- 04 June | MGP Strategy Series | GS Paper 4 (Ethics) with AIR 7 A.R. Rajah Mohaideen Click Here to register for the session →
- 04 June | GS Advance Program begins from 4th June 2026 | First 2 classes open to all Click Here to register for the event →
- 05 June | MGP Strategy Series | GS Paper 3 Strategy Session with AIR 406 Mannat Luthra Click Here to register for the session
- 06 June | Open Orientation on Essay Guidance Program (EGP 2026) Click Here to register →
- 07 June | Open Orientation for Current Affairs for Mains 2026 Click Here to register →
- 07 June | Sociology Optional Strategy Session with AIR 10 Ujjwal Priyank Click Here to register →
Contents
News: Recently, the National Health Authority (NHA) has initiated a consultation process on the retention of health data by healthcare providers in India. NHA administers the Ayushman Bharat Digital Mission (ABDM).
Why a privacy-centric policy is needed for health data retention plan?
One, health care access is not in good shape in India. Thus, many patients may not think about data factors while choosing healthcare providers in practice.
Two, the SC of India has declared that privacy is a fundamental right and any interference into the right must pass a four-part test: legality; legitimate aim; proportionality, and appropriate safeguards. The mandatory retention of health data is a form of interference with the right to privacy.
Three, NHA is not a sector-wide regulator. Hence, it has no legal basis for formulating guidelines for healthcare providers in general.
Four, the consultation paper has suggested a classification system to retain data. But it exposes individuals to harms arising from over-collection and retention of unnecessary data. Also, a one-size-fits-all approach can also lead to the under-retention of data that is required for research or public policy needs.
Hence, data should be classified based on its use. Health data that is not required for an identified purpose should be anonymized or deleted.
Five, there is a need to balance the benefits and risks involved with health data retention. Health data provides greater convenience, choice, promotes research and innovation. But globally, health data are considered sensitive and improper disclosure can cause significant harm.
Six, according to Indian law, if an individual’s rights are to be curtailed due to anticipated benefits, then those benefits must be clearly defined and identifiable.
What are the challenges associated with health data retention?
First, there are issues with the informed consent of the individual. In India, patients rely on the expertise and advice of doctors. Hence, the idea of informed consent is difficult to apply.
Also, if consent is made necessary for accessing state-provided services, then many people will agree because they do not have any other way to access that care.
Second, the standards for anonymization and methods of anonymization are still developing. Also, anonymization is not the least intrusive solution to safeguarding patients’ rights in all scenarios.
What is the way forward?
First, efforts must be made to minimize the extent of data collected, and it should be stored only for the required amount of time so that the likelihood of any breach can be prohibited.
Second, a use-based classification process will bring the ABDM ecosystem in compliance with the data protection bill which has proposed limitations for collecting, processing, sharing, or retaining data.
Three, the test for retaining data should be clear, and a rigorous process should be followed under the suitable authority.
Four, data should be anonymized if collected for research purposes, unless a specific case is made for keeping personally identifiable information. If neither of these safeguards is applicable, then the data should be deleted.
Source: This post is based on the article “Weighing in on a health data retention plan” published in The Hindu on 7th Feb 2022.
