IT for Change recently responded to the call for consultation by the National Health Authority (NHA) and Ayushman Bharat Digital Mission (ABDM) on the proposed National Health Data Retention Policy.
ITfC deems the retention of health data important towards both establishing longitudinal medical histories of individuals as well as public health research imperatives. At the same time, it is vital to keep in mind the issues of data security and privacy, and potential collective harm from extended periods of retention of such sensitive personal data. A policy governing health data retention which encompasses these aspects becomes critical in that context.
The key points of our submission include:
- Restricting the ambit of the retention policy, for the time being, only to ABDM registered facilities.
- Providing support for small health facilities for employing certified services for health data storage.
- Clarity about which actors are covered or intended to be covered by the policy, and which not.
- Enabling individuals to ‘opt-out’ of sharing of data, even in anonymized forms, by health facilities with third (or outside) parties, unless involving legal requirements.
- Anonymization of the retained data should not be allowed to be employed for indiscriminate and/or otherwise inappropriate data sharing and expropriation, particularly as involving commercial actors.