The National Health Authority (‘NHA’) has developed Data Sharing Guidelines to regulate the use of personal data of beneficiaries of the PM-JAY scheme. As highlighted in the guidelines, the scope of application extends to data across the digital health ecosystem that includes PM-JAY as well as Health Wellness Centres and the ecosystem partners. It is important to note that data management within the digital health ecosystem also includes the Health Data Management Policy, and the outward policies governing the use and sharing of non-personal and personal data.
At the outset, The Dialogue would like to commend the National Health Authority for their approach towards enabling data management and smooth data flows across the digital health ecosystem. The guidelines, while comprehensive, require further clarity on a few aspects, such as the approach towards secondary use of data, the role of the NHA as a data fiduciary and the manner in which sensitive personal data will be protected.
The Dialogue discusses the aforementioned aspects thematically, in the following order—data protection, cyber security, governance and community. Our findings and recommendations have been buttressed by our work in digital health in the past, including our report titled ‘India’s Digital Health Dreams: Getting it Right’. Our recommendations are more focussed on ensuring the principles of data protection and sharing that have been delineated are effectively operationalised. Therefore, we suggest ways in which the provisions can be further strengthened to enable smoother flows of data within the PM-JAY.
Response drafted by: Eshani Vaidya and Sreyan Chatterjee
