Managing IDs in NHD ecosystem

(This is a continuation of the earlier article)

Presently most of the Government’s schemes use the Aadhaar ID as the identity determinant of the citizens. It is the attempt to link Aadhaar ID to property registrations to prevent benami properties which triggered the big Privacy movement in India which lead to the Puttaswamy judgement. At the same time, Aadhaar IDs have been subjected to many security breach incidents to the extent that the dark web may be having the Aadhaar information of a very large number of Indian citizens. Also when the Aadhaar ID were first issued, the security systems were so weak that many fake Aadhaar IDs have been issued because the enrollment was done by agents. There have been instances of enrollment laptops being stolen and probably every enrolling agent kept a copy of his work. As a result Aadhaar information is no longer the secret it is supposed to be. If any privacy leak is possible through a linkage to Aadhaar ID, perhaps it has already occurred.

The Government is therefore under a dilemma on whether they should use the same Aadhaar ID as the identity of the individuals in the NHD system. Under HIPAA US government used the social security number for individuals and tax registration numbers for covered entities to create the HIPAA data base. But NHD has decided to issue new IDs to the stakeholders in the NHD ecosystem.

Accordingly, several unique IDs are being suggested to be created to identify the users of the NHD ecosystem.

The IDs are

  1. Health ID to every individual user of the system. All consents would be linked to this Health ID. It is stated that the participation in the system is voluntary so that Health ID will only be unique as long as the individual is using the system and may be cancelled at his option. As a result the person may seek re-allocation of the ID if he opts in at a later time. Aadhaar number may be used for registration but the allocation of Health ID is not excluded for persons not having Aadhaar ID. As a result this data base will be independent of the Aadhaar data base. The ID will be issued by the Data Fiduciary who is registered with the NHA similar to the agents of UIDAI who issued the original Aadhaar IDs and could be a point of security weakness in the days to come.
  2. Health Practitioner ID to every doctor to permit him to work under the system. This will also provide an opportunity to opt out . Authorized registrars would be appointed for the purpose of registration.
  3. Health Facility ID to every health care facility which could be hospitals, pharmacies, diagnostic centers etc. The procedure for registering the health facility ID would be provided in due course.

Some of the states are also creating “Family IDs” and it may be linked to the Health IDs under this project. These two IDs will soon be added to the Aadhaar ID and PAN card for the individuals besides the Voter ID, Senior Citizen ID etc creating a host of Government IDs which an individual need to maintain.

The registration, de-registration as well as re-registration  will result in submission of personal information, need to delete the same and re-enter the same, maintaining the accuracy of the information, avoiding fake information being uploaded are issues that need to be addressed.

In the scheme now envisaged there is scope for fraudulent double registrations particularly if Aadhaar is not linked to the Health IDs. I hope this would be properly addressed during implementation.

(To Be continued..)

Naavi

All Articles in the series:

1.National Digital health mission shows the way… Be Ready before PDPA becomes effective

2.NDHM is a trend setter… Get started early on the Privacy Protection journey

3.Consent Management under NDHM

4. NDHM-Health Management policy Objective need not be linked to ISO standard

5.Managing IDs in NHD ecosystem

6. Data Fiduciaries under NDHM



About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.