India’s National Digital Health Blueprint (NDHB), released by the Government of India, outlines its vision for moving forward with a major health digitization program that will affect millions of citizens. Data scientists, researchers, academics, and activists around the country have responded, and have expressed concerns about the speed at which the rollout has been proposed — highlighting the need for addressing accompanying regulatory frameworks for a sharper focus on change management.
The India Digital Health Net (IDHN) is a research and policy collaborative led by Dr. Satchit Balsari, Assistant Professor of Emergency Medicine at Harvard Medical School, in partnership with the Mittal Institute. It focuses its efforts on the development of a patient-centric, provider-friendly Application Programming Interface-enabled (API) health exchange ecosystem. Working with stakeholders in both the United States and India, the group is made up of policymakers, technical and legal experts, and medical practitioners.
In July, the government invited the public to comment on the NDHB, and the IDHN has recently released a report in collaboration with numerous partners who have experience developing, analyzing, designing, or using digital health systems.
We spoke with a few of the report’s contributors across India to get their thoughts on the latest developments in India’s health digitization program: Angshuman Sarkar, Principal Consultant at ThoughtWorks; AV Sethuraman, Senior Vice President of Argusoft; Devesh Varma, Vice President and CTO of Piramal Swasthya; Tony Raj, Dean of St. John’s Research Institute; and Nivedita Saksena, graduate student at the Harvard T.H. Chan School of Public Health.
The US and other nations have adopted Electronic Health Records (EHRs) within their healthcare systems. Can you explain what a Personal Health Record (PHR) in India is, and how it differs from EHRs?
Raj: Personal Health Records are a way to maintain one’s medical or health records in a private, secure and confidential environment using a software application. This can be shared with any doctor or health professional when needed using an authenticated access with consent. With PHRs, patients will be empowered to hold manage and share their confidential records in a secure and confidential manner. Our response with regard to PHRs have been to adopt a federated architecture where patients can access their data through links that point them to relevant data when required.
Varma: In a country like India, where the majority of the population lives in villages or rural areas, health is not a priority — disease is. [We need to] use the PHR to teach the health-seeking behavior that is missing in people living in remote, hard-to-reach areas. Access to health data systems and the internet is not going to happen overnight in these areas. Hence, the need is to first create awareness around health data, around consent, and start collecting health data. Once this is done, then the idea of creating a PHR for all will come to fruition.
Saksena: In 2017, the Supreme Court of India recognized a constitutional right to privacy. One facet of this right was informational privacy, which requires that everyone should have complete control over their health information. They should able to correct any errors, update their records, delete them, and control who has access to them. Unlike EHRs, a PHR model allows people to exercise such control and gives them meaningful autonomy over their data. Instead of negotiating access with their healthcare provider, people can decide themselves how their information is used.
Do we really need a PHR? Don’t doctors and patients in India already communicate via WhatsApp?
Varma: Yes, the data suggests that there is an imminent need for a system or platform to bring every scattered piece of health information together — to create a longitudinal health record.
Sarkar: These apps and interactions therein are very valuable, and depend on the doctor-patient relationship. The question is whether such 1-to-1 WhatsApp interactions are accessible, reference-able, and share-able. In my opinion, it’s ought to be more than that — portable, traceable, reference-able. Would I still have this information if I change my phone? If I go to another provider, would she accept such information? Is there legal validity of such interactions? Such apps are extremely useful, but they are not a replacement for “issued” health information.
Raj: While WhatsApp and similar chat apps are easy to use and share information, they do not provide the security and confidentiality required for medical data or information. Also, since there is no structure in these applications, information can be mixed and could lead to serious medical errors if the physician, health professional, or patient wrongly interprets information.
Many countries have moved toward digitizing their health records. What do you see as the challenges particular to India?
Varma: India has its own set of unique challenges. There has not been a focused approach to streamlining and integrating the existing data systems that are currently being used in India. The systems run in isolation, addressing a specific need or intervention. Also, there is a paper trail that needs to be addressed in order to ensure that the data collected is of quality and is able to provide evidences. The challenge will be to understand this disparity of not only the systems, but of the technology stacks. Attitudes and behaviors need to be worked upon to create awareness of ICT-driven systems. This will help ensure that people who are using technology systems are not averse to it and are not threatened by it.
