The Centre for Internet and Society
http://editors.cis-india.org
These are the search results for the query, showing results 1 to 5.
Unpacking Algorithmic Infrastructures: Mapping the Data Supply Chain in the Healthcare Industry in India
http://editors.cis-india.org/raw/unpacking-algorithmic-infrastructures
<b>The Unpacking Algorithmic Infrastructures project, supported by a grant from the Notre Dame-IBM Tech Ethics Lab, aims to study the Al data supply chain infrastructure in healthcare in India, and aims to critically analyse auditing frameworks that are utilised to develop and deploy AI systems in healthcare. It will map the prevalence of Al auditing practices within the sector to arrive at an understanding of frameworks that may be developed to check for ethical considerations - such as algorithmic bias and harm within healthcare systems, especially against marginalised and vulnerable populations. </b>
<p style="text-align: justify; ">There has been an increased interest in health data in India over the recent years, where health data policies encourage sharing of data with different entities, at the same time, there has been a growing interest in deployment of Al in healthcare from startups, hospitals, as well as multinational technology companies.</p>
<p style="text-align: justify; ">Given the invisibility of algorithmic infrastructures that underlie the digital economy and the important decisions these technologies can make about patients' health, it's important to look at how these systems are developed, how data flows within them, how these systems are tested and verified and what ethical considerations inform their deployment.</p>
<p style="text-align: justify; "><img src="http://editors.cis-india.org/home-images/ResearchersWork.png/@@images/00a848c7-b7f7-41b4-8bd9-45f2928fd44e.png" alt="Researchers at Work" class="image-inline" title="Researchers at Work" /></p>
<p style="text-align: justify; "><strong>The </strong><strong>Unpacking Algorithmic Infrastructures</strong> project, supported by a grant from the Notre Dame-IBM Tech Ethics Lab, aims to study the Al data supply chain infrastructure in healthcare in India, and aims to critically analyse auditing frameworks that are utilised to develop and deploy AI systems in healthcare. It will map the prevalence of Al auditing practices within the sector to arrive at an understanding of frameworks that may be developed to check for ethical considerations - such as algorithmic bias and harm within healthcare systems, especially against marginalised and vulnerable populations.</p>
<h3 style="text-align: justify; ">Research Questions</h3>
<ol>
<li style="text-align: justify; ">To what extent organisations take ethical principles into account when developing AI , managing the training and testing dataset, and while deploying the AI in the healthcare sector.</li>
<li style="text-align: justify; ">What best practices for auditing can be put in place based on our critical understanding of AI data supply chains and auditing frameworks being employed in the healthcare sector.</li>
<li style="text-align: justify; ">What is a possible auditing framework that is best suited to organisations in the majority world.</li>
</ol>
<h3>Research Design and Methods</h3>
<p>For this study, we will use a comprehensive mixed methods approach. We will survey professionals working towards designing, developing and deploying AI systems for healthcare in India, across technology and healthcare organizations. We will also undertake in-depth interviews with experts who are part of key stakeholder groups.</p>
<p>We hereby invite researchers, technologists, healthcare professionals, and others working at the intersection of Artificial Intelligence and Healthcare to speak to us and help us inform the study. You may contact Shweta Monhandas at <a href="mailto:shweta@cis-india.org">shweta@cis-india.org</a></p>
<ol> </ol>
<hr />
<p>Research Team: Amrita Sengupta, Chetna V. M., Pallavi Bedi, Puthiya Purayil Sneha, Shweta Mohandas and Yatharth.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/raw/unpacking-algorithmic-infrastructures'>http://editors.cis-india.org/raw/unpacking-algorithmic-infrastructures</a>
</p>
No publisherAmrita Sengupta, Chetna V. M., Pallavi Bedi, Puthiya Purayil Sneha, Shweta Mohandas and YatharthHealth TechRAW BlogResearchData ProtectionHealthcareResearchers at WorkArtificial Intelligence2024-01-05T02:38:22ZBlog EntryRecommendations for the Covid Vaccine Intelligence Network (Co-Win) platform
http://editors.cis-india.org/internet-governance/blog/an-analysis-of-the-covid-vaccine-intelligence-network-co-win-platform
<b></b>
<p style="text-align: justify;" dir="ltr"> </p>
<p style="text-align: justify;" dir="ltr">The first confirmed case of Covid-19 was recorded in India on January 30, 2020, and India’s vaccination drive started 12 months later on January 16, 2021; with the anxiety and hope that this signals the end of the pandemic. The first phase of the vaccination drive identified healthcare professionals and other frontline workers as beneficiaries. The second phase, which has been rolled out from March 1, covers specified sections of the general population; those above 60 years and those between 45 years and 60 with specific comorbid conditions. The first phase also saw the deployment of the Covid Vaccine Intelligence Network (Co-Win) platform to roll out and streamline the Covid 19 vaccination process. For the purpose of this blog post, the term CoWIn platform has been used to refer to the CoWin App and the CoWin webportal. </p>
