National Health Stack: An Architecture Of Doom For Public, Data For Private Profit
Recently, in a book on how automation wrecked the welfare system of the United States of America, author and academic Virginia Eubanks cites the case of — as she describes during this interview — “Omega Young, who was a 50-year-old African-American mom from Evansville, Indiana. She missed a phone appointment to re-certify for Medicaid because she was in the hospital suffering from terminal ovarian cancer. She did call the office ahead of time, to tell them she could make the time of the telephone appointment. But she was cut off anyway for “failure to cooperate in establishing eligibility.”She was unable to afford the medications, she had trouble paying rent, she lost access to free transportation to medical appointments. And though her family wouldn't hold the state responsible for her death, she did succumb to cancer on March 1, 2009. The next day, on March 2, she won an appeal for wrongful termination of benefits and all of her benefits were restored.”
A similar though far worse scenario in India — armed with Aadhaar and newfangled FinTech (financial technology) tools being forced into the social sectors and welfare apparatus — is not only not far away, as Newsclickhad pointed out earlier, but the architecture seems a little bit more delineated now that the NITI Aayog has released the consultation draft for the National Health Stack.
So what is the National Health Stack?
To begin with, the Stack will see the creation of a digitised and centralised database of the health records for all citizens of India that can be accessed at any point using the internet (thanks to cloud-based services).
The Stack will store both personal health records and service provider records. In the words of the NITI Aayog, the Stack seeks “to streamline the health information and facilitate effective management of the same.” It will “create a unified health identity of citizens - as they navigate across services across levels of care, i.e. Primary, Secondary and Tertiary and also across Public and Private.”
This can be understood as constructing a linear history of every citizen’s interactions with the healthcare institutions in the country — in other words, recreating a citizen’s medical history.
Indeed, there is merit in digitising health records of the people and ensuring their easy accessibility/availability to both the service providers (for example, any physician you may be visiting anywhere in the country) and the patients themselves. In fact, this streamlining and ease is much needed to improve efficiency, transparency and access. Such wealth of data can be used to further medical research.
But the NHS — not to be confused with the NHS or the National Health Service of the United Kingdom, which is a publicly funded and universal healthcare system, as also the best in the world, especially since the purpose appears to be quite the opposite — is much more than just a digital database.
One look at the fine print reveals that the Stack is designed primarily to cater to and expand the medical market, and not exactly to address the pressing medical needs of the people.
In fact, when the draft mentions that “the scope of the National Health Stack includes (and is not restricted) to the following subjects,” the first point is “Induction of Private Hospitals and Private Practitioners into the Primary and Secondary healthcare ecosystem.”
Significantly, the National Health Stack is designed and developed on the same lines as the Aadhaar-based India Stack — a controversial FinTech system for delivery of services, such as digital payments. But we shall return to it a bit later.
The Stack is envisaged as providing the “digital backbone” for the Modi government’s much-vaunted Ayushman Bharat scheme — which aims to provide health insurance for hospitalisation up to Rs 5 lakh per year per family for more than 10 crore families, besides setting up 1.5 lakh ‘health and wellness centres’ for primary care.
As has already been pointed out before, the Ayushman Bharat scheme is not the answer to India’s healthcare needs — especially the insurance part, named and renamed as the Ayushman Bharat-National Health Protection Mission (AB-NHPM) or the Pradhan Mantri-Rashtriya Swasthya Suraksha Mission (PM-RSSM).
But for now, let us examine its “digital backbone” — what it’s made of, and what are likely to be its functions.
According to the NITI Aayog’s consultation draft on “Strategy and Approach”, the National Health Stack will have four key components:
i) National Health Electronic Registries:“to create a single source of truth for and manage master health data of the nation”, to quote from the draft.
These registries will form “the base layer of the Stack”, but more on that in a bit.
ii)A Coverage and Claims Platform: the digital structure to “support” the AB-NHPS or the PM-RSSM insurance cover scheme, but also to deal with “any government-funded healthcare programs”.
It will also have mechanisms for “robust fraud detection” — which ought to have us worried, going by the past experience with Aadhaar — but more on that in a bit.
iii) A Federated Personal Health Records (PHR) Framework: to manage and facilitate access to this wealth of data in a “federated” manner — which means “multiple entities (e.g., hospital systems, health-technology companies, etc.) will manage health data about users.”
iv) A National Health Analytics Platform/Framework: “to bring a holistic view combining information on multiple health initiatives and feed into smart policy making, for instance, through improved predictive analytics.”
The Stack will also have “horizontal” components —such as a “unique Digital Health ID, Health Data Dictionaries and Supply Chain Management for Drugs, payment gateways etc shared across all health programs.”
