BQ Explains: How The National Health ID Will Work

A health ID is a key element of what we are envisaging to create the national digital health ecosystem. It’s a system of systems and we are planning to ensure that all the health records of all individuals shall be stored in a digital environment, in a secure and private fashion and shall be accessible to the doctors and other healthcare professionals as per the requirement. To make this happen, it is necessary to have a health ID to which these health reports can be linked to.

So for example, I have a particular health ID. I will go on linking my health records which have been accumulated till now and will also get them linked in future from various hospitals, laboratories and clinics so that the data of medical records get built up; what we call where the longitudinal medical history of a person is available at one place, which is so important for providing quality healthcare.

Of course, this has many other advantages going beyond personal healthcare in terms of public health and public policy, we are all witnessing the watershed moment in the history of humankind in the form of the Covid pandemic. So this data and this digital ecosystem will also be useful in managing that.

See, it is not an initiative of only the government. What is being planned is the collaboration or a joint effort between the government and the private sector, but the role of the government definitely comes in as far as one point is considered. We are planning to have three basic modules or fundamental registries. One is of a health ID, the other one is of doctors and the third one is health facilities. We must have a single source of truth; data which can be relied upon.

For example, when it comes to the data of a doctor, if a doctor is really a doctor or not that can be verified only by the Medical Council. Similarly, for health facilities, we have to have somebody certifying that yes this is the health facility rather than anything else. Also, obviously why the health ID is given by the government- because we want the health ID to be unique in the sense that the same number should not go to more than one individual and that is the reason there should be a single origin or single set of numbers from which the health ID is getting generated.

So, how do you calculate cost of one life? That is the basic question and then how do you calculate the cost of 135 crore people? It is a very complex issue. The question is something like this, what is the cost benefit analysis of having an email account? So, it’s something very intangible but I’m certain that by investing a few hundred crore rupees, the cost of this initiative is really insignificant if you compare the budget of the ministry or the government but the benefits are humongous. I mean the best thing to happen for a doctor while seeking history from the patient is to have all the records which have been created in the past right from the immunisation in childhood or even the pregnancy of his mother till now-- it cannot be a ascertained in any monetary terms. That is one.

Then the cost in terms of public health, I mean, we are witnessing the adverse effects of the Covid pandemic on the economy. If we are to use the anonymised the data for proper decision making and to ensure correct interventions in the public health sector, the benefits will certainly be much, much higher than whatever the miniscule amount that we are going to invest. This is in fact the way to go forward, many countries have moved ahead and it’s time for India to go forward.

What we are doing right now is a pilot phase and we have developed the three basic softwares and we shall be developing the softwares even further and that will be after we float the RFP and follow the proper bid process. So the exact cost will come out of that bid process but I am certain that it will be probably be not more than Rs 150 crore but I cannot comment at this moment because it will come only after a competitive process is completed.

I am talking about the whole platform throughout India. It is one online portal which we have opened only in six union territories. The same portal and the same server will serve for all other states and union territories. It’s only a matter of taking feedback from users who understand the feedback better so that we can then make certain changes, for example, in the case of user interface or user experience before we reach out to the remaining.

No. See, we are not going to insist for any printed card. A person is supposed to have a number and that’s all and once this is rolled out beyond the six union territories, it takes less than 60 seconds to have a number if you log on to the system through the website— healthid.ndhm.gov.in. That is one way of getting it.

The other way of getting the number will be whenever the person goes to a health facility—a hospital or a lab, he can get it there.

To start with we are allowing two types of verifications - one you can use Aadhaar and then in that case, our system talks to the Aadhaar server and verifies the person.

The other option is to use your mobile number.

In the long run, we may consider adding other alternative options like the passport, PAN card and the driving license but right now, we have rolled out the system using these two identifiers. Either use your Aadhaar number or use your mobile number and then create your health ID.

So, we are definitely allowing more than one account to be linked to one mobile exactly because of the reason that you just quoted. In fact, if somebody’s not having a mobile, he also can have health ID created whenever he has his first interaction with any healthcare provider at the counter.

See, as far as Aadhaar-verified numbers are concerned, there is no question. When you give your Aadhaar number, it will get verified only if Menaka Doshi’s OTP which is submitted in the system which will go to Menaka Doshi’s phone number.

