Last week, the National Health Authority (NHA) set the ambitious target of getting 100 crore people registered for the Ayushman Bharat Health Accounts (ABHA). The ABHA card is a vital component of the government’s flagship health programme, the Ayushman Bharat Digital Mission (ABDM). This 14-digit health ID serves as a secure repository for individuals to consolidate and manage their medical records, including prescriptions, lab reports, and consultation details.
In a world where healthcare is getting increasingly super specialised, and complex, this can be highly advantageous for patients across the board. Health records become portable and can be accessed by doctors anywhere. Carrying piles of files with physical documents, X-rays and blood reports would be eliminated, making life simpler. It is also expected that the ABHA card will increase healthcare efficiency, reduce costs, and empower patients by putting them in control of their data privacy. Also the government envisages that it can be linked to public health programmes and insurance schemes, facilitating targeted interventions and equitable healthcare access.
All in all, the intentions behind ABHA are good and commendable. However, like all things that have do with data, especially sensitive data about us, there have to be questions asked and answered on how secure our data is. This would not be a one-time activity, but an ongoing one. Given the kind of leaks one has seen with regard to Aadhaar data, bank data, CoWIN data, and host of others including shopping sites and credit card sites, we need to demand that our health data be protected better.
Our data tells a lot about us. That is probably why it is so valuable. It tells who ever is looking, and knows how to look, the basics — fundamentally demographic data like your age, race, ethnicity, sex, where you live, how much you earn. That gives us one level of classification. Find all women between 21 and 35 years of age, who live in Mumbai and earn more than Rs50,000 a month could be a prompt that a marketeer would use to focus on a particular section of people for marketing certain products. At the second level is psychographic data. This looks at a person’s activities, interests, values, social status, inclinations, and opinions to form a more nuanced view of the audience.
Beyond this there are other kinds of data that are more confidential. There is data derived from the location services on your phone that tells someone where you went and how much time you spent there. There is your shopping data that looks at what you buy and from where. There is data from platforms such as YouTube, Facebook and Twitter that give more granular information on what you consume, what you watch — what turns you on, and what is a turn off for you. Today, both the tools and the technologies exist to micro target the audience at an individual level. This means that the way you are targeted with messaging may be very different from the way the next person in your own household is targeted. As if all this was not enough, there is your health data. All that someone has to do is to bring all these data points together and there is a complete picture available of you.
More than any other form of data, health data is possibly the most sensitive and crucial of all the data about us. It describes us at the building block level — literally the DNA level. It is characterised by several factors that make it particularly vulnerable to misuse and exploitation. First and foremost, health data provides an intimate and comprehensive snapshot our physical and mental wellbeing. It includes details about medical conditions, treatments, medications, surgeries, and even genetic predispositions. This depth of information can be highly personal and revealing, and its exposure without consent can lead to severe privacy violations.
The benefits of a system like ABHA are evident in terms of convenience and interoperability. But in an economy where people don’t think twice about selling your data to telemarketers, in a society where privacy is seen as secrecy, we have to be mindful of breaches and take them seriously. In a world of sophisticated hackers, where data ends up on the darkweb for sale to the highest bidder, security around health data has to be top class and continuously evolving. There has to be a certain transparency around measures taken for securing our data, without us being talked down by the government when we ask what those measures are.
The problem here is not so much about ABHA as much about the attitude of the government of India when it comes to security measures on our data. Be it Aadhaar or CoWIN, the hubris with which questions around the security of data are answered needs to be toned down. Government officials and ministers need to remember that they serve the people and are answerable to us. Part of this is answering questions on how secure our data is.
The writer works at the intersection of digital content, technology, and audiences. She is a writer, columnist, visiting faculty, and filmmaker