HYDERABAD: The lack of a data protection act in the country has poised a question — is it ethical for the State government to share patient data from government hospitals and primary healthcare centres
(PHCs) with private parties to set up an artificial intelligence (AI)-based research facility? Experts claim that while the step cannot be struck off as a legal violation, it is definitely against the ethical guidelines provided to keep doctor-patient confidentiality intact.
The State’s collaboration with Intel and the Public Health Foundation of India (PHFI) aims to use AI to identify and research patterns in public health, diagnostic and health services optimisation. This is aimed to tackle issues such as shortage of doctors in the country, treatment protocol discoveries, and subsequently approach evidence-based social strategy and policy in healthcare for the government.
"However, we have only identified the ‘what’ of the collaboration, not the ‘how’. It will take at least another month to figure out what kind of data we will be sharing with Intel and PHFI," said an official from the state’s IT department.
Speaking to Express, Srinivas Kodali, an independent security researcher, said that governments collect data from the people for governance purposes. So if the government is using the data, and sharing it with a private third-party for the same reason, it cannot be struck off as illegal.
"However, in the case of healthcare data, the step is definitely unethical considering patients share personal information on the basis of doctor-patient confidentiality. So will the government take permission from each individual before sharing sensitive data? Is the government sharing this data for free?" asked Kodali.
Kodali suggests that if the State government does want to take up such novel steps, it should also introduce a data protection act in the State Assembly, form ethical guidelines and then go ahead with such initiatives. "This way, at least the government can be held responsible," Kodali argued.
However, Jayesh Ranjan, Principal Secretary of IT, responded to the apprehensions and said, "The detailed research plan is under discussion between the involved parties. We will obviously put in place all the required privacy protocols."
Addressing the need for a data protection act, he said, "We will wait for the Central act, and if there are any shortcomings, we will think about our own regulations." A second draft of the Personal Data Protection (PDPA) Act (PDF) was approved by the Central government on December 4. The bill is expected to pass when the Parliament reconvenes in February.