HYDERABAD: While Chief Minister K Chandrashekhar Rao’s ambitious Telangana Health Profile Scheme aims to strengthen the public healthcare infrastructure, and make it more accessible, the idea of ‘health-profiling’ of citizens is indeed a cause for concern.
The World Health Organisation’s latest recommendations, in the context of sensitive data such as an individual’s health history, underscore the need for privacy and confidentiality while digitising healthcare in developing countries.
In the absence of strict IT laws in the country, the Telangana Health Profile Scheme (THPS) could be at risk of data mining. Data mining, for the uninitiated, is the extraction of information from any large sets of data.
‘No private players involved’
Jayesh Ranjan, Principal Secretary of Industries & Commerce (I&C) and Information Technology (IT) assures that necessary security measures have been put in place to safeguard the citizen’ data. “The data will be handled by the State Data Centre and no third party private company will be involved. The data collected can be used in cases of an epidemic or an emergency situation, to monitor and control the spread of disease.
It can be even used by the government to track the prevalence of a certain illness or disease within a demographic. Healthcare programmes could be designed using this information,” he explains. He added: “The data will be procured only with the consent of the patient.”
‘A gold mine of data’
Independent security researcher Srinivas Kodali says data of citizens of an entire State will be a gold mine for pharmaceutical and healthcare-based companies.“The risk of data mining definitely exists. Even though the current government may not involve a private company, with no strict data-based laws in place, one can never be too sure of what will happen once another government comes to power,” he says.
Kodali says that Telangana is not the only state to have dabbled in health-profiling. “However, every one of these governments has had to face data leaks. The latest example is of Andhra Pradesh, when data of thousands of pregnant women, with information about the number of abortions, fertility issues, was leaked.”
Another IT expert, Deepak Shikarpur, makes an important observation about how the consent is generally taken by the government.“This data will be mostly collected from Primary Healthcare centres that are usually visited by people from the economically backward section and rural areas. A good section of these patients will not be educated enough to understand the gravity of giving consent to digitize their data.”
‘Legally, procuring of data unquestionable’
In the draft of the proposed Digital Information Security in Healthcare Act, the Ministry of Health and Family Welfare recommends a clear and precise manner to deal with digitisation of citizens’ personal data. The bill is yet to pass.
As of now, health profiling is not illegal. Pavan Duggal, who is an advocate specialised in cyber law, explains, “The problem is the IT Act does not really ban data mining. If the government does not follow the parameters under the Information Technology Act’s reasonable security requirements, only then will they be in a position of having to pay hefty compensation if the data is leaked.”