Ministry of Health's public consultation on National Digital Health Blueprint: Legal issues around telemedicine, consent, and 'egosystems' in healthcare Trisha Jalan

The article by Trisha Jalan was published by Medianama on August 8, 2019. Aayush Rathi was quoted.

The venue was packed with representatives from the government, major hospitals chains, health start-ups, associations, and civil society organisations. The blueprint — which is an evolved document of the National Health Stack 2018 (NHS) — was put in the public domain on July 15, and comments were closed on August 4. After holding consultation on the NHS, the ministry formed a committee under the chairmanship of former UIDAI head and former MeitY secretary J. Satyanarayana to create an implementation document for the NHS.

Health is a complex and interwoven subject, and deals with people’s lives, said Sudan. “The patient should be centric to every intervention,” she said. Clearly stated during the discussion was that private sector participation is important and necessary. Sudan opened the consultation by mentioning that the ministry is in the process of forming the e-pharmacy rules, “we’ve had extensive consultations on it”:

“There are issues which require assistance from all of you. We don’t have e-prescriptions on a large scale, you can’t expect government to lead e-prescriptions, we have hospitals all the country. So what can industry do, to make this application cheap and user-friendly, and have it across the system so epharmacy actually becomes possible. E-precriptions have been the norm wherever e-pharmacies have been successful.”

J. Satyanarayana, chairman of the committee (also a former UIDAI chair), wasn’t present at the consultation. Here’s a list of representatives from the government present at the consultation, some of whom were also members of the committee:

• Preeti Sudan, Secretary, Ministry of Health
• Sanjeeva Kumar, Special Secretary, Ministry of Health
• Lav Agrawal, Joint Secretary, Ministry of Health
• Gaur Sunder, Centre for Development of Advanced Computing, Pune
• Sunil Kumar, National e-Governance Division
• J Rama Krishna Rao, CEO, National Institute for Smart Governance
• Pallab Saha, chief architect, The Open Group

(A non-exhaustive list of stakeholders present at the consultation is available at the end of the article.)

Electronic Health Records (EHR)

Non-financial incentives for adoption of EHR: “What are the incentives that could really make for early adoption for various players? There are many different approaches that it can happen to incentivize each and every player, for example, maybe let’s build a national license for actionable guidelines, define it, and set standards for that, like the government has done for SNOMED CT,” Krish Dutta from Relx Group said.

• “US has shown us that throwing money at the problem doesn’t solve it,” Dutta said. “It’s the the largest investment healthcare, but there are still problems.”
• One small step [we could do] would be how do you get doctors or hospitals to adopt EHR — for example, [requiring that] a copy or electronic subset of the EHR should be immediately recorded, and payments and reimbursements are made on the basis of this. “Maybe that’s can be the only document that you send to the insurer,” Dutta said.

Patient agency in ensuring EHR: Talking about his experience of working in hospitals in the US, Dr Surajit Nandy, CEO of Raxa Health, asked “What power will the citizens have to ensure that their data is pushed to the NHS? When the citizen accesses a health service, they don’t have the power to ensure that their health records are digitised and centralised, he said.

“Having practiced in the US, we often had many problems getting the data from other medical institutes — even with interoperability and other laws on the books — and this had catastrophic consequences. At Massachusetts General, we had to ensure that your data was pushed to the digital records within 24 hours of seeing the patient.” — Dr Surajit Nandy

Data privacy: legal issues, absence of Data Protection Law, and use of Aadhaar

Multiple stakeholders raised the point that Personal Data Protection Bill is still in the works, and that the blueprint, in the current form, is designed amidst the absence of a law dealing with data protection and citizen privacy.

• According to Dr Vivek Gupta of AIIMS, the data privacy law is a (or should be a) mandatory prerequisite before this regulation comes into place.
• According to another doctor, who has been at AIIMS and also been an IAS officer, if DISHA and/or PDP Bill don’t come into effect, then the patient won’t be established as the owner of the data, this is especially important given that legal issues have not been integrated into the NDHB document.

“We need to think through the question of data ownership, and what implications it has for things already in the NDHB, but may not be viable, said Ayush Rathi from Centre for Internet & Society. “One of the things is the de-identification of anonymised data, the PDP bill (in its current form, already criminalizes this without the consent of the data fiduciary.”

• Talking about consent, he said, the NDHB does a lot in terms of seeking consent, “but a crucial component of consent is already the ease with which it can be withdrawn. It’s unclear how deletion or right to be forgotten can be included in the NDHB, a critical principle of how the PDP Bill was built. And this can deal with not just how your entire health record can be deleted, but also how specific parts of it can be deleted.” He said there has a very “solid legal assessment of the NDHB”, with what the PDP will prospectively look at.

