Health Data Comes Under The Purview Of Data Protection Bill: IAMAI

Responding to the government think tank NITI Aayog’s National Digital Health Blueprint (NDHB) report, The Internet & Mobile Association of India (IAMAI) has reportedly said that the governance of health data of citizens should be put under hold till the India’s data protection bill is finalised. 

“All data collected from individuals come under the permit of the Personal Data Protection Bill, which is under consideration by the Ministry of Electronics and Information Technology (MeitY). The proposed Consent Management Framework would have to come under the purview of the Data Protection Authority (DPA) under the PDP Bill and the regulations formulated by the DPA for sensitive personal information like healthcare data,” IAMAI said, according to reports.

NDHB has proposed the creation of district-level electronic databases of citizen’s health data and registries for all diseases of public importance and most importantly, proposed a National Health Information Architecture to roll-out and link systems across public and private health providers at state and national levels. 

In response, IAMAI reportedly said that rather than designing applications and services themselves, NDHB could consider utilising existing health systems.“The private tech startup sector has several developers working on such applications. The proposal for the NDHB to design its own applications is redundant, as long as these existing applications conform to the digital health standards,” it added. 

Suggesting an alternative, IAMAI said that the government should let private developers to build products on top of the NDHB framework and allow users to choose the most efficient and user-friendly product. 

IAMAI is an industry body representing healthtech companies such as Netmeds, and Credihealth, along with internet majors like Amazon, Apple, Ebay, Facebook, Twitter and more. 

What Is Data Protection Bill?

The Indian government has been mulling over a data protection bill for the last one year. The Draft Personal Data Protection Bill 2018 had defined personal data as any data of a natural person which allows direct or indirect identifiability. 

Moreover, sensitive personal data has been defined as financial data, biometric data, positive additions such as religious and political beliefs, caste, intersex/transgender status, and official government identifiers like PAN, etc.

Recently, MeitY initiated a second round of consultations through a letter to select stakeholders seeking further clarifications on their earlier feedback to the draft personal data protection bill. 

The second round of consultation included questions such as: Can non-personal data such as data from ecommerce sites, and community data be made freely accessible to all? Whether storage of personal data should also be mandated in India?

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.