“The scope of this policy should be applicable for the entire healthcare ecosystem in India,” Healthcare application Practo told the National Health Authority (NHA) in its comments on the proposed Health Data Retention Policy (HDRP).
The HDRP lays down conditions around health data retention and management under the Ayushman Bharat Digital Mission, the Indian government’s multi-tiered project that looks to digitise sensitive health data for citizens, among other functions.
The NHA – which oversees the ABDM – has cited data security concerns from users as well as the healthcare ecosystem’s need for reliable, long-term data as reasons for such a policy. The policy has the potential of becoming applicable to the larger healthcare ecosystem, beyond the ABDM.
What Practo said in its submission
- NHA: How should the policy be implemented and if it should cover only ABDM-enrolled entities or the entire health ecosystem?
Widen scope and stagger the implementation of policy: Practo said that the policy should be implemented in a staggered manner on the basis of locations – metro, tier-1/2/3, rural areas – and remain voluntary. The NHA should do this “given the importance, impact, the changes that it [the policy] will make to the existing healthcare infrastructure and functioning, and the humongous task in rolling-out this policy,” it added. It also suggested that the scope of the policy be expanded to all healthcare entities, as it would ensure a uniform approach, covering the entire ‘health spectrum’ and adaptability for future changes.
- NHA: Classifying health records into different categories, a 10-year retention period for in-patient, out-patient, and deceased patients’ records, was proposed.
Set parameters for extension of retention periods: For internal use, companies should be allowed to further classify the data into subcategories, Practo said. Further extensions should be allowed, however, ‘appropriate parameters’ should be laid down to assess the requirement for such an extension, the startup added.
- NHA: How can business continuity be ensured in case of fall of the establishment, platform, or service providers?
Create an ecosystem of archivers: A central archival model, to which healthcare entities can transfer their data when they go out of business, was suggested. “This will help a new industry (healthcare data archival) to grow around it,” Practo added.
Multiple guidelines lead to ambiguity and confusion: Practo urged the NHA to clarify the existing guidelines for health data retention and how they would apply. It listed 5 pre-existing policies:
- Data Protection Bill
- Digital Information Security in Healthcare Act (DISHA)
- The Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2002,
- The Clinical Establishments (Registration and Regulation) Draft Rules 2010
- EHR Standards 2016
“Once this policy comes into effect, there will be a lot of confusion in the industry as to which policy to comply with and which is relevant for the sector.” — Practo.
Questions on which Practo did not comment
Here are the questions posed by the NHA to all stakeholders, on which Practo didn’t have anything to say:
- Will the governance model as per Health Data Management Policy be sufficient for the retention policy?
- How will the policy regulation be enforced and what should be the structure across relevant entities responsible for retaining the health data?
- Who shall have the apex authority to oversee and implement health data retention? Which entity as part of the ecosystem should be rolling out this policy at the macro-level?
- How can smaller clinics or centers, both public and private, build capability in a timely and cost-efficient manner to take responsibility for data retention for long time periods?
- What should be the ideal duration for these different health data types?
- While ABDM proposes that all entities opting to join NDHE must be able to retain health data in electronic format, and other entities of the healthcare ecosystem may consider physical or original formats, what options should be made allowable as part of the policy being proposed? Health data records can be only digital, only physical, or combination in any hospital. Accordingly, the question arises whether all the above considerations should fall under one policy or under separate/independent policies?
- As ABDM has a provision for opt-out, in such a scenario what may be the possible implications from the perspective of health data retention?
- Should a blanket retention duration be adopted for all health records in India or different schedules be defined as per a classification? Which is a better approach to retention?
Other ABDM building blocks
The ABDM is proposed to have multiple tech components like a Unified Health Interface for teleconsultations, Unique Health IDs, Healthcare Professionals Registry, Health Facility Registry, Health Claims Platform for insurance disbursements, analytics platform, etc. As part of this project, the NHA has also released policies to regulate entities, such as the Health Data Management Policy and the HDRP.
- Include all healthcare organisations under the health data retention policy, recommends IFF
- Summary: Health Data Retention Policy proposed under ABDM
- Who benefits from the value of people’s health data? It’s insurance companies
- Key Aspects: National Digital Health Mission’s Data Management Policy
Have something to add? Post your comment and gift someone a MediaNama subscription.