The use of Aadhaar

The NDHB document suggests the use of Aadhaar as a possible Personal Health Identifier, since it “assures uniqueness of identity” and provides an online mechanism for authentication. Although the document defers the final decision and says that Ministry of Health may decide this in consultation of MeitY and UIDAI (FYI, the committee which drafted this blueprint was chaired a former chairman of the UIDAI), it will be no surprise if Aadhaar is indeed a preferred PHI, given its mission creep.

• The only stakeholder to raise issues around Aadhaar was Aditi Chaturvedi from Software Freedom Law Centre (SFLC). “The ministry should provide clarity on the use of Aadhaar, the system links very sensitive personal data with public and private, while the Act permits the use of Aadhaar only in some ccases, we aren’t able to understand where the line will stop,” she said.

Data collection and gathering, and data disclosure

Dr Vivek Gupta from AIIMS said that there needs to be clarity on whether data is going to be collected at both IPD and OPD. 5 out of the 8 mandatory data elements in Table 3.3 (see below) of the document deal with clinical data to be collected at the time of doc-patient interaction. “There are very broad terms and encompasses the entire encounter — history, observations, complaints etc. In a high load set-up such as AIIMS, where the average interaction time is very less, how does this [kind of] data gathering work out?” “Again, data is collected also for design purposes and not just for clinical purposes. Is all this data or only a part of it also supposed to flow into a central repository, only a part of it?”

Aditi Chaturvedi from SFLC, said the its concerning that we don’t know the amount of patient data that will be disclosed to private players in the system, such as insurers, pharmacies, and hospitals, among others.

Use of telemedicine and lack of legal framework around it

Telemedicine is one of the answers to the skewed doctor-patient ratio, and two areas of telemedicine need a little more stress in the document, according to Dr Karanvir Singh, Chief Medical Information Officer at Apollo Hospitals. One is the business model, a large number of organisations which started telemedicine projects have gone down because their business model doesn’t address their local concerns.

“They’re treating or giving consultation to patients in different parts of India, but the income — it does come down to income — is actually not coming to them. Because if a patient comes in via telemedicine, the consult is supposed to be free.” — Dr Karanvir Singh

Legal framework and issues surrounding telemedicine

Dr. Singh flagged another issue — the legality of telemedicine consults, whether it is telemedicine or via WhatsApp. “Karnataka has made it illegal,” he said, “so it’s an area that needs to be addressed.” Preeti Sudan, Union Health Secretary, agreed that there are ethical issues surrounding telemedicine.

• She explained that the ministry had asked if the Medical Council of India (MCI) could act on it. The body, however, has been dissolved with the passage of the National Medical Commission Bill, 2019 (which has been passed in both houses of Parliament). For context, once the NMC Bill becomes an Act, it will replace the MCI as the regulatory body for medical colleges and institutions in the country.
• “We need actually need some kind of policy document or legal framework as to the extent of telemedicine we can do,” said Sudan.

Sudan also pointed out that there isn’t yet a data privacy law in India, the Srikrishna Report is under consideration, and “we are eagerly awaiting it”. Elaborating on the government’s work in telemedicine, she said the ministry is forming an e-learning network in medical colleges. Teleradiology works very well in government, because because you will have that X-ray know in front of you and the doctor [can consult].

“Then there are legal issues around teleconsultation. Is there a country with a legal framework for telemedicine?” — Preeti Sudan

Colonel (Retd) Dr Ashvini Goel, vice-president of the Telemedicine Society of India, pointed out that Texas had passed its own Telemedicine Act. The society had presented a white paper on a proposed Tele-health Act to the NITI Aayog, but hasn’t heard anything on it, he said.

Tele-monitoring as a form of tele-health

Although questions were being raised about the legal issues surrounding telemedicine, Dr. Monica Thomas, a neurologist at Holy Family Hospital, pointed out that a variation of tele-health is tele-mentoring, which the hospital has been doing through extension of community health care outcomes started by Indian origin hematologist Dr Sanjeev Arora.

• Tele-mentoring, she explained, takes away the risks of advising the patient directly, since “you are advising the community physician who takes care of the patient. And I would suggest that that should be multiplied much more.”
• Sudan once again pointed out that tele-mentoring has indeed worked, and the government is using Dr Arora’s platform on a large scale. “The question raised that if we’re going for tele-medicine, the legal liabilities need to be defined. Only Texas has a law now.”

“We are using this echo platform of Sanjeev Arora on a very large scale now. And you’re right, this tele mentoring has worked. And we do use this platform. And it’s a good thing. But you know, I understand that and it’s being used in US also.We are extending it to our TV also now. We have a Digital Academy for Mental Health in NIMHANS. The question raised that if we’re going for telemedicine, the legal liabilities need to be defined. Only Texas has a law now.” — Preeti Sudan

‘Patient consent is paramount’, illiterate patients, and consent frameworks

The document says that data will not be available to any care provider without explicit consent of the patient, Dr Karanvir Singh from Apollo Hospitals reminded everyone. But, he said, “we have a large number of illiterate patients, patients can be unconscious, or can be children.”