Now coming to the second point, the mobile based verification. You will create your health ID and go have an interaction with a doctor. So, you have to visualise the NDHM ecosystem as a digital version of the existing system. So, whenever you interact with the doctor, what he does is; he gives you a couple of papers which are medical reports, a prescription and so on. What we are contemplating is that instead of giving those physical copies to you, he will ask for your health ID for which you will get prompt or a notification on your app or you will get an OTP the way it happens while interacting with two different systems. That will be transferred from his system to your mobile, or your tablet or laptop once you share the OTP.

Now, for example when Menaka Doshi goes and meets a doctor, he will send an OTP. It will obviously come on your mobile device you are supposed to share with him, or you will get a notification on your mobile which you are supposed to press ‘Yes’ for sharing and only then, the data exchange happens. So the system ensures that the records will reach the intended beneficiaries only and it is not possible that some other Menaka Doshi will receive an OTP. And she will obviously not give consent because she knows that she’s not with the doctor.

So there are enough checks and balances in the system to ensure that the records reach the right person.

Yes, it is a voluntary service and an voluntary opt out is also there. So, if you join in and after a while you feel that okay, I don’t want to continue in the system and you can opt out as well.

So this is something like having an email id but there is a reason why we have kept it voluntary. We presume that the system has so many advantages. See, even now we haven’t made email mandatory, right? But still everybody ends up having an email id because the advantages are so many that we presume that people will realise the advantages which the system brings and people will join voluntarily and very proactively.

The incentives are in-built. If a doctor or a health facility joins the health facilities registry, it is making itself available when the patient searches for them on his mobile.

The doctors are always registered with the Medical Council or whichever council it may be. So there is no case of a doctor who is not registered with the council.

I would like to clarify that we are not adding any more authority.

When the doctor applies on Digi-Doctor, the application is automatically routed to the Medical Council and they approve that okay, this person is in our register. So we are giving them two options. One is electronic verification where the data is digitised, and in those medical councils where the data is not digitised, we are allowing manual verification too. So we are not bringing in any additional authority for the regulation. So, a doctor is just applying saying that okay, I am doctor XYZ, having a degree in MBBS and MD, it will go to the Medical Council and the Medical Council will say okay and he’s on-board the platform. That’s the process.

As far as clinics, laboratories and hospitals are concerned, there is nothing like the Medical Council where a single source of data is there.

There are certain registries like the NHRR where a lot of data about these facilities is present. So, what we are doing right now is, we have pulled up this data of NHRR which has around 8.5 lakh facilities already registered and we are allowing these facilities to get on-boarded. It’s a multi-layer verification. The first and foremost verification will be by the district authorities who will just verify the existence of that particular facility and then that facility will be on-boarded. So right now, that will take place and then to ensure the ease of doing business of this facility; see what is happening right now is, each facility is required to take numerous permissions. One permission for fire, one for PC-PNDT, another from the Atomic Energy Regulatory board and so on and so forth depending on the facilities. So, what we are planning is basically trying to give access to all these regulatory bodies to our platform. So, it will again provide an extremely easy process of getting these accreditation from various bodies; more than 60 such bodies for these facilities as well and it will reduce the paperwork to a large extent and increase the ease of doing business for these facilities.

So, it will be a two-stage process. First, we will be verifying that yes, this facility, lab or the hospital exists in this city and it is on boarded and other agencies will then start renewing their certifications/licences on the same platform. That’s the idea.

I will put it like this. We have studied similar models for various countries like Korea, Singapore, Australia, Estonia, Israel, U.K., U.S.A., Egypt, U.A.E. and so on and so forth... but given the complexities, the size and heterogeneity of the country, which is actually a continent called India under a very peculiar administrative setup, we have incorporated best features of these various countries but definitely our model is tailor-made to India needs.

Most of the major hospitals or almost all the laboratories already have a system which will continue to be used and they will be integrated. So it’s not the case that they will be required to have a totally new system.

What we are planning is to have a sandbox that will be up and live hopefully today (Aug 26) in which we will start integration of all the existing systems in India which are already being used. What will happen is only the inter-connectivity will be getting established between two different systems. So, we already have different electronic systems of banking running and UPI only got them connected together. So, we are doing something like this.

