A fortnight after prime minister Narendra Modi announced the National Digital Health Mission, the government has put health data rules in public, which relate to the handling of personal and non-personal or anonymised health records. The policy signals a refreshing shift in the government’s approach as, this time around, the government has not emphasised on iron-grip control by it. The system instead gives control to users (or data principals) and follows a liberal path as far as data storage is concerned. The data principal also has the choice to request deletion of all data relating to her and opt-out of the service. This freedom is also available to health practitioners and health facilities. Both entities will also be issued with unique IDs with a choice to opt-out at any point in time.
The policy grants users access to a dashboard that will show who is using the data. The dashboard will also grant the user the added benefit of being able to allow access to only specific content. Although it is not clear how the government will achieve this, if implemented, it would mean that a person can share only her dental records with one party while keeping the rest of the data out of bounds. The rules stipulate that data fiduciaries will also require the data principal’s consent to store her data beyond a certain period, and will need to specify the purpose of storage and period for which data will be retained. The game-changer is the yearly audit system that the policy mandates to check for cybersecurity lapses. However, all this will be for nought, unless the government comes out with a data protection bill.