• There are two solutions for this:
  1. All data becomes available to the current care provider, as long as it is not explicitly marked as confidential by the patient. This is the less preferable option.
  2. Break the ceiling, break the glass: So a patient is brought in unconscious, there should be a mechanism defined by which the doctors in the casualty or emergency can access the data even if it’s not explicit consent by the patient.

“The issues of consent is paramount,” said Anuvinda Varkey from Christian Coalition for Health. “We should have some kind of communication measures to the public about what consent means. And in case the patient has no identifier like Aadhaar, it should be mandatory to give them care.”

EHR standards need more clarity

Aditi Chaturvedi from SFLC said that the document provides MeitY’s electronic consent framework guidelines, and the EHR standards in another section. “Although the [EHR] standards are backed by law, they’re not very clear, they lack of lot of comprehensive consent requirements present under the MeitY’s consent framwork.”

“It’ll good to learn from the data breaches happening despite there being HIPAA in the US. It’s interesting to note how the US is highlighted difficulty patients have in accessing data.” — Aditi Chaturvedi

Consent from illiterate patients, doctors wary of technologies

An audience member, who identified himself as Raghuram from the life sciences and healthcare practices at NASSCOM, said that there’s need for clarity on [obtaining] consent from illiterate citizens.

• Speaking about standards, he queried if India can make an ICD-10 similar to the SNOMED standards, for which India already has a license. The standards can be adopted and the government can release it to all the techology houses, he suggested. “Or maybe India is a large enough country to have its own standards,” he said.
• He also said that many of the doctors they [NASSCOM] spoke to were wary of using digital technologies for diagnostics, and so there should be some representation on the legal aspects of using digital technologies.

“The document talks about creating various registries and directories, but do we know the digital landscape of our country?” asked Antony Vipin Das, an eye surgeon at LV Prasad Eye Institute, which has been working with Microsoft India on a AI model for diagnostics. “While we’re listing registries, we need to understand where we stand at the govt and private sector,” he said. Sundar agreed that states are at various levels of development in health.

Standardisation and interoperability

“The decision support system should not be in silos, but should be interoperable.” according to Dr Prashant Mathur, director of ICMR’s National Centre for Disease Informatics and Research (NCRID) in Bangalore, which also runs the National Cancer Registry programme. “There’s a little ambiguity between repositories and registries. In the cancer registry, besides collecting incidence and trend data, we also study patterns of disease and survival studies for cancer, we have been publishing data for in breast, oral, cervical cancer.” This, he says, needs repeated contacts, information, and follow-up treatment, “does the document have clarity on whether all these events should be taken in longitudinally?” he asked.

Ministry of Health representatives also emphasisized on the need and benefits of interoperability. In cool sarkaari parlance, they said, currently the health sector has ‘egosystems‘ and not ‘ecosystems’, meaning all existing systems are siloed and don’t speak with one another, and that it’s important to do that. Stakeholders present in the meeting said. “There are already existing systems and programmes in place, so how do we knit the entire system together?” asked Sudan.

Other issues raised around standards and interoperability:

• Ayush Rathi, from Centre for Internet and Society, said that the terms ‘open standards’ and ‘interoperability’ are being used as synonyms. “Open standards may be instituted but they may not be interoperable themselves.” he said.
• Abhijeet, sale enablement leader at Philips, said interoperability is a low-hanging fruit, and the benefits can be seen easily and instantly. He also said the action plan is “quite” aggresive, and more specifities and details need to made visible.
• Sudeep Dey, Associate VP for IT operations for India for Fortis Healthcare, said data retention has been a challenge. “We have e-precription shops coming up as mom-and-pop stores. A lot of data is getting generated, we need some kind of standards, so everyone can access the system. Fortis gets 20 requests everyday that we have a new e-prescription solution.”

Private sector setting standards?

“One of the major roles of the government will be setting standards,” said Krish Dutta of Relx Group. “Private sector can come up with solutions, but they will not be able to agree on it, because we will all have different opinions. But standard setting is very important, and should be a goal in all domains of digital health.”

Dealing with EHR standards in primary hospitals:

Talking about EHR standards in primary care hospitals, Dr Rajesh Kumar, a dean at PGI-MER, Chandigarh, said most standards like SNOMED are for tertiary care hospitals, but there are many primary care hospitals, which don’t need many elaborate standards. “So can the government some open standards for primary care centres and hospitals, which is not very demanding on softwares.”