Now, there is a question - what happens if any doctor or hospital doesn’t have any system right now? So, for him it will be a new investment which would have been done in any case even if the system was not to come because most of the diagnostics have already shifted to some or other IT-based system and most of the major hospitals and even medium-sized hospitals have also shifted.

For the benefit of smaller establishments, we are definitely considering roll-out of a basic software that is free of cost. So for those who are not keen to invest in anything, they can use this basic software like the BHIM app for example and those who really want value-added services, they can go for any private product. So I think this is not going to be an issue of much concern as far as I see.

What we are contemplating is a federated architecture.

Except for the three registries that I talked about- those three registers will be central, everything else will be decentralised and close to the point of delivery of healthcare.

So it has been described in detail in the blueprint but to tell you very briefly...

If you go to hospital X, the reports will remain in the server or cloud or whichever system hospital X is using. It’s not going to go to a hospital Y or any other city; it’s going to remain there. Now if patient A goes to hospital Y and tells him that I’ve been to hospital X, the doctor in hospital Y will ask okay, can I access those records; patient will say yes and only then those reports will be accessible to the doctor to read in hospital Y.

So, we have built three directories and we have created a sandbox and various systems are already in use in the various union territories.

For example, there is a system in Chandigarh, Pondicherry, Dadra and Nagar Haveli, and we will be linking in and plugging in those systems into our sandbox. The sandbox is a testing environment. So, once the testing is done, it is certified and then those systems will get corrected. So at this moment, the sandbox will be live maybe today and then the process of integration will start and in a matter of few weeks, the integration will be complete.

The reasons are legal rather than technical. So for the legal reasons, we can’t make Aadhaar mandatory for this particular purpose but we are definitely giving them an option to use Aadhaar.

If you use Aadhaar and generate your health ID, then I am not saying that you must remember your health ID separately. You can still remember only Aadhaar, log in using that or you can also have additional alias like Praveen@ndhm which is easy to remember. So, we are allowing all the options to the patients.

You would have noticed many websites; where they ask you to create a new account login using a Facebook account or login using a Google account. So, it is these kinds of options we are giving, we are trying to make things simple but for legal reasons, we cannot say that Aadhaar numbers should be used and that is the reason we have given an additional option. Obviously, they can use either - they can use the Aadhaar number; they can use their mobile number as well for logging in. So we are giving out multiple options.

See, let’s believe in the IT power of India.

There are two ways of safety, integrity, privacy, one is the legal aspect and the other is the technical aspect.

We have already proven with the successful rollout of Aadhaar; which is the largest database of its kind, very complex and actually sensitive data- we have successfully proven to the world that we can secure and store it in a very secure fashion and use it for the benefit of mankind. So, let us not have any doubt about the capabilities on the technical side as far as India is concerned.

Now, I come to the legal point. The legal point is that there are certain principles of law that are laid down in various judgments of the Supreme Court like Puttaswamy, then the others like the PDP bill which is in consideration in the Parliament. So, we have considered all these aspects and all these precautions which are envisaged from the legal point of view have already built into the design. It’s not added as an add-on thing later on.

So all the legal and technical precautions have been taken to ensure that the data remains secure, it will be the patient’s data and the patient will be the master of the data. It will be accessible to the doctor to the extent and for the time the patient or his legal guardian desires. So, that is the system and I assure you on behalf of the Government of India and to all citizens of India that rest assured your data will be very secure and very safe.

I will come to a phone getting stolen; it is parallel to your medical file getting stolen. So that is the case even now your physical file can get stolen but in the case of your phone, probably you can have an additional feature; it is better than the existing system. We can have a lock-my-app kind of a feature which is there in many phones even now. For example, nobody can access my phone and it opens up only when my fingerprints are in or when I put my own OTP. So, it’s in fact going to improve what the situation is right now, that is first. Again, we will definitely have that option of disabling access. When you try to do some banking transactions, you always get a message ‘If it was not you, please call this number’. So I think things have been made easy by the use of technology rather than difficult.

See, we go by three-four laws, all the judgments of the Supreme Court, because of constitutional provision, they have force of law. So all the judgments including Puttaswamy, then the IT act of 2000 as amended in 2008 and PDP bill which is expected to be passed in the parliament and obviously the general laws like CRPC and IPC will be applicable.

