Who owns your health data? Is Aadhaar jeopardizing personal information?
"Electronic Health Data Privacy, Confidentiality and Privacy in India" that will permit collecting Aadhaar numbers associated with medical records has opened the debate of who will own this data. The ownership of the health data would mean control over it hence it becomes intrinsic to know who owns it. While some clamour it will improve health, other see it as data breach.
Government asks NLS to draft policy linking health and Aadhaar
In February 2016, National Law School experts were assigned the task to draft a law ensuring the privacy of health data when linked with Aadhaar. Since then, the University experts have submitted 2 revised drafts of the proposed law. In October 2016, the Ministry of Health and Family Affairs officials began collecting Aadhaar details of those taking treatment at government medical colleges and hospitals.
Can Aadhaar improve health?
Linking of Aadhaar with the patient's health data would expedite the process of "interoperability" in healthcare. This would mean patients, their families and doctors can seamlessly access patient information which would save time and money, and the appropriate care will be provided quickly. This can also help in fighting epidemics in time. As a policy, it can also conserve valuable funds.
Clamour that linking health and Aadhaar an invasion of privacy
Those against the policy maintain that if patients are handing over their data, they should have a "right to know what is being done with it". Others believe this to be an invasion of privacy and outrage as this gives autonomy to force patients to give blanket permission for control of the medical data. Moreover, it was government's responsibility to make people aware.
The issue of de-linking and anonymizing of data
Another debate was if the data should be de-linked or completely anonymized. Once de-linked the data should become available to the government. However, the government wants anonymization of data that destroys "identifiable pieces of information permanently". De-identifying can be reversed and doctors can access patient records when they return but anonymizing doesn't allow the data to be traced back.
US and European laws protecting health data
The General Data Protection Regulation of the European Commission does not let individuals own data but gives them "right to the protection of personal data". In the US under the Health Insurance Portability and Accountability Act, 1996, data can be accessed only after patient authorization.