<p style="text-align: justify;" dir="ltr">During the first phase, <a href="https://www.livemint.com/news/india/covid-vaccination-in-india-health-min-says-registering-with-cowin-is-mandatory-11610678273260.html">it was mandatory </a>for the identified beneficiaries to be registered on the Co-Win App prior to receiving the vaccine. The Central Government had earlier indicated that it would be mandatory for all the future beneficiaries to register on the Co-Win app; however, the Health Ministry hours before the roll out of the second phase <a href="https://www.livemint.com/news/india/cowin-app-not-for-vaccine-registration-visit-its-portal-instead-ministry-of-health-11614581076188.html">tweeted t</a>hat beneficiaries should use the Co-Win web portal (not the Co-Win app) to register themselves for the vaccine. The App which is currently available on the play store is only for administrators; it will not be available for the general public. Beneficiaries can now access the vaccination by; (i) registering on the CoWin website; or (ii) Certain vaccination (sites) have a walk-in-facility: On-site registration, appointment, verification, and vaccination will all be on-site the same day; or (iii) register and get an appointment for the vaccination through the Aarogya Setu app. </p>
<p style="text-align: justify;" dir="ltr">The scale and extent of the global pandemic and the Covid-19 vaccination programme differs significantly from the vaccination/immunisation programmes conducted by India previously, and therefore, the means adopted for conducting the vaccination programme will have to be modified accordingly. However, as<a href="https://www.firstpost.com/india/glitches-in-cowin-2-0-hold-up-vaccination-centre-must-upgrade-app-capacity-to-meet-demand-say-experts-9361051.html"> several newspaper reports</a> have indicated the roll out of the CoWin platform has not been smooth. There are<a href="https://www.indiatoday.in/cities/mumbai/story/technical-glitches-in-cowin-app-again-affects-vaccination-drive-at-vaccination-centres-1769410-2021-02-15"> several glitch</a>es; from the user data being incorrectly registered, to beneficiaries not receiving the one time password required to schedule the appointment. </p>
<p style="text-align: justify;" dir="ltr">An entirely offline or online method (internet penetration is at 40% ) to register for the vaccine is not feasible and a hybrid model (offline registration and online registration) should be considered. However, the specified platform should take into account the concerns which are currently emanating from the use of Co-Win and make the required modifications. <br /> </p>
<h3 style="text-align: justify;">Privacy Concerns </h3>
<p style="text-align: justify;" dir="ltr">When the beneficiary uses the Co-Win website to register, she is required to provide certain demographic details such as name, gender, date of birth, photo identity and mobile number. Though Aadhar has been identified as one of the documents that can be uploaded as a photo identity, the Health Ministry in a response to a RTI filed by the Internet Freedom Foundation (IFF) clarified that Aadhaar is nor mandatory for registration either through the Co-Win website or through Aarogya Setu. While, the Government has clarified that the App cannot be used by the general public to register for the vaccination, it still leaves open the question of the status of the personal data of the beneficiaries identified in the first phase of the process, who were registered on the App, and whose personal details were pre-populated on the App. In fact in certain instances,<a href="https://www.thenewsminute.com/article/teething-troubles-privacy-concerns-look-co-win-india-s-vaccine-portal-142015"> Aadhar details</a> were uploaded on the app as the identity proof, without the knowledge of the beneficiary. </p>
<p style="text-align: justify;" dir="ltr">These concerns are exacerbated in the absence of a robust data protection law and with the knowledge that the Co-Win platform (App and the website) does not have a dedicated independent privacy policy. While the Co-Win web portal does not provide any privacy policy, the <a href="https://play.google.com/store/apps/details?id=com.cowinapp.app">privacy policy</a> hyperlinked on the App directs the user to the Health Data Policy of the <a href="https://ndhm.gov.in/health_management_policy">National Health Data Management Policy, 2020.</a> The Central Government approved the Health Data Management Policy on December 14, 2020. It is an umbrella document for all entities operating under the digital health ecosystem. </p>
<p style="text-align: justify;" dir="ltr">An analysis of the Health Policy against the key internationally recognised privacy principles which are represented in most data protection frameworks in the world, including the Personal Data Protection Bill, 2019, highlights that the Health Policy does not provide any information on data retention, data sharing and the grievance redressal mechanism. It is important to note that the Health policy has also been framed in the absence of a robust data protection law; the Personal Data Protection Bill is still pending before Parliament. </p>
