The Union Ministry of Health and Family Welfare notified the Unique Health Identifier (UHID) Rules, 2021 in January. The UHID is a unique ID issued by the Centre to identify and authenticate beneficiaries in various health IT applications.
The UHID Rules had six provisions in terms of dealing with the health ID. The rules reiterated using Aadhaar for UHID verification is voluntary. The rules also objected to the denial of health services due to the non-provision of Aadhar and proposed alternatives for verification.
Sign up for your weekly dose of what's up in emerging technology.
On the one hand, digitising healthcare can drastically improve the country’s health system; on the other, our weak data privacy laws could lead to misappropriation of collected data.
The National Digital Health Mission (NDHM) is taking several measures, such as UHIDS, to streamline India’s healthcare system.
With UHIDs in force, all healthcare records, including appointment, payment, prescriptions, vitals, X-rays, etc will be stored in one place. This has several benefits in terms of building a digital health infrastructure.
With all information on one platform, the healthcare system can be easily streamlined. The doctor-patient match-ups stand to benefit hugely.
Such a system has been implemented successfully in several countries. For example, Estonia has one of the world’s most advanced digital healthcare systems, with more than 95% of the health data getting digitised.
With a comprehensive e-health system in place, data stewardship models such as data commons and data trusts can be leveraged to ensure all the people who have contributed to the database benefit from it. The data can be used for different purposes, right from automating administrative tasks to running complex models for medical research.
E-health systems also help create longitudinal databases, which have many advantages for research, like understanding the long-term impacts of medical interventions.
Data Privacy Laws
While digitising healthcare has several advantages, studies have shown health data can be misused in the absence of a robust data protection law. The Centre should put checks and balances in place, with clear guidelines on accountability before the implementation of UHI.
India’s current data protection laws are categorically weak. Moreover, the Personal Data Protection Bill, 2019, has been criticised for granting excessive power to the central government.
Without strong data protection laws, guidelines, or policies will be rendered effective. And given that the Rules allow collecting information about religious beliefs, sexual orientation, and political opinion, such data can be used for profiling and surveillance of citizens.
With such sensitive information being collected, we need to be careful about the role of private players. If the entire data stewardship goes to the private players, it will increase the existing power imbalances, unless appropriate models are developed to safeguard public interests.
Further, private entities using Aadhaar cards for authentication to process health IDs might contravene the Supreme Court’s judgement, which held the authentication of Aadhaar by private entities to be unconstitutional.
Is It Really Voluntary?
When Aadhaar came into existence, it was supposed to be voluntary. But slowly, it was needed for everything, right from availing mid-day meals in schools to getting your EPF pensions.
While the Centre has declared the UHID as voluntary along with the use of Aadhaar for its registration, both have the potential for exclusion and coercion.
For instance, a discount at a Government hospital could be availed only if you have an Aadhaar card. Despite Aadhaar being voluntary, people are not left with much choice, especially working-class people or marginalised communities.
In the case of UHIDs, the Prime Minister has already mentioned the use of these IDs for rolling out vaccines.
Inarguably, digitised healthcare has its share of advantages. However, establishing an e-health system will present a threat to data or privacy rights without proper data protection laws.
If the government takes to exclusionary or coercive means to ensure more people are enrolled, as it did with Aadhaar, we will have substantial digital infrastructures, but at what cost?