So, there are enough legal provisions to ensure that number one, the data is not breached and if somebody tries to do mischief, the severest punishments can be given. So I think there are enough provisions.

First, who decides whether a particular programme has legal validity or not. It is the higher judiciary of India, High Courts and Supreme Courts. As far as Aadhaar is concerned, numerous cases were filed against Aadhaar and it came out to be a winner and the Supreme Court has upheld the validity of this programme even before the Aadhaar Act was passed. The Aadhaar Act was passed quite recently in fact compared to the rollout that is one.

Secondly, we already have enough legal frameworks. We have to consider the legal framework available through our traditional laws that are CPC, CRPC, IPC, Consumer Protection Act and the various laws governing the medical and healthcare regulations including Clinical Establishment Act, NMC bill. So, we have those. Then the act called IT Act which basically gives evidentiary and documentary value to electronic document now on a similar level which is a paper document. So, the laws have to be read together, you cannot read laws in isolation.

Laws are there to lay down the way in which executives are supposed to function. There is a clear cut distinction between the roles of legislature and executive we already have a mandate from legislature supported by various judgments of the Supreme Court and I don’t see a single step in our implementation which is going beyond the mandate of any law or any second the principle of law.

We already have provisions. For example, for the leak of data we already have provisions in the various laws that I explained. So, the law is fairly well defined and codified in the Indian judicial system.

You have to compare this with the present scenario.

So, a hospital X generates an incorrect report, let us presume, and that is taken to hospital Y - whose liability is fixed? It is the report-generating person in hospital X and both on the civil and criminal side, the responsibility lies with the hospital X.

Two things. One, we’re definitely considering offline modules. We understand the problem of connectivity in India and that exactly is the reason we have Ladakh, Andaman and Lakshadweep—the far flung areas in our pilot to test our system.

Secondly, once the connectivity is established, whenever it may be, you can have your record and store it in your mobile. So even if the connectivity is lost later, you can still make it accessible to the doctor. So we are definitely considering certain limited features as well. For example, feature phones don’t have those display arrangements which a smartphone has. So we are definitely moving on the principle of inclusivity and definitely not trying to exclude any possibility.

We understand that a lot of areas in India, rural, tribal, hilly or the remote terrains-they need to be seen with extreme sympathy and we cannot end up catering only to metros. So we are definitely considering those systems but let us also not wait for the day which may not come when the mobile range is available in each and every 33 lakh square kilometres of India. It’s a movement forward, we are going forward and simultaneously infrastructure is getting ramped up.

Now, till yesterday, Andaman and Nicobar was a problem but last week we had this undersea cable connectivity to Andaman all of a sudden increasing connectivity and now it has connectivity which is better than many countries in the world. So I’m in touch with the authorities in Port Blair and they were extremely happy with this new cable. So, we are definitely trying on all the fronts and at the same time taking care of basic features and also, some disadvantages that certain locations may have.

It is with the person who creates the data.

Let us say I have done my haemoglobin examination and by mistake, it is written 15 and the technologist feels that it should not be 15 but it should be 14.5. So, it is the pathologist that corrects it.

In case there is some spelling mistake in some prescription, let’s say Crocin is incorrectly written, then the physician will realise the mistake and he will correct it.

So, what I’m saying is that the existing systems, the existing legal rights and the existing legal liabilities will continue to remain as it is. The only difference is that the paper is replaced by a digital document. That’s it.

When we talk about digital health data, we are not presuming that every single hospital has high-end and state-of-the-art digital ID systems which has inbuilt features of ICD, FHIR etc. We can still continue to call the same disease by 10 different names and all are scientifically correct names. For example, cardiac arrest, heart attack, myocardial infarction, blockage of coronary artery. All are the same disease and all are correct names and I don’t expect that from tomorrow all doctors in India will start learning that you have to call it cardiac arrest and not the heart attack. No, it’s not going to happen and we don’t expect that.

So what we are planning is as follows.

We have a spectrum. On one end of it, we expect that as far as possible, kindly use ICD guidelines. The other end of spectrum is - okay, if you want to continue to scribble on the piece of paper because you’re comfortable, the OPED runs into hundreds of patients so please continue scribbling on the paper and upload the PDF or JPEG. The middle end of the spectrum is that you can enter free text but not in a standardised form. So, it’s a whole spectrum that we are allowing.