<p style="text-align: justify;" dir="ltr">The Co-WIn website does not provide any separate information on how long the data will be retained, whether the data will be shared and how many ministries/departments have access to the data. </p>
<p style="text-align: justify;" dir="ltr">A National Health Policy cannot and should not be used as a substitute for specific independent privacy policies of different apps that may be designed by the Government to collect and process the health data of users. Health Data is recognised as sensitive personal data under the proposed personal data protection bill and should be accorded the highest level of protection. This was also reiterated by the Karnataka High Court in its<a href="https://www.livelaw.in/news-updates/karnataka-high-court-privacy-article-21-constitution-aarogya-setu-app-168950"> recent interim order</a> on Aarogya Setu. It held that medical information or data is a category of data to which there is a reasonable expectation of privacy, and “the sharing of health data of a citizen without his/her consent will necessarily infringe his/her fundamental right of privacy under Article 21 of the Constitution of India.” <br /><br /></p>
<h3 style="text-align: justify;">Link with Aarogya Setu</h3>
<p style="text-align: justify;" dir="ltr"> A beneficiary registered on the Co-Win platform can use the Aarogya Setu App to download their vaccination certificate. Beneficiaries have now also been provided an option to register for vaccination through Aarogya Setu. However, the rationale for linking the two separate platforms is not clear, especially as Aaroya Setu has primarily been deployed as a contact tracing application. </p>
<p style="text-align: justify;" dir="ltr">There is no information on whether the data (and to what extent) that is stored in the Co-Win platform will be shared with Aarogya Setu. It is also not clear whether the consent of the beneficiary registered on the Co-Win platform will be obtained again prior to sharing the data or whether registration on the Co-Win platform will be regarded as general consent for sharing the data with Aarogya Setu. This is contrary to the principle of informed consent (i.e the consent has to be unambiguous, specific, informed and voluntary), which a data fiduciary has to comply with prior to obtaining personal data from the data principal. The privacy policy of Aarogya Setu has also not been amended to reflect this change in the purpose of the App.<br /> </p>
<h3 style="text-align: justify;">Co-Win registration as an entry to develop health IDs?</h3>
<p style="text-align: justify;" dir="ltr"> One of the objectives of the Health Data Management Policy is to develop a digital unique health ID for all the citizens. The National Health Data Management Policy states that participation in the National Health Data Ecosystem is voluntary; and the participants will, at any time, have the right to exit from the ecosystem. Currently, the policy has been rolled out on a pilot basis in 6 union territories, namely; Chandigarh, Dadra & Nagar Haveli, Daman & Diu, Puducherry, Ladakh and Lakshadweep. As Health is a state subject under the Indian Constitution, <a href="https://scroll.in/latest/972361/new-health-data-policy-may-be-misused-for-surveillance-chhattisgarh-minister-writes-to-vardhan">Chhattisgarh</a> has raised concerns about the viability and necessity of the policy, especially in the absence of a robust data protection legislation. </p>
<p style="text-align: justify;" dir="ltr"> Mr. R.S. Sharma, the Chairperson of the ‘Empowered Group on Technology and Data Management to combat Covid-19’ had in an <a href="https://www.indiatoday.in/coronavirus-outbreak/vaccine-updates/story/exclusive-besides-co-win-aarogya-setu-self-register-indi-vaccine-drive-1760833-2021-01-20">interview to India Today</a> stated “ “Not just for vaccinations, but the platform will be instrumental in becoming a digital health database for India”. This indicates that this is an initial step towards generating health ID for all the beneficiaries. It would also violate the<a href="https://www.accessnow.org/india-cowin-app/"> principle of purpose limitatio</a>n, that data collected for one purpose (for the vaccine) cannot be reused for another (for the creation of the Digital Health ID system) without an individual’s explicit consent and the option to opt-out.<br /><br /></p>
<h3 style="text-align: justify;">Conclusion</h3>