How will the National Health Stack work?
The design of the NHS is based on that of the Aadhaar-based India Stack, which provides certain digital financial services, such as payments, in a “presence-less, paperless, and cashless” way.
The National Health Stack “utilizes various components of the India Stack.” As the consultation draft adds:
“Designed to leverage India Stack, subsequent data analysis on NHS will not only allow policy makers to experiment with policies, detect fraud in health insurance, measure outcomes and move towards smart policy making, it will also engage market players (NGOs, researchers, watchdog organizations) to innovate and build relevant services on top of the platform and fill the gaps.”
What will enable the National Health Stack to “engage market players” is the open Application Programme Interfaces or APIs.
Just like India Stack, the NHS will be a set of open APIs.
An API makes it possible to transfer information between programmes, allowing different applications to communicate with each other.
An open API means the software application or web service can be accessed and used by developers.
This means developers and market players will be able to build services using all the data in the electronic health registries — which will form the “base” of the Stack.
This base layer of data “will be utilized by all programs which are built on top of the National Health Stack,” as the draft says.
As this explanatory article on APIs says, “On the Web, APIs make it possible for big services like Google Maps or Facebook to let other apps “piggyback” on their offerings. Think about the way Yelp, for instance, displays nearby restaurants on a Google Map in its app, or the way some video games now let players chat, post high scores and invite friends to play via Facebook, right there in the middle of a game.”
To be sure, this allowance to developers and apps to “piggyback” is not a good thing.
As the article cited above points out, “Twitter, for instance, notoriously limited third-party applications’ use of its APIs just over a year ago—a move that had the practical effect of killing off alternative Twitter clients and driving users to Twitter’s own site and apps, where Twitter can “monetize” them by displaying ads … er, promoted tweets. Twitter insisted the move was necessary to deliver a “unified” Twitter experience.”
As this article in The Caravan — talking about how private companies are using and benefitting from the Aadhaar-based data on India Stack — says, “In effect, India Stack’s APIs are building blocks in the software architecture required by many third-party entities, whether public or private, to use Aadhaar.”
In the National Health Stack too, it is all about the APIs.
For example, consider the stated approach to ‘security’ of the Personal Health Records (PHR).
The Personal Health Records refer to an “integrated view of all data related to an individual across various health providers, comprising of medical history, medication and allergies, immunization status, laboratory test results, radiology images, vital signs, personal stats such as age and weight, demographics and billing information, and multiple health apps.”
Because this data is “sensitive”, says the draft, the PHR would be “maintained in a secure and private environment, with the individual determining rights of access.”
But individuals can exercise the “rights of access” only through entities to be known as Health Data Fiduciaries (Trustees), and the process shall again be driven by open APIs.
These Fiduciaries shall “facilitate consent-driven interaction” between the entities generating the health data and the entities that want to “consume the health records for delivering better services to the individual.”
“User will be able to share their data via Health Data Fiduciaries (that will generate and manage consent) with data requestors,” says the draft.
These “data requesters” can be any private entity from insurance firms to medical technology companies.
The draft does not give more information on who or what kind of entities these Health Data Fiduciaries shall be.
But the sharing of the health data “will be achieved using standardized and open APIs through which these entities will be able to communicate with each other and with stakeholder systems.”
The draft says that “such an approach to managing and sharing data has many advantages from a scalability and flexibility perspective” —but it does not raise any concern regarding the privacy and the potential uses of this treasure-trove of health data by private entities that are not concerned about people’s health but only looking for profits.
Also, as noted by this article in Scroll on the issues surrounding NHS data, the consultation draft says that “all service provider electronic health records and stand-alone personal health records – including wearables, health devices and health apps – should have APIs compatible to the National Health Stack personal health records.”
Indeed, “having industry participation seems to be crucial to the Niti Aayog’s vision of the health stack,” as the Scrollpiece goes on.
The article talks about how at “a conference in Bengaluru in June, Alok Kumar, advisor to the Niti Aayog, made a presentation about a standardised digital health system saying that they will be owned and operated by the government but will have open data that can be accessed by people who want to build on the data using open API software.”
Although the conference was organised by the Public Health Foundation of India, says Scroll,“but most of the panelists and audience members were from medical technology companies – medical devices makers, telemedicine service providers, professional care service providers, and digital healthcare systems providers.”
Dangerous Designs For People, Their Data
Now, we all know how extremely sensitive health data is. If a person’s health records and medical history is made public, it can lead to discrimination as well as have other adverse social and economic impacts. For example, insurers might deny you claims/benefits and/or increase the premiums, or employers may discriminate against you. Also, public knowledge of medical conditions like being HIV positive can bring upon social stigma, ostracization, and cause mental and emotional trauma.
