NIC) instead.
No centralised database: Ashwini Kumar Choubey, Minister of State in the ministry, replied that citizen data is stored in a federated architecture, and not on a centralised database.
“The data is stored in a federated architecture as described in the National Digital Health Blueprint released by the Government of India in 2019. There is no centralized database of medical records. However, NDHM enables appropriate use of the health data of each individual for his/her own healthcare with his/her consent only. Therefore, there is no violation of privacy of Indian citizens.” — Ashwini Kumar Choubey, Minister of State, Ministry of Health and Family Welfare (emphasis added)
The ministry, it its answer, referred to the National Digital Health Blueprint (NDHB) to list out privacy safeguards in the NDHM. All applicable laws, rules and judgements of the Supreme Court are being followed, it said. “All applicable laws, rules and judgments of Hon’ble Supreme Court are being followed. Health Data Management Policy has also been approved. Apart from various legal provisions, all technical solutions possible to ensure data privacy and security are being put in place.”
The ministry said a “government community cloud infrastructure”, as defined by the Ministry of Electronics and Information Technology (MEITY), is being used to host all data. “All events on this cloud infrastructure would be under 24×7 surveillance to ensure highly secure environment.”
Over 6 lakh Health IDs generated so far
As many as 630,478 Health IDs have been created as part of the NDHM as on January 21, 2021, the ministry revealed in the same answer. The pilot phase of the NDHM is active in the six union territories of Andaman & Nicobar Islands, Chandigarh, Dadra Nagar Haveli and Daman & Diu, Lakshadweep and Puducherry.
This number is likely to increase dramatically in coming weeks, with the ongoing countrywide COVID-19 immunisation drive. Prime Minister Narendra Modi had in October last year announced that a Health ID would be used for the vaccine delivery system. Earlier this month, the Health ministry issued a gazette notification, allowing for the use of Aadhaar authentication on a “voluntary basis” to create Health IDs. Currently, the CoWIN system allows beneficiaries to create a Health ID, as it would “facilitate integration of health data across various applications and create logitudinal Electronic Health Record for citizens”.
- Health Ministry Permits ‘Voluntary’ Aadhaar Authentication For Creation Of Unique Health ID
- Digital Health ID will be used for COVID-19 immunisation: PM Modi
- All you need to know about the National Digital Health Mission
- Govt’s Vaccine Management System CoWIN Will Use Aadhaar For Authenticating, Tracking Beneficiaries