<p style="text-align: justify;" dir="ltr"> <a href="https://www.thehindu.com/opinion/editorial/injecting-confidence-the-hindu-editorial-on-indias-covid-19-vaccination-drive/article33595220.ece">Given India’s experience and reasonable success with childhood immunisation</a>, there is reasonable confidence that the country has the ability to scale up vaccination. However, the vaccination drive should not be used as a means to set aside the legitimate concerns of the citizens with regard to the mechanism deployed to get pet people to register for the vaccination drive. As a first step it is essential that Co-Win has a separate dedicated privacy policy which conforms to the internationally accepted privacy principles and enumerated in the Personal Data Protection Bill. It is also essential that Co-Win or any other app/digital platform should not be used as a backdoor entry for the government to create unique digital health IDs for the citizens, especially without their consent and in the absence of a robust data protection law. </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/an-analysis-of-the-covid-vaccine-intelligence-network-co-win-platform'>http://editors.cis-india.org/internet-governance/blog/an-analysis-of-the-covid-vaccine-intelligence-network-co-win-platform</a>
</p>
No publisherPallavi BediAarogya SetuHealth TechPiracyinternet governanceHealthcaree-Governance2021-03-25T13:14:46ZBlog EntryPandemic Technology takes its Toll on Data Privacy
http://editors.cis-india.org/internet-governance/blog/deccan-herald-aman-nair-and-pallavi-bedi-june-13-2021-pandemic-technology-takes-its-toll-on-data-privacy
<b>The absence of any legal framework has meant these tools are now being used for purposes beyond managing the pandemic.</b>
<p style="text-align: center; ">The article by Aman Nair and Pallavi Bedi was <a class="external-link" href="https://www.deccanherald.com/specials/pandemic-technology-takes-its-toll-on-data-privacy-996870.html">published in the Deccan Herald </a>on June 13, 2021.</p>
<hr />
<p style="text-align: center; "><img src="http://editors.cis-india.org/home-images/ArogyaSetuApp.jpg" alt="Arogya Setu App" class="image-inline" title="Arogya Setu App" /></p>
<p style="text-align: center; "><span class="discreet">People show Arogya Setu App installed in their phones while travelling by special New Delhi-Bilaspur train from New Delhi Railway Station. Credit: PTI File Photo<br /></span></p>
<p style="text-align: justify; "> </p>
<p style="text-align: center; "><img src="http://editors.cis-india.org/home-images/CovidCertificate.jpg/@@images/672b385b-d0b0-49af-953d-ae96a42be117.jpeg" alt="Covid Certificate" class="image-inline" title="Covid Certificate" /></p>
<p style="text-align: center; "><span class="discreet">Jabalpur: A beneficiary shows his certificate on his mobile phone after receiving COVID-19 vaccine dose, at Gyan Ganga College in Jabalpur, Saturday, May 15, 2021. (PTI Photo)</span></p>
<p style="text-align: justify; ">At a time when technology is spawning smart solutions to combat Covid-19 worldwide, India’s digital response to the pandemic has stoked concerns that surveillance could pose threats to the privacy of the personal data collected. Be it apps or drones, there is widespread criticism that digital tools are being misused to share information without knowledge or consent. At the other end of the spectrum, the great urban-rural digital divide is hampering the already sluggish vaccination drive, exposing vulnerable populations to a fast-mutating virus.</p>
<p style="text-align: justify; ">Last year, the Centre, states and municipal corporations launched more than 70 apps relating to Covid-19, demonstrating the country’s digital-driven approach to handling the pandemic. Chief among these was the central government’s contact tracing app Aarogya Setu. Launched under the Digital India programme, the app quickly came under scrutiny over data privacy.</p>
<p style="text-align: justify; ">As per its privacy policy, Aarogya Setu collects personal details such as name, age, sex, profession and location. As there is no underlying legislation forming its basis, and in the absence of a personal data protection bill, serious privacy concerns regarding the collection, storage and use of personal data have been raised.</p>
<p style="text-align: justify; ">The government has attempted to mitigate these concerns with reassurances that the data will be used solely in tracing the spread of the virus. However, recent reports from the Kulgam district of Jammu and Kashmir point to the sharing of application data with police. This demonstrates how easy it is to use personal data for purposes other than which it was collected, and presents a serious threat to citizen privacy.</p>
<p style="text-align: justify; ">Though Aarogya Setu was initially launched as ‘consensual’ and ‘voluntary’, it soon became mandatory for individuals to download the app for various purposes such as air and rail travel (this order was subsequently withdrawn) and for government officials. Initially it was also mandatory for the private sector, but this was later watered down to state that employers should, on a ‘best effort basis', ensure that the app is downloaded by all employees having compatible phones. However, the ‘best effort basis’ soon translated into mandatory imposition for certain individuals, especially those working in the ‘gig economy’.</p>