Now this whole spectrum of data will be available to the other side. Obviously when it comes to AI and ML-based algorithms; it will be the standardised data which will be more amenable to the algorithm. The middle part will be slightly less amenable to algorithm and the PDF may not be available unless you have a machine reader kind of additional add-on facility.

We don’t see that from Sept. 1 for example, everything starts in ICD-11,  it is not going to happen. We are going to allow, and give that transition period for doctors, patients and everybody so that the transition is actually smooth.

You may recall the earlier days and I remember receiving some emails in which letters were written, scanned and forwarded or sometimes I received WhatsApp messages written instead of typing. So, somebody takes a photo and then sends it across. So, that’s the flexibility that WhatsApp or email offers. The same kind of flexibility we are going to provide in this system.

I’m happy to share that we have interacted with states in numerous meetings, the whole NDHB was created after extensive stakeholder consultation including the states and even this implementation of national digital health mission, we already had meetings with all health secretaries of various states, union territories.

I’m very happy to share that many states are in fact are requesting us why we have not taken to the second stage - because we wanted to start small and then scale fast. That’s why we started with union territories. So the states are excited to join this initiative and there is extremely positive feedback. We already have requests coming from many states that they may be taken up in the subsequent days as soon as possible.

Not only states, we have had interactions with hospitals from the smallest hospital to the biggest hospital, from the remotest village to the topmost specialist in metros. We have had interactions with more than 600-700 stakeholders so far and we continue to have interactions. Our website is open for feedback, anybody can go and give your feedback and we are constantly reading, analysing and trying to improvise the system.

When I say that we discussed with almost 700 stakeholders, 150 were companies providing various solutions in health care and we have their presentations in the public domain as well on our website. We have definitely involved them and definitely the umbrella associations like NASSCOM, CII. So, we have spoken to as many players as possible and we are willing to speak to more but I don’t think we have left out any company in India to speak to.

We have the used NHS IT resources which we are using for the Pradhan Mantri Jan Arogya Yojana, and Ayushman Bharat already with. So we have developed a basic system using them. For a larger implementation we will get a player on board through a competitive, open and a transparent process.

I’d like to answer it quickly. The provisions and legal provisions for sharing of such data are already laid out and they are also contained in the PDP bill. Now, even though the PDP bill is not passed we are going by it.

Again, I go back to the same answer.

We do have regulators for doctors; we have councils who are empowered to revoke the license if something goes wrong. We have local authorities, which are empowered to take action against health facilities. What we are providing is only an online platform. We don’t see of ourselves as a regulator at all. We are just a facilitator providing an online platform.

See, throughout the history of mankind, law is always an evolution. Law always evolves as per the requirement of the state and the requirement of the civilisations. Medical or the healthcare field cannot be objectively converted into zero or one kind of scenario. It’s a highly complex issue. Whenever any issue of legal repercussions arise, it goes beyond the law into the realm of medicine which cannot be just defined in your algorithmic base. So, what happens, we already have evolved laws.

For example, let’s say the case of medical negligence which can come in this case also because of negligence through telemedicine—let’s take that case.

So we already have certain principles of law which say that okay, the judge will not go into the medical aspects of the case but this will be dealt with by experts of the same speciality based on which the judge will make the decision. This is what our consumer law for example plays out in actual judicial practice. So those laws are already there, they will continue to regulate and govern whatever practice will come through this platform.

As far as the IT platform is concerned, again, maintaining the integrity of the IT platform there’s a separate law in the form of the IT Act and other relevant regulations.

Obviously, the requirement of better laws is there not only in the medical field or the finance field but everywhere. It is always there and that’s why we have a parliament and so many assemblies, right? So, these are being discussed they will evolve and we will adapt our platform to the evolving laws.

We will be learning from the mistakes of other countries. We are not going to repeat the mistakes and let us believe in India’s capacity. I repeat, we are the nation which has sent satellites and rockets at the cost of less than the production cost of a Bollywood movie.

So the time will tell whether we succeed or fail. I strongly feel that we are going to succeed and we are going to take all the precautions to ensure that we don’t fail.

I think I’m not going to get intimidated by the fact that another country has failed and that is not going to stop India for trying to do something which must be done and which is the need of the hour.