wordpress blog stats
Connect with us

Hi, what are you looking for?

Due process to be followed while selecting vendors: Govt on if foreign companies will store citizen health data

Credit: Aditi Agrawal

The Ministry of Health and Family Welfare sidestepped a question in the Rajya Sabha, asking if the government would store Indian citizens’ data as part of the the National Digital Health Mission (NDHM) with an Indian company, or a foreign one. It only replied that “[t]he selection of vendors for NDHM is compliant with various applicable rules and policies of Government of India”. 

Aam Aadmi Party (AAP) MP Sanjay Singh, who asked the question, also wanted to know whether there was any violation of citizens’ privacy if the data was stored with an “external company”. The issue of how the health data of Indian citizens’ is stored assumed significance in recent weeks. The CoWIN ecosystem, the backbone of the Indian government’s COVID-19 vaccination effort, relies on Amazon Web Services (AWS), an arrangement that isn’t kosher even for health secretary Rajesh Bhushan, according to a report by The Ken. Bhushan is said to have favoured the use of MeghRaj, developed by the National Informatics Centre (NIC) instead.

No centralised database: Ashwini Kumar Choubey, Minister of State in the ministry, replied that citizen data is stored in a federated architecture, and not on a centralised database.

“The data is stored in a federated architecture as described in the National Digital Health Blueprint released by the Government of India in 2019. There is no centralized database of medical records. However, NDHM enables appropriate use of the health data of each individual for his/her own healthcare with his/her consent only. Therefore, there is no violation of privacy of Indian citizens.” — Ashwini Kumar Choubey, Minister of State, Ministry of Health and Family Welfare (emphasis added)

The ministry, it its answer, referred to the National Digital Health Blueprint (NDHB) to list out privacy safeguards in the NDHM. All applicable laws, rules and judgements of the Supreme Court are being followed, it said. “All applicable laws, rules and judgments of Hon’ble Supreme Court are being followed. Health Data Management Policy has also been approved. Apart from various legal provisions, all technical solutions possible to ensure data privacy and security are being put in place.”

The ministry said a “government community cloud infrastructure”, as defined by the Ministry of Electronics and Information Technology (MEITY), is being used to host all data. “All events on this cloud infrastructure would be under 24×7 surveillance to ensure highly secure environment.”

Advertisement. Scroll to continue reading.

Over 6 lakh Health IDs generated so far

As many as 630,478 Health IDs have been created as part of the NDHM as on January 21, 2021, the ministry revealed in the same answer. The pilot phase of the NDHM is active in the six union territories of Andaman & Nicobar Islands, Chandigarh, Dadra Nagar Haveli and Daman & Diu, Lakshadweep and Puducherry.

This number is likely to increase dramatically in coming weeks, with the ongoing countrywide COVID-19 immunisation drive. Prime Minister Narendra Modi had in October last year announced that a Health ID would be used for the vaccine delivery system. Earlier this month, the Health ministry issued a gazette notification, allowing for the use of Aadhaar authentication on a “voluntary basis” to create Health IDs. Currently, the CoWIN system allows beneficiaries to create a Health ID, as it would “facilitate integration of health data across various applications and create logitudinal Electronic Health Record for citizens”.

Also read:  


Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