<p style="text-align: justify; ">Several states had also launched apps for various purposes ranging from contact tracing of suspected Covid patients to monitoring the movement of quarantined patients. As a report by the Centre for Internet and Society observed, given the attention on Aarogya Setu, most of the apps launched by the state governments escaped scrutiny and public attention.Most of these apps either did not have a privacy policy or the policy was vague and often did not provide important details such as who was collecting the data, the time period for retaining the data and whether personal data could be shared with other departments, most notably, law enforcement.Apart from contact tracing apps, the pandemic also ushered in a wave of other apps and digital tools by the government. These include systems such as drones to check whether people are following Covid-19 norms and facial recognition cameras to report to the police whether someone has broken quarantine. Similar to Aarogya Setu, these tools have also largely been brought about in the absence of a legal and regulatory framework.<br />The absence of any legal framework has meant these tools are now being used for purposes beyond managing the pandemic.</p>
<p style="text-align: justify; ">The government is now planning to use facial recognition technology along with Aadhaar toauthenticate people before giving them vaccine shots.</p>
<p style="text-align: justify; ">Aarogya Setu is now linked with the vaccination process. Beneficiaries have been provided an option to register through Aarogya Setu. The pandemic has also provided a means for the government to bring in changes to health policies and introduce the National Health Data Management Policy for the creation of a Unique Health Identity Number for citizens.</p>
<h3 style="text-align: justify; ">Vaccination and digital platforms</h3>
<p style="text-align: justify; ">The use of digital technology has extended to the vaccination process through the deployment of the Covid Vaccine Intelligence Network (Co-WIN) platform.During the first phase of inoculation, beneficiaries were required to register on the Co-WIN app while in the subsequent phases, registration was to be done on the Co-WIN website. The beneficiary is required to upload a photo identity proof.</p>
<p style="text-align: justify; ">While Aadhaar has been identified as one of the seven documents that can be uploaded for this, the Health Ministry has clarified that Aadhaar is not mandatory for registration either through Co-WIN or through Aarogya Setu. However, as per media reports, certain vaccination centres still seem to insist on Aadhaar identity even though beneficiaries may have used another identity proof to register on the Co-WIN website.</p>
<p style="text-align: justify; ">It is also pertinent to note that the website did not have a privacy policy till the Delhi High Court issued directions on June 2, 2021. The privacy policy hyperlinked on the Co-WIN app directed the user to the Health Data Policy of the National Health Data Management Policy, 2020.</p>
<p style="text-align: justify; ">The vaccination drive has been used as a means to push the health identity project forward as beneficiaries who have opted to provide Aadhaar identity proof have also been provided with a health identity number on their vaccination certificate. It is interesting to note that Co-WIN’s privacy policy now states that if the beneficiary uses Aadhaar as identity proof, it can 'opt' to get a Unique Health Id.However, as a recent report revealed, health identity numbers have already been generated for certain beneficiaries without obtaining consent from them for the purpose.</p>
<h3 style="text-align: justify; ">Have the apps been successful?</h3>
<p style="text-align: justify; ">One could argue that privacy concerns are a worthwhile tradeoffin order to contain the spread of thepandemic. But it is worth examining how successful these technologies have been. In reality, the use of digital technology at every stage of combating the pandemic has clearly highlighted the extent of our digital divide. As per data from TRAI, there are around 750 million Internet subscribers in India,which is only a little more than half of India’s estimated 1.3 billion citizens — with this gap having a significant impact on the efficacy of the government’s strategies. Aarogya Setu has fallen far short of its goal, of having near universal adoption. It has limited adoption in much of the country. This has severely limited its efficacy in tracing the spread of the virus. Research from Maulana Azad Medical College has cited socio-economic inequalities,educational barriers and the lack of smartphone penetration as being the key causes behind the app’s limited success, pointing back to the digital divide. Moreover, the app has also brought with it a host of associated problems including lateral surveillance and function creep caused by the addition of new features. All of which, along with the previously mentioned privacy concerns, have served to hamper public trust and adoption.</p>
<p style="text-align: justify; ">A similar situation is seen in the case of vaccination and the Centre’s Co-WIN web portal. The need for registration, first on the Co-WIN app and later on the Co-WIN web portal, has disproportionately affected those who either have no or limited digital access. Many of them belong to vulnerable groups such as migrant and informal sector workers (mainly from disadvantaged castes), LGBTQIA + individuals, sex workers and both urban and rural poor. These issues have also been acknowledged by the Supreme Court, which raised serious concerns about the government being able to achieve its stated object of universal vaccination.</p>
