Tamil Nadu announces Health ID for people, experts urge caution

Be it government or private entities, whenever public data is collected it is vulnerable to breach and raise privacy concerns, says the President of Free Software Foundation Tamil Nadu (FSFTN).
A woman health professional wearing PPE and holding injection.
A woman health professional wearing PPE and holding injection.
Written by:

The Tamil Nadu government is set to roll out a Unique Health Identification Card (UHID) for every person in the state. The government says this will enable people to better access the health care and avail the medical schemes currently in operation by the government. The announcement about the same was made during the Assembly session by the state Health Minister M Subramanian on Thursday, September 2.

The Minister said in the assembly, “Through the UHID, the public can access healthcare and the government can prioritise a particular healthcare scheme as per requirement and make it accessible to the public. Hence, we can make the healthcare in the state more effective by rolling out a digital health registry for each beneficiary.”

Further the senior health officials of the state had also said that UHID and the data collected through them can prove vital while proposing future health schemes in the state.

Meanwhile, it is to be noted that the state government had already implemented the UHID in Krishnagiri district as a pilot project. And in the project, the government added details of patients into a digital health registry. Through this, the doctors and nurses can procure details of the patients in times of need, while the beneficiaries too can choose suitable health schemes.

Though the Tamil Nadu government has highlighted the importance and benefits of the scheme, experts on the other hand have cautioned that collecting such data involves concerns of privacy and leaks.

In January, concerns of privacy were raised when the Union government and the Puducherry School Education Department through a circular urged all students and their families to mandatorily enroll for Health IDs. The circular directed the parents in Puducherry to procure the Health ID by filling in an Aadhar card or contact number in the government website. It is unclear whether Tamil Nadu's scheme will be a mandatory one.

Speaking to TNM, Prasanna Venkadesh, President of Free Software Foundation Tamil Nadu (FSFTN) said, “Be it government or private entity, whenever public data is collected it is vulnerable to breach and raise privacy concerns.”

Prasanna says when there is a database, there is also data breach. “Data breach can happen if outdated software is used, data leak due to poor set up, loopholes in the system to procure data among other reasons. Hence all these need to be strengthened.”

In July 2021, a cyber security firm had alleged that the data of 3.1 crore people on the Tamil Nadu Civil Supplies and Consumer Protection Department, which is the public distribution system data, had been breached and was on sale on a hacker forum.

“The government can make tall promises of data collection schemes, it should ensure legal and technical protections to the citizens. It should explain the scope of data collection and best security systems in place. The Indian government should bring General Data Protection Regulation (GDPR) like Act before implementing more digital registry schemes. However, this policy in India is still in draft manner with many loopholes,” added Prasanna.

Srikanth L, a technology researcher said, “Every interaction the patient has with the health system will be recorded creating a permanent data trail."

“If a person is availing counselling for mental health or any other medical assistance- that they are unwilling to reveal- might also get recorded as per the proposed UHID based health records. Hence in the fear of data getting recorded, there are chances the people might withdraw from such medical assistance,”says Srikanth.

Speaking about the government rolling out policies based on data, Srikanth said that taking policy decisions on medicine and health sectors solely based on data might overlook many other underlying issues.

“The government should put a privacy law in place to restrict data abuse along with detailing the extent of personal data collection. Needless to say, it is imperative to have detailed information about the project in the public domain and have safeguard mechanisms, including cybersecurity protections against leaks at the earliest to build public confidence, given the recent state wide PDS data breach ”added Srikanth.

Related Stories

No stories found.
The News Minute