And linking of personal health data with the Aadhaar data, and letting developers and marketers use that data to “build services” can only spell doom.
There have been reports of HIV positive people dropping out of antiretroviral therapy under a NACO programme after they were asked to submit their Aadhaar details fearing social stigma.
There are enough reports of how Aadhaar has already become a barrier to accessing medical services, like the cases of women forced to deliver babies outside the hospital because they were denied admission for lack of Aadhaar. Last year, Aadhaar was made mandatory for cash benefits under the TB control programme, and there were reports of how patients were still waiting for compensation.
Already, there are enough reports of how Aadhaar has been wrecking welfare, as the poor are deniedfood and pensions due to the myriad problems associated with Aadhaar-Based Biometric Authentication (made mandatory at the time of delivery of the welfare scheme) such as fingerprints not matching, machines not working, etc. or for not having Aadhaar altogether.
Then there is the fact that a public healthcare infrastructure must provide care to not only documented citizens, but to all those who need it — such as refugees, migrants, etc. These sections, who are sometimes among the most vulnerable and neediest, will be pushed out of the system in such a scenario.
But among the most worrying stated purposes of the NHS is to “detect fraud in health insurance”.
The Devastations of ‘Fraud Detection’
If you’ve been following the news over the past couple of years, you would have surely heard of the PM or others from the BJP-led NDA regime talking about “ghost” beneficiaries of India’s welfare schemes.
As the Modi government made Aadhaar mandatory for all kinds of schemes and services for the poor, there was talk of how technology and Aadhaar had weeded out lakhs and lakhs of “ghost” or fake beneficiaries, thereby saving huge amounts of money for the government exchequer.
These claims have been proven false again and again, and it was even found that the Aadhaar-issuing Unique Identification Authority of India (UIDAI) had been fudging numbers, apparently even before the Supreme Court. Meanwhile, people have been starving to death in the country as people have been denied ration and pension due to the Aadhaar-related problems.
And now that the government is putting forward insurance schemes under Ayushman Bharat as the answer to the health needs of 10 crore of our poorest people — which, to reiterate,is not only not the answer but is attempting the wrong question itself — this digital ability to “detect fraud in health insurance” is a terrifying omen.
The digital ‘Coverage and Claims Platform’ to deal with the insurance schemes and other government-funded programmes is a digital platform with three sub-components —a policy engine, a claims engine, and a fraud management service.
“The coverage and claims platform provides the building blocks required to implement any large-scale health insurance program, in particular, any government-funded healthcare programs,” says the NITI Aayog draft.
“This platform has the transformative vision of enabling both public and private actors to implement insurance schemes in an automated, data-driven manner through open APIs.”
Please pay attention to the adjectives — “automated, data-driven” —used to describe how the insurance coverage and claims platform will work.
This brings us back to the devastating denials of welfare benefits to the poor described by Virginia Eubanks in “Automating Inequality: How High-Tech Tools Profile, Police, and Punish the Poor.” The book talks about how automated systems — including predictive statistical tools and algorithmic decision-making — for gauging eligibility for welfare programmes has destroyed lives and intensified inequality in the US.
One can only imagine what will happen in India once the millions of poorest, most vulnerable sections of people — who would have been left to insurance schemes instead of being provided with a robust and affordable public health and medical infrastructure — would need to go through “automated, data-driven” digital platforms to claim the insurance cover while being subjected to “robust fraud detection”.
It must be noted that the NITI Aayog thinks it mandatory to insert fraud detection mechanisms in only that part of the NHS that deals with insurance and “any government-funded healthcare programs” — but not in the rest of its architecture that allows and even encourages all and sundry market players to use people’s personal health data and “build services”, even though the threat of misuse and fraudulence by the profiteering private fims is disproportionately higher than poor people making claims.
Indeed, as NITI Aayog says, the “innovativeness” of the proposed NHS design is that it is “a strong digital spine built with a deep understanding of the incentive structures of the system.” The government surely understands the “incentive structures of the system”.
And NITI Aayog member (health) Vinod K Paul seems to know what he’s talking about when he describes — in the beginning of the consultation paper — the health sector as “a sector that is poised for rapid, disruptive changes and unforeseen twists.”
Get the latest reports & analysis with people's perspective on Protests, movements & deep analytical videos, discussions of the current affairs in your Telegram app. Subscribe to NewsClick's Telegram channel & get Real-Time updates on stories, as they get published on our website.