Hyderabad: Privacy of healthcare data took a toll as over-enthusiastic as one minister and a top health officer shared the medical data of people who were admitted in the Ayushman Bharat scheme on social media. The patient data was shared in the form of screenshots of Excel sheets. Deputy CEO of Ayushman Bharat, Dr Dinesh Arora, shared screenshots of Excel sheets with patients’ names, aliments and assigned doctors. Dr Arora in his tweet said, “Five patients admitted in Ranchi Institute of Medical Sciences for urology and cystoscopy. Privileged to be part of the team implementing this mission (sic).”
Likewise, Assam health minister, Himanta Biswa Sarma, shared names of about 20 patients and their health packages. Mr Sarma said, “It’s heartening to share that within 24 hours of its launch, we have given the benefits of Ayushman Bharat to 21 needy patients across different hospitals in Assam. Likely rise in numbers from Tuesday.” Many vented their ire over the sharing, calling it breach of privacy.
Data for such a big initiative being tracked in Microsoft Excel has also come into question. Many citizens pointed out, “The people might be from the lower strata of the society but that doesn’t mean their data can be published without consent.” It may be mentioned here that Prime Minister Narendra Modi rolled out the Pradhan Mantri Jan Arogya Yojana (PMJAY) or Ayushman Bharat on Sunday. Security researchers opine that medical data has often been taken easily by agencies and people do not understand that it is breach of privacy.
While there are two legislations, namely Digital Information Security in Healthcare Act (DISHA) and Personal Data Protection Bill, 2018 to protect privacy, they are yet to become law. Advocate Sumit Batra said, “Data privacy and security play a pivotal role in protecting and governing the source and transmission of data. Health data is more susceptible to breaches considering its highly personalized nature.
While two legislations are already in nascent stages, much more is required to protect sensitive and personalized data due to constant threat of the constantly evolving and transforming digital economy. Measures provided under the proposed legislations like establishment of National and State eHealth authorities, including health information exchanges, provide too little safeguards.”
He pointed out that the need of the hour was a strict and robust legislation which provided for adequate governing, administrative and security mechanisms to ensure complete privacy and confidentiality of information. The Disha Bill has been temporarily stalled as the government wanted it to go along with the Data Protection Bill. Mr Srinivas Kodali, independent security researcher, said, “It is not just about any healthcare data.
“The officials in charge are clueless about what they are dealing with. The responsibility is on the doctor and the government to inform them that healthcare data is private data and comes under medical ethics. Disha will take updates from data protection, as it cannot be different from the data protection Bill and is likely to be introduced along with same bill in Parliament.” Meanwhile, since there is no data protection bill in place, people can reach out to courts citing that there is no law and sue them seeking damages....