<p style="text-align: justify; ">As the inoculation exercise opened up for the 18-45 age group, it increasingly favoured the urban population who possessed the technological and digital literacy to either create or access a host of tools. One need to only look at the wave of automated CO-WIN bots that arose as soon as the vaccination process was expanded to see how these dynamics manifested.</p>
<p style="text-align: justify; ">Ultimately, the digital-driven approach that the governments have adopted has resulted in a number of issues — most notably, data privacy and exclusion. Going forward, government strategies must actively account for these factors and ensure that citize rights are adequately protected.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/deccan-herald-aman-nair-and-pallavi-bedi-june-13-2021-pandemic-technology-takes-its-toll-on-data-privacy'>http://editors.cis-india.org/internet-governance/blog/deccan-herald-aman-nair-and-pallavi-bedi-june-13-2021-pandemic-technology-takes-its-toll-on-data-privacy</a>
</p>
No publisherAman Nair and Pallavi BediHealth TechPrivacyInternet GovernanceTechnological Protection MeasuresCovid19Healthcare2021-06-26T06:52:52ZBlog EntryComments to the Draft National Health Data Management Policy 2.0
http://editors.cis-india.org/internet-governance/blog/comments-to-the-draft-national-health-data-management-policy-2.0
<b>Anamika Kundu, Shweta Mohandas and Pallavi Bedi along with 9 other organizations / individuals drafted comments to the Draft National Health Data Management Policy 2.0. </b>
<p style="text-align: justify; ">This is a joint submission on behalf of (i) Access Now, (ii) Article 21, (iii) Centre for New Economic Studies, (iv) Center for Internet and Society, (v) Internet Freedom Foundation, (vi) Centre for Justice, Law and Society at Jindal Global Law School, (vii) Priyam Lizmary Cherian, Advocate, High Court of Delhi (ix) Swasti-Health Catalyst, (x) Population Fund of India.</p>
<p style="text-align: justify; ">At the outset, we would like to thank the National Health Authority (NHA) for inviting public comments on the draft version of the National Health Data Management Policy 2.0 (NDHMPolicy 2.0) (Policy) We have not provided comments to each section/clause, but have instead highlighted specific broad concerns which we believe are essential to be addressed prior tothe launch of NDHM Policy 2.0.</p>
<hr />
<p style="text-align: justify; ">Read on to <a href="http://editors.cis-india.org/internet-governance/draft-national-health-management-policy" class="internal-link">view the full submission here</a></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/comments-to-the-draft-national-health-data-management-policy-2.0'>http://editors.cis-india.org/internet-governance/blog/comments-to-the-draft-national-health-data-management-policy-2.0</a>
</p>
No publisherAnamika Kundu, Shweta Mohandas and Pallavi BediHealth TechHealth ManagementInternet GovernanceHealthcare2022-05-24T16:06:15ZBlog EntryCivil Society’s second opinion on a UHI prescription
http://editors.cis-india.org/internet-governance/blog/civil-society-second-opinion-on-uhi-prescription
<b>On January 13, Pallavi Bedi and Shweta Mohandas from CIS participated in an online collaboration organised by Internet Freedom Foundation for a joint submission to the Consultation Paper on Operationalising Unified Health Interface (UHI) in India released by the National Health Authority.</b>
<p>The article originally published by Internet Freedom Foundation can be <a class="external-link" href="https://internetfreedom.in/civil-societys-second-opinion-on-a-uhi-prescription/">accessed here</a>.</p>
<hr />
<p style="text-align: justify; ">The National Health Authority (NHA) released the Consultation Paper on Operationalising Unified Health Interface (UHI) in India on December 14, 2022. The deadline for submission of comments was January 13, 2023. We collaborated with the Centre for Health Equity, Law & Policy, the Centre for Internet & Society, & the Forum for Medical Ethics Society to submit comments on the paper.</p>
<h3 id="background">Background</h3>
<p style="text-align: justify; ">The UHI is proposed to be a “foundational layer of the Ayushman Bharat Digital Health Mission (ABDM)” and is “envisioned to enable interoperability of health services in India through open protocols”. The ABDM, previously known as the National Digital Health Mission, was announced by the Prime Minister on the 74th Independence Day, and it envisages the creation of a National Digital Health Ecosystem with six key features: Health ID, Digi Doctor, Health Facility Registry, Personal Health Records, Telemedicine, and e-Pharmacy. After launching the programme in six Union Territories, the National Health Authority issued a press release on August 26, 2020 announcing the public consultation for the Draft Health Data Management Policy for NDHM. While the government has repeatedly claimed that creation of a health ID is purely voluntary, contrary <a href="https://caravanmagazine.in/health/doctors-in-chandigarh-compelled-to-register-for-the-voluntary-national-health-id">reports</a> have emerged. In our <a href="https://drive.google.com/file/d/1H5zWsIPj92Vp_gxloBcBzjTwOFif47xY/view">comments</a> as part of the public consultation, our primary recommendation was that deployment of any digital health ID programme must be preceded by the enactment of general and sectoral data protection laws by the Parliament of India; and meaningful public consultation which reaches out to vulnerable groups which face the greatest privacy risks.</p>