Saksena: Many of the “building blocks” proposed in the Blueprint would be introduced in India for the first time. It cannot be determined from the outset if the software and standards which have worked in other countries will work in our context. For instance, the National Digital Health Blueprint cites the United Kingdom and South Korea as EHR systems to model our own after. However, the combined population of these countries is approximately half that of Uttar Pradesh. The EHR systems in neither of these countries operates at the scale that would be required in India. It is therefore important that we start small — establishing a minimal framework first to see if it is functioning well. A PHR system could also be piloted in a limited geographical region before it is expanded to the rest of the country. Performance evaluations and privacy impact assessments must be built into the implementation plan. This will allow us to learn from our mistakes and customize the ecosystem to best serve the patients.
Sethuraman: In India, health is a state subject. Each state implements their programs and puts in processes that are different from other states, and they have very valid reasons for doing that. In such a scenario, simply installing the so-called “tried-and-tested” model will simply fail, as it would not take the ground realities into consideration. For systems to be implemented in India and for them to sustain and grow, they need to be designed and planted according to the contours that are present at all levels and at places for it to grow and sustain. This can be done only through a pre-implementation prototyping and through testing cycle.
How real are the fears that digitizing health data may risk theft and privacy breaches? Is it better to not digitize?
Sarkar: Would we say the same with our financial systems? Health data is the 3rd largest area of security breaches, so the fears are real. But the solution is not through a ”let’s-not-digitize” decision, but to work on strengthening the systems (information access, data-sharing internally and externally), adhering to compliances and guidelines, and taking proactive measures — at the same time backed by policy and legal framework, and by being accountable.
Saksena: The trade-off to be considered here is whether or not the risk of possible data theft and privacy violations is justified by the gains to the patient and health system. The individual should be able to decide whether they want to take on such a risk, or whether they would like to opt out of the system. Since there is a right to health, they cannot be refused healthcare services if they prefer to keep their health records on paper. That being said, mechanisms to prevent privacy violations should be built into the way that the system is designed. If people can trust that their data is safe, they will be more willing to be a part of this ecosystem.
Sethuraman: The theft and privacy breach risks are very real. They cannot be brushed off. However, the benefits of digitizing health data are so significant that this risk must be embraced. Not digitizing is not an option in today’s world. In the same breath, we should not take these risks lightly, but provide enough checks and balances to ensure that there is no compromise to anybody’s health data and their privacy in any way.
Can you comment on the state of health data and research in India, and what are the most pressing needs?
Varma: Currently, the health data and research in India is not of good quality. Systems operate in silos and are not integrated. Additionally, the quality of health data collected using the government systems does provide much insight. The current need is to understand the challenges of collecting quality data and address those challenges by creating systems and policies, and by setting up IT infrastructure to enable the collection of quality data.
Saksena: India is currently facing a double burden of communicable and non-communicable diseases. While its population is rapidly aging, preventable childhood diseases remain a concern. To address these unique public health needs, more public health research should be enabled and encouraged. However, several barriers exist for a person who wants to undertake public health research. One of these is accessing health data. Though relevant health data may already exist, there are very few ways for a researcher to access and make sense of this data. Any government agency that wants to implement a health program is also forced to collect data afresh, which is wasteful and inefficient. While protecting patient privacy, this data must be made available to address India’s public health needs and inform evidence-based policy making.
The report addresses change management in particular. What are the key issues that concern you? What are the best next steps?
Sarkar: The value of change is not easily and immediately realized or understood. This can be further compounded by no derivation of apparent benefits, and the cost of change. Fear of the unknown, low trust, saturation, and lack of motivation are all deterrents of change! Add to that bureaucracy, misunderstanding, lack of information. We must not underestimate the “resistance” towards adoption and evolution. We need means of assistance, guidance, education, and confidence-building to help the care providers to bring on such change.
Varma: There are multiple challenges that need to be looked at: how to change attitudes and behaviors; how to train people and make them comfortable with the new system; how to embed this system by creating frameworks, policies, and processes; and how to communicate this change to the users’ rights up to the last mile. To me, the best next steps would be to do a complete assessment and start small (design and develop incremental solutions), then scale up.
Sethuraman: As human beings, all of us are comfortable with “as-is,” and any change is uncomfortable — especially when one is used to doing things in a certain way for several years and now has to do it differently when they are just about to retire from service. The best next steps would be communication that is focused on the last mile workers to show how the changes are going to help as a job aid — not as a job-add.
Read the full report, “Response to the Invitation for Public Comment: National Digital Health Blueprint,” by the India Digital Health Net team here.