“Secondly, we have lot of silos, can we begin within the Health Ministry where APIs can be shared to make existing softwares interoperable. Once this platform starts working, there will be great need for storage space. Our data centre is totally full, we’re looking forward to if the government can bring in guidilines for data storage?” — Dr Rajesh Kumar

To the above query, Preeti Sudan said the guidelines are available, and cloud storage can be bought on GeM platform.

We should draw inspiration from UPI, ecocystem should be ‘rich’, with private and public players:Reliance Jio

Also present in the consultation was a representative from Reliance Jio, Ganesh Kathirasen, VP for digital healthcare. He said the NDHB should be a “rich ecosystem” with both private and public players. The talk of federated architecture shouln’t be limited to just the states, but should include any provider of healthcare data and system in the country.

• “People can largely be put in two buckets, providers like hospitals and clinics or consumers who are patients. Both stakeholders should be able to choose any application to enter the system, as long as the software or app adheres to certian minimum regulations by the ministry.”
• He said “we can all draw inspiration from UPI, and how its been implemented”. It created a level playing field and its important to mirror something similar in the digital health domain, he said.

Issues surrounding Outcome measures in blueprint

Talking about the outcomes measures defined in the document, Dr Karanvir Singh of Apollo Hospitals, said the outcome measures aren’t clearly defined – and they will be ultimately used to make KPIs. He suggested that the outcome measures be laid out at three levels — ecosystem level, platform, and another level that we didn’t catch.

“For instance, on the ecosystem level, one KPI could the percentage of patients who have managed have a longitudinal record pulled in from various places. Another could be the percentage of doctors who are able to access this longitudinal record. The current KPIs aren’t covering all the three areas, which we can ensure by breaking them up.” — Dr Karanvir Singh

He laid out another two outcomes measures, which according to him, are flawed. “Firstly, that the test is not to be repeated,” referring to the requirement that a patient should be tested “ONCE ONLY”. “But clinically, there are many reasons for repeating a test. So rather than saying once only, which is in caps in the document, it should be to minimize duplications.”

• Another outcome measure is that the patient should be treated only at one at one point of care. Based on the capacity and capability of hospitals, patients do get referred from one place to the other. If these are the KPIs, we’re going to get wrong values that the system has failed when it actually hasn’t failed.

Artificial intelligence is brought up

There wasn’t much representation or discussion around artificial intelligence in healthcare. P. Anandan, from Wadhwani Institute for AI, said AI can augment human capacity. AI, data science, and data analytics are all relevant, “however there is some myth and mystery surrounding this technology. Its important to have clarifications around how AI can help, how it should be implemented, and the regulatory aspects around AI, such that privacy and quality of care is assured.” Raghuram from NASSCOM also said AI is also “taking shape in a big way across the continent, and we should have some policies around use of AI in the digital health.”

AYUSH Ministry says it should be involved

A representative from the Ministry of AYUSH, who identified herself as Leena Chattrey, said AYUSH should be part of this document, in a sense wherein “AYUSH can use the data of UID or something similar, and share our data through common APIs. We also want the names of applications or portals developed by AYUSH to be in the document. We want complete or partial integration with building blocks, complete integration can be in patient care and other common interest areas, and partial integration can be done in AYUSH-specific activities.”

COAI marks its attendance, and other comments

Rajan Mathews, Director-General of telecom lobby COAI (Cellular Operators Association of India), expressed concern over the “minimal role operators are asked to play in this,” “you have MeitY, but not DoT”.

We have all these uncovered villages, we know about scope and scale, and even Aadhaar. Aadhaar did not become successful until you involved the operators. So their should be greater inclusion.

Mathews also recommended that there should be an international focus, particularly considering BPO businesses. “Having our requirements that comply with the EU requirements of data privacy and data control, and the American requirements on medical records and documentation, we should have that international focus in terms of the standards of the integration, because otherwise our BPO services will become subject of risk.”

Rahul Pandey from World Bank said that although he’s aware that health is a state subject, and the centre cannot dictate policies, “Many of the state government trying to innovate and thinking of various tools and processes in IT; there could be some kind of guidance to the states to make sure that there is some alignment with the centre.”

Participants in the consultation

• Startups: Raxa Health, Relx Group, Wadhwani Institute for AI, mFine
• Hospitals: Fortis Healthcare, Apollo Hospitals, AIIMS, PGIMER Chandigarh,
• Associations in health: Telemedicine Society of India,
• Other associations: NASSCOM, COAI (Cellular Operators Association of India)
• Civil society: Centre for Internet & Society, SFLC (Software Freedom Law Centre)
• Doctors and medical professions from: Holy Family Hospital, LV Prasad Eyecare Institute
• MNCs: Philips, Johnson & Johnson
• Others: Ministry of AYUSH, World Bank, ICMR (Indian Council of Medical Research), Access Health