<p style="text-align: justify; ">As per the synopsis document which accompanies the consultation paper, it aims to “seek feedback on how different elements of UHI should function. Inviting public feedback will allow for early course correction, which will in-turn engender trust in the network and enhance market adoption. The feedback received through this consultation will be used to refine the functionalities of UHI so as to limit any operational issues going forward.” The consultation paper contains a set of close-ended questions at the end of each section through which specific feedback has been invited from interested stakeholders. We have collaborated with the Centre for Health Equity, Law & Policy, the Centre for Internet & Society, & the Forum for Medical Ethics Society to draft the comments on this consultation paper.</p>
<p style="text-align: justify; ">Our main concern relates to the approach the Government of India and concerned Ministries adopt to draft a consultation paper without explicitly outlining how the proposed UHI fits into the broader healthcare ecosystem and quantifying how it improves it rendering the consultation paper and public engagement efforts inadequate. Additionally, it doesn’t allow the public at large, and other stakeholders to understand how it may contribute to people’s access to quality care towards ensuring realisation of their constitutional right to health and health care. The close-ended nature of the consultation process, wherein specific questions have been posed, restricts stakeholders from questioning the structure of the ABDM itself and forces us to engage with its parts, thereby incorrectly assuming that there is support for the direction in which the ABDM is being developed.</p>
<h3 id="our-submissions">Our submissions</h3>
<p>A. <b>General comments</b></p>
<p>a. <b>Absence of underlying legal framework</b></p>
<p style="text-align: justify; ">Ensuring health data privacy requires legislation at three levels- comprehensive laws, sectoral laws and informal rules. Here, the existing proposal for the data protection legislation, i.e., the draft Digital Personal Data Protection Bill, 2022 (DPDPB, 2022) which could act as the comprehensive legal framework, is inadequate to sufficiently protect health data. This inadequacy arises from the failure of the DPDPB, 2022 to give higher degree of protection to sensitive personal data and allowing for non-consensual processing of health data in certain situations under Clause 8 which relates to “deemed consent”. Here, it may also be noted that the DPDPB, 2022 fails to specifically define either health or health data. Further, the proposed Digital Information Security in Healthcare Act, 2017, which may have acted as a sectoral law, is presently before the Parliament and has not been enacted. Here, the absence of safeguards allows for data capture by health insurance firms and subsequent exclusion/higher costs for vulnerable groups of people. Similarly, such data capture by other third parties potentially leads to commercial interests creeping in at the cost of users of health care services and breach of their privacy and dignity.</p>
<p>b. <b>Issues pertaining to scope</b></p>
<p style="text-align: justify; ">Clarity is needed on whether UHI will be only providing healthcare services through private entities, or will also include the public health care system and various health care schemes and programs of the government, such as eSanjeevani.</p>
<p>c. <b>Pre-existing concerns</b></p>
<ol>
<li style="text-align: justify; "><b>Exclusion</b>: Access to health services through the Unified Health Interface should not be made contingent upon possessing an ABHA ID, as alluded to in the section on ‘UHI protocols in action: An example’ under Chapter 2(b). Such an approach is contrary to the Health Data Management Policy that is based on individual autonomy and voluntary participation. Clause 16.4 of the Policy clearly states that nobody will “be denied access to any health facility or service or any other right in any manner by any government or private entity, merely by reason of not creating a Health ID or disclosing their Health ID…or for not being in possession of a Health ID.” Moreover, the National Medical Commission Guidelines for Telemedicine in India also does not create any obligation for the patient to possess an ABHA ID in order to access any telehealth service. The UHI should explicitly state that a patient can log in on the network using any identification and not just ABHA.</li>
