Health Ids Needn’t Cause Any Anxiety Over Data

Livemint     20th October 2021     Save    

Context: Digital Health IDs of Ayushman Bharat Digital Health Mission raised concerns regarding India’s digital health architecture.

Concerns associated with digital health

  • Assault on privacy: Digital identity systems in India are directly associated with privacy harms as all personal health data are taken up and processed with no or minimum safeguards.
    • Privacy purists argue that the harms these systems are capable of causing are simply not worth any benefits they may provide.
    • Over collection practices: Incorporation of universal identity systems enabled unrelated items of information to be more accurately cross-referenced.
  • Over centralisation and data misuse: A single point aggregation of health data under India’s digital health architecture raises concerns regarding leakage and misuse of data.
    • Eg: Digital service providers can know the habits and behaviours of people than they ought to.
  • Poor grievance redressal mechanisms: Lacklustre attitude of digital service providers regarding privacy concerns as there is an increasing trend in incidents of data breach and negligence.
     

        Way forward: Digital identity solutions should be designed to enhance rather than erode privacy

        • Actively re-building public trust in digital identity systems by incentivizing the use of privacy-enhancing digital identity solutions.
        • Moment eligibility system for identifying eligible recipients: Identity information to be sequestered in separate hard-to-access confidential stores so that it became
          • Impossible for this data to be intermingled with other transactional information generated in the course of providing the service.
          • Information should be encrypted or tokenized to ensure that even in the event of a data breach, the detrimental impact on privacy is negligible.
        • Cross-verification of beneficiaries should be designed in a privacy-preserving manner:
          • Eg: Conceptualize zero-knowledge proof solutions that establish a person’s eligibility for an associated service without actually exposing any core identity information.