wordpress blog stats
Connect with us

Hi, what are you looking for?

NASSCOM-DSCI on National Health Stack: separate regulatory body for health, siloed registries, usage of single ID

In its response to the Niti Aayog’s paper on the National Health Stack, industry body NASSCOM and DSCI suggested an independent regulatory body for oversight in the digital healthcare sector, “this is essential to ensure a system of checks and balances” said the two bodies in a joint submission to Niti Aayog. Niti Aayog had released the National Health Stack paper in July 2018 and invited comments on it. The Ministry of Health later formed an inter-ministerial committee headed by former UIDAI chairman and former MeitY secretary J. Satyanarayana to draft an implementation framework for the NHS. The committee released its report the ‘National Digital Health Blueprint 2019‘ in July 2019, and invited comments, and held a public consultation on it.

The main points from their submission are:

1. Decentralised governance model, separate regulatory body:

  • The NHS system should allow for multiple operators with the ability to port and access data from each other, instead of restricting to one operator
  • There is no mention of how the geographical architecture of a state level subject will interact with national level system, for example the question of inter-state portability for cashless treatment when a patient might require hospitalisation when out of their home state; this design principle needs consideration in the architecture of NHS

2. Overall centralised structure: The overall architecture of the NHS seems to be a centralised structure, which is not aligning with newer trends towards decentalisation aka blockchain. Restricting system-building approaches to be centralised may not benefit the health sector from efficiency, resiliency, and data protection aspect, central databases are prone to carry additional risks as compared to decentralised systems.

3. Role of private sector: The role of private sector, including e-pharmacies, health insurance providers, e-nursing, aggregators, has not been elaborated; these players are adopting digitisation practices such as providing digital health IDs, telemedicine, robotic surgeries, instant health insurance claims, healthcare data portability, and real-time fraud management; the NHS should consider integration of private players, along with government players.

4. Usage of a single ID: Confining the NHS to one digital health ID issued by the government may negate ongoing discovery of use cases and technology experimentation, which are evolving in such a way that any identifier can become a digital health ID, such as mobile number, social media IDs, etc. Hence there should be flexibility for introducing identifiers as digital health IDs, says the submission.

Advertisement. Scroll to continue reading.

5. Disconnected registries: “The NHS should triangulate all existing registries and subsume information under its own master data,” suggested NASSCOM-DSCI, while stating that existing registries like National Health Resource Repository run by the Central Bureau of Health Intelligence, National Identification Number run by the Ministry of Health, and the Registry of Hospitals in Network of Insurance run by the Insurance Information Bureau are all disconnected from each other.

6. Vulnerabilities while interacting with external ecosystem providers: The NHS is silent on how it will tackle discrimination of any category while approving claims, and the NHS “may include guidelines on how the system plans to deliver a non-biased system”, An automated system may include hidden biased configurations leading to frauds in the system”.

7. Third-party compliance with security norms: Large central databases of biometric personally identifiable information, linked with networks and made searchable in a distributed manner, represent significant targets for hackers and other malicious entities to exploit. Other registries and agencies which will use the data APIs and store the same even as they transmit the same to the central health system may turn out to be the weakest link when it comes to privacy and security, as enforcing the same level if security practices on third parties or external systems is an arduous task.

Some of their recommendations:

  • Formulate and enforce robust cyber security guidelines for third parties who are either collecting, processing, storing health care data or leveraging it for their business operations via API integrations as planned in the future
  • Subject players in the NHS ecosystem, including third parties, to rigorous regular assessments and audits
  • Special attention needs to be given to interfaces, external connections, and environments participating in executing the health service transactions to curb the possibilities of data breaches
  • Devices, interfaces, systems and even algorithms participating in processing of health services transactions should have security strengths to withstand the possible threats
  • Security and governance function should match the quantum and complexity of challenges

Written By

I cover health, policy issues such as intermediary liability, data governance, internet shutdowns, and more. Hit me up for tips.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