By Bibhudutta Pani*
This Article analyses the latest policy statement [tilted Health Data Retention Policy (HDR Policy)] published on November 23, 2021,under the aegis of the National Digital Health Mission (NDHM) that introduces a mandatory opt-in as one of the possible mechanisms of executing the mission. This in turn, has the (likely) un-intended effect of devaluing (akin to nationalization) of the asset base created by the health-tech industry backed by venture capital funds, especially in the areas of creation (and subsequent commercialization) of digital health records.
NDHM Framework’s Voluntary Nature
Government of India’s Ministry of Health and Family Welfare (“MoHFW”) has conceived the idea of NDHM which stems from the National Health Policy, 2017. The NDHM aims to digitise the healthcare ecosystem of India. This would be done by creating digital health records and creating and maintaining registries for healthcare professionals and health facilities in order to ensure a smooth interoperable framework for the multiple partners associated with healthcare delivery to individuals in India. The objectives of NDHM are articulated across various policy frameworks laid out to address different parts of a larger set-up that is now come to be known as the National Digital Health Ecosystem (“NDHE”).
To begin with, it must be acknowledged that participation in NDHE is so far set out to be entirely voluntary. This opt-in based, voluntary nature of the endeavour is made amply clear in all of the policy statements and position papers on this subject, barring the press release (dated September 26, 2021) for launch by the prime minister of universal digital health ID that specified that digital health ID will be mandatory for each and every citizen.
Blurring of the Lines
The Health Data Management (HDM) Policy is one of the tools of NDHM to foster the NDHE. The HDM Policy addresses areas such as secure processing of personal and sensitive personal information, information security parameters and standards, fostering a system for creation of digital health records that are easily accessible, the consent architecture for access and use of digital health records, increasing awareness about data privacy, leveraging of information technology by healthcare ecosystem etc. At a first glance these do appear to be matters that relate to the ecosystem and hence need to be addressed at a policy level, except that one of them is not. Digital health records, which is the bedrock on which NDHM is conceptualized, are a rather recent phenomena in the Indian context. That the penetration of EHR (which comprises a portion of all digital healthcare records) is estimated at a measly 1.5% of the hospitals as of 2020 is an indicator of how much more needs to be done in this area.
Not only is there a low threshold of digitization to begin with, adoption of technology in healthcare has also been relatively slower. The ecommerce wave that started a little over a decade ago sure enough gained popularity and the general populace (and not just those in India metros) are now adept at shopping for clothes, electronics or groceries online. Similar degrees of user adoption have also been witnessed in say urban mobility (cab aggregators), food-tech (online ordering) or even entertainment (streaming) industries, but tele-healthcare certainly cannot be said to have been the crowd puller. The relationship that a patient/caregiver has with a doctor is trust based and personal in nature; so, adoption of technology as an interface vis-à-vis a healthcare professional is far more uphill a task as compared to that with say a grocer, cab driver, beautician etc.
In the beginning, only large, corporate hospitals had websites and hence some digital presence to speak of. The patient community had no reason to turn to digital medium to interact with the healthcare industry since the industry had no meaningful presence in the digital world. So, the first step was to incentivize the stakeholders in the healthcare industry to have a digital presence; creation of digital registers and digital records became the entry point for the health-tech industry that then relied on it to reach out to consumers and build a marketplace. These businesses were built by relying on venture capital funds who viewed this (cost of building a digital directory and records) as sunken cost of entering the health-tech market. Indian health-tech sector has seen a surge ininvestment from 2015 and the sector has received US$ 3.4B funding since 2014 till last year. It is no secret that a lion’s share of these funds was deployed in acquiring customers; creating a digital register (including both patient and provider information and in some cases EHR) was the first point of interaction that the health-tech industry had with customers.
It is critical to consider that the interface of digital technology with the healthcare industry is in sharp contrast to say the banking industry where use of technology (and specifically digital technology) was prevalent; most private banks started full-fledged internet banking systems by the mid of the first decade of this century. So, a fin-tech enterprise did not have to go out there and convince the industry to build digital presence to interact with the consumers. I give example of BFSI industry because interestingly the consent architecture set out under the HDM Policy and then further expanded upon in the HDR Policy borrow the consent architecture relied upon by the financial industry under the Account Aggregator system; it is in fact an exact replica.
Optional but Mandatory
While the participation in generating and sharing of digital health/medical records, registers etc. are voluntary under the NDHM and NDHE, the new consultation paper for the HDR Policy suggests mandatory opt-in for retention policy. This suggestion undermines the voluntary nature of the NDHM that has been prominently publicized so far; it will therefore amount to treating at par of private businesses with the government incubated industries. A private business that has generated swathes of EHR/EMR or registers with millions of data sets (of both patients and providers) will then be forced to participate in a health information exchange where it is treated at par with another enterprise who has but only a fraction of the data that the former has been able to generate with years of efforts and burning of millions of venture capitalists’ dollars. The entire NDHM ecosystem, which at the inception was set up to be a voluntary, opt-in ecosystem allowing private businesses to operate within their own spheres shows signs of inching towards and squatting on asset bases generated by private businesses. Would it then be too inaccurate to term it as soft or back door nationalization?
Business is (not) Government’s Business
All of these frameworks and directions issued pursuant to the myriad number of position documents and policies such as HDM Policy, HDR Policy etc. are presented as topics of consultations that do not carry any binding effect, so it cannot of course be said with any degree of certainty that any of these proposals would see the light of the day. That said, the government charting out an initiative that necessitates its involvement in areas occupied by private businesses must be backed with strong reasons justifying market failures. None of these policy documents or position papers however venture in to discussing those market failures at any level of detail, which quite certainly is a missing link. Either the policymakers do not realize that they are proposing for the government to tread into a space occupied by private business or are keeping mum about the reasons for such a recommendation, neither of which is a healthy sign.