This appeared in the FPJ in October

Last week, the National Health Authority (NHA)  set the ambitious target of getting a 100 crore people registered for the Ayushman Bharat Health Accounts (ABHA). The ABHA card is a vital component of the Government’s flagship health programme – Ayushman Bharat Digital Mission (ABDM) . This 14-digit digital health ID serves as a secure repository for individuals to consolidate and manage their medical records, including prescriptions, lab reports, and consultation details. In a world where health care is getting increasingly super specialized, and complex – this can be highly advantageous for patients across the board. Health records become portable and can be accessed by doctors anywhere. Carrying piles of files with physical documents, X-rays, blood reports etc. – would be eliminated, making life simpler. It is also expected that the ABHA card will increase healthcare efficiency, reduce costs, and empowers patients by putting them in control of their data privacy. Also the Government envisages that it can be linked to public health programs and insurance schemes, facilitating targeted interventions and equitable healthcare access.

All in all, the intentions behind ABHA are good and commendable. But, like all things that have do with data – especially sensitive data about us – there have to be questions asked and answered on how secure is our data. And this would not be a one-time activity, but an ongoing one. Given the kind of leaks one has seen on Aadhar data, bank data, CoWIN data, and host of others including shopping sites, credit card sites and more – we need to demand that our health data be protected better.  

 Our data tells a lot about us. That is probably why it is so valuable. It tells who ever is looking, and knows how to look, the basics – fundamentally demographic data – like where you live, your age, race, ethnicity, sex, where you live, how much you earn. That gives us one level of classification – find all women between 21 and 35 years of age,  who live in Mumbai and earn over Rs.50,000 a month could be a prompt that a marketeer would use to target a particular set of products at this audience. At the second level is psychographic data – this looks at a person’s activities, interests, values, social status, inclinations, and opinions. to form a more nuanced view of the audience.   

Beyond this there are other kinds of data that are even more confidential – there is data derived from the location services on  your phone that tells someone where all you went, and how much time you spent there. There is your shopping data that looks at what you buy and from where. There is data from platforms like Youtube, Facebook and Twitter, that give more granular information on what you consume, what you watch – what turns you on, and what is a turn off for you. Today, both the tools and the technologies exist to micro target the audience at an individual level. Which means that the way you are targeted with messaging may be very different from the way the next person in your own household is targeted.  And then, as if all this was not enough, there is your health data. All that someone has to do is to bring all these data points together, and there is a complete picture available of you.

More than any other form of data, health data is possibly the most sensitive and crucial of all the data about us. It describes us at the building block level – literally the DNA level. It is characterized by several factors that make it particularly vulnerable to misuse and exploitation. First and foremost, health data provides an intimate and comprehensive snapshot our physical and mental well-being. It includes details about medical conditions, treatments, medications, surgeries, and even genetic predispositions. This depth of information can be highly personal and revealing, and its exposure without consent can lead to severe privacy violations.

The benefits of a system like ABHA are evident in terms of convenience and interoperability. But in an economy where people don’t think twice about selling your data to telemarketers; in a society where privacy is seen as secrecy – we have to be mindful of breaches and take them seriously. In a world of sophisticated hackers, where data ends up on the darkweb for sale to the highest bidder – security around health data has to be top class, and continuously evolving. There has to be a certain transparency around measures taken for securing our data, without us being talked down by the Government when we ask what those measures are.

The problem here is not so much about ABHA as much about the attitude of the Government of India when it comes to security measures on our data. Be it Aadhar or CoWin the hubris with which questions around the security of data are answered, needs to be toned down. Government officials and ministers need to remember that it serves the people and is answerable to us. And part of this is answering questions on how secure our data is.