<li style="text-align: justify; "><b>Consent</b>: As per media <a href="https://caravanmagazine.in/health/chandigarh-administratio-aggressively-pushes-national-health-id-registrations-among-residents">reports</a>, registration for a UHID under the NDHM, which is an earlier version of the ABHA number under the ABDM, may have been voluntary on paper but it was being made mandatory in practice by hospital administrators and heads of departments. Similarly, <a href="https://www.thequint.com/tech-and-auto/govt-created-uhid-without-consent-say-vaccinated-indians">reports</a> suggest that people who received vaccination against COVID-19 were assigned a UHID number without their consent or knowledge.</li>
<li style="text-align: justify; "><b>Function creep</b>: In the absence of an underlying legal framework, concerns also arise that the health data under the NDHM scheme may suffer from function creep, i.e., the collected data being used for purposes other than for which consent has been obtained. These concerns arise due to similar function creep taking place in the context of data collected by the Aarogya Setu application, which has now pivoted from being a contact-tracing application to “<a href="https://indianexpress.com/article/technology/tech-news-technology/aarogya-setus-journey-from-a-quick-fix-for-contract-tracing-to-health-app-of-the-nation-8006372/">health app of the nation</a>”. Here, it must be noted that as per a RTI response dated June 8, 2022 from NIC, the Aarogya Setu Data Access And Knowledge Sharing Protocol “<a href="https://drive.google.com/file/d/1eSUoZtFqrIcqJH2Q2zK-LJmTDKF49l66/view">has been discontinued</a>".</li>
<li style="text-align: justify; "><b>Issues with the United Payments Interface may be replicated by the UHI</b>: The consultation paper cites the United Payments Interface (UPI) as “strong public digital infrastructure” which the UHI aims to leverage. However, a trend towards market concentration can be witnessed in UPI: the two largest entities, GooglePay and PhonePe, have seen their market share hover around 35% and 47% (by volume) for some time now (their share by value transacted is even higher). Meanwhile, the share of the NPCI’s own app (BHIM) has fallen from 40% in August 2017 to 0.74% in September 2021. Thus, if such a model is to be adopted, it is important to study the UPI model to understand such threats and ensure that a similar trend towards oligopoly or monopoly formation in UHI is addressed. This is all the more important in a country in which the decreasing share of the public health sector has led to skyrocketing healthcare costs for citizens.</li>
</ol>
<p style="text-align: justify; ">B. Our response also addressed specific questions about search and discovery, service booking, grievance redressal, and fake reviews and scores. Our responses on these questions can be found in our comments <a href="https://drive.google.com/file/d/1j9wUafZM10kmS_MOzk-D8LYIPMm_9JOa/view?usp=share_link">here</a>.</p>
<h3 id="our-previous-submissions-on-health-data">Our previous submissions on health data</h3>
<p style="text-align: justify; ">We have consistently engaged with the government since the announcement of the NDHM in 2020. Some of our submissions and other outputs are linked below:</p>
<ol>
<li>IFF’s comment on the Draft Health Data Management Policy dated May 21, 2022 (<a href="https://drive.google.com/file/d/1I4ZAVLNa00v_MeTDYoAv63Ueq6ICTwWT/view?usp=sharing">link</a>)</li>
<li>IFF’s comments on the consultation Paper on Healthcare Professionals Registry dated July 20, 2021 (<a href="https://drive.google.com/drive/folders/10x0IirdQTZCC9S_w83nTVp1GRsxArDt7">link</a>)</li>
<li>IFF and C-HELP Working Paper: ‘Analysing the NDHM Health Data Management Policy’ dated June 11, 2021 (<a href="https://drive.google.com/file/d/1sEBg-syzsbe159x4PGkAHzcZilct0cQq/view">link</a>)</li>
<li>IFF’s Consultation Response to Draft Health Data Retention Policy dated January 6, 2021 (<a href="https://drive.google.com/file/d/124iqcboTxkrPLMPX6erLXjhH1SDk_L0B/view?usp=sharing">link</a>)</li>
<li>IFF’s comments on the National Digital Health Mission’s Health Data Management Policy dated September 21, 2020 (<a href="https://drive.google.com/file/d/1H5zWsIPj92Vp_gxloBcBzjTwOFif47xY/view?usp=sharing">link</a>)</li>
</ol>
<h3 id="important-documents">Important documents</h3>
<ol>
<li style="text-align: justify; ">Response on the Consultation Paper on Operationalising Unified Health Interface (UHI) in India by Centre for Health Equity, Law & Policy, the Centre for Internet & Society, the Forum for Medical Ethics Society, & IFF dated January 13, 2023 (<a href="https://drive.google.com/file/d/1j9wUafZM10kmS_MOzk-D8LYIPMm_9JOa/view?usp=share_link">link</a>)</li>
<li>NHA’s Consultation Paper on Operationalising Unified Health Interface (UHI) in India dated December 14, 2022 (<a href="https://abdm.gov.in:8081/uploads/Consultation_Paper_on_Operationalising_Unified_Health_Interface_UHI_in_India_9b3a517a22.pdf">link</a>)</li>
<li>Synopsis of NHA’s Consultation Paper on Operationalising Unified Health Interface (UHI) in India dated December 14, 2022 (<a href="https://abdm.gov.in:8081/uploads/Synopsis_Operationalising_Unified_Health_Interface_UHI_in_India_308cd449fb.pdf">link</a>)</li>
</ol>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/civil-society-second-opinion-on-uhi-prescription'>http://editors.cis-india.org/internet-governance/blog/civil-society-second-opinion-on-uhi-prescription</a>
</p>
No publisherPallavi Bedi and Shweta MohandasHealth TechHealth ManagementInternet GovernanceHealthcare2023-02-15T08:20:15ZBlog Entry