As India celebrated the 74^th anniversary of its independence in 2020, Prime Minister Narendra announced the launch of the National Digital Health Mission (NDHM), also known as Ayushman Bharat Digital Mission. Terming it a revolution in the country’s healthcare system, Modi added that a digital national health ID for citizens will be generated to ensure easy and one-touch access to all their health information. 

This digital health ID comes as a follow up to the National Health Policy 2017 that had provided for establishing an integrated health information system. The objective is to improve efficiency and promote transparency across all healthcare segments like hospitals, pharmacies, insurance companies, labs etc. 

This concept was elaborated upon further in Niti Aayog’s 2018 consultation paper on the issue. Niti Aayog recommended development of what it called a “National Health Stack”, a digital ecosystem streamlining (and centralising) all healthcare services and processes. In 2019, the National Digital Health Blueprint 2019 also advocated such an integrated digital health information system. 

All this led to the formulation of the NDHM and the launch of its strategic document on August 7 2020, with the PM announcing the formal rollout of the system on September 27 of this year.

How to create a health ID

The National Digital Health ID is linked to a centralized database storing all health-related information of the individual. The Health ID is a randomly generated 14 digit number that can be used for unique identification, authentication, and threading of the beneficiary’s health records after acquiring informed consent from the user. Post consent, the information can be accessed by various stakeholders that are part of the platform.

Read more: Op-ed: What India’s public health system needs to pass the COVID-19 acid test

One can create a health ID by registering either through a portal (https://healthid.ndhm.gov.in/) or a mobile application (Ayushman Bharat Digital Mission). The user can also get a health ID by visiting a health facility such as private or government hospitals, community health centers and health wellness centers across India. 

At present, the health ID can be generated only via your mobile or your Aadhaar number, though Aadhaar is not compulsory for registration. Other documents like PAN or driver’s license may be added in the list of necessary documents.

Also, in case the user’s Aadhaar card is not linked to his/her mobile number, he/she will have to visit the nearest healthcare facility and undergo a biometric authorization to register for a health ID. No fee is required for registration.

The NDHM also allows the user two other options: of either permanently deleting or temporary deactivation of the account. On permanent deletion, all the individual’s information will be deleted from the network and the beneficiary will not be able to retrieve any information linked to that particular health ID. Deactivation will block access to information only for the period specified for such deactivation. 

How does a health ID benefit citizens? 

As per the NDHM policy, all entities or individuals who have been issued an ID, healthcare workers, governing bodies under the Ministry of Health and Family Welfare, health information providers, health facilities, research bodies, drug manufacturers and insurers are all eligible for obtaining this digital health ID. 

The objective is to ease hospital formalities like documentation requirements. Having a central system, according to the government, will ensure streamlined and inclusive delivery of healthcare. 

Read more: Explained: The Data Protection Bill and how it proposes to safeguard your personal data

For example: If a patient admitted in AIIMS Delhi wants to shift to a private healthcare facility in Pune, he/she will not need to carry all the physical documentation and medical history. This will be available to all healthcare facilities at one touch through the national health ID. 

The platform also provides for easy search of doctors, pharmacies or labs around you.

‘But I never asked for one’: Security concerns with NDHM

As proponents of NDHM point to the several benefits of this new digital-driven integrated system, several sections of society have raised serious doubts over the privacy standards of the system. Critics are questioning the launch of NDHM without having in place a legal framework and an independent regulatory structure for data protection. The Personal Data Protection Bill has been pending in Parliament since 2019. 

Meanwhile, many users are now suddenly realising that those who opted for Aadhaar based enrollment during COVID-19 vaccination on the CoWIN site have automatically been registered for the health ID. In January 2021, the Ministry of Health and Family Welfare had officially allowed Aadhaar-based authentication for the purpose of identification, while engaging with any health IT portal promoted by the Health Ministry. As a result, this allowed the CoWin portal as well to accept Aadhaar for authentication. 

According to the first point of sub-section 2 (Use of Information) of Cowin’s privacy policy, If you choose to use Aadhaar for vaccination, you may also choose to get a Unique Health ID (UHID) created for yourself. However, for generating this UHID, you must be authenticated through any of the means accepted for Aadhaar authentication at the time of verification at the vaccination centre. 

This feature is purely optional. However, as per media reports , many of the beneficiaries who have been enrolled in the CoWin portal using their Aadhaar ID have alleged that they got a digital health ID created without their consent or being offered an option to opt out from getting one created. The National Health Authority, the nodal agency for implementing NDHM, in a reply to The Print, which reported on this, said that this is because the CoWIN app has been integrated with the health ID system and registering for vaccination using Aadhaar on the app automatically provides consent for health ID registration too.

Given that this information has not been widely disseminated, most vaccinated citizens and those waiting to get vaccinated, are not even aware of their health ID registration.

Critics say this is a serious invasion of privacy and unethical. However, due to the lack of a national privacy data law, it is difficult to prescribe any specific legal recourse. The Centre for Internet Society (CIS), a research organization working on issues of privacy and internet rights, had recommended that the enactment of the privacy law before implementation of NDHM. The organization has made several other important recommendations such as the role of state governments in implementing the policy (as health is a state subject), clear definitions and scope of health data. 

Lack of digital access and language barriers are also being cited as major problems with the NDHM.

Also read:

• Is Chennai becoming a surveillance city? CCTVs raise questions and concerns
• Mental health helpline received 72,000 calls in a year, thanks to the pandemic