This is an open-access article distributed under the terms of the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work, first published in the Journal of Medical Internet Research, is properly cited. The complete bibliographic information, a link to the original publication on http://www.jmir.org/, as well as this copyright and license information must be included.
In February 2018, the Government of India announced a massive public health insurance scheme extending coverage to 500 million citizens, in effect making it the world’s largest insurance program. To meet this target, the government will rely on technology to effectively scale services, monitor quality, and ensure accountability. While India has seen great strides in informational technology development and outsourcing, cellular phone penetration, cloud computing, and financial technology, the digital health ecosystem is in its nascent stages and has been waiting for a catalyst to seed the system. This National Health Protection Scheme is expected to provide just this impetus for widespread adoption. However, health data in India are mostly not digitized. In the few instances that they are, the data are not standardized, not interoperable, and not readily accessible to clinicians, researchers, or policymakers. While such barriers to easy health information exchange are hardly unique to India, the greenfield nature of India’s digital health infrastructure presents an excellent opportunity to avoid the pitfalls of complex, restrictive, digital health systems that have evolved elsewhere. We propose here a federated, patient-centric, application programming interface (API)–enabled health information ecosystem that leverages India’s near-universal mobile phone penetration, universal availability of unique ID systems, and evolving privacy and data protection laws. It builds on global best practices and promotes the adoption of human-centered design principles, data minimization, and open standard APIs. The recommendations are the result of 18 months of deliberations with multiple stakeholders in India and the United States, including from academia, industry, and government.
India’s population of over 1.3 billion is served by over 2.5 million health care workers of varying qualifications. The vast majority of clinical interactions are not digitized. In the few instances that they are, the data are not standardized, not interoperable, and not readily accessible to clinicians, researchers, or policy makers [
In February 2018, the Government of India announced a massive public health insurance program under the National Health Protection Scheme (NHPS), offering Indian Rs 500,000 (approximately US $ 7,600) in annual coverage to 100 million households, or nearly 500 million citizens [
We propose here a federated, patient-centric, application programming interface (API)–enabled health information ecosystem that leverages India’s near-universal mobile phone penetration, universal availability of unique identification (ID) systems, and evolving privacy and data protection laws. The arguments laid out here are the result of an extended set of deliberations that began at an interdisciplinary seminar held at Harvard in September 2016 and have since resulted in potential pathways for prototype development in India.
Electronic Health Records (EHRs) have traditionally been closed systems, sometimes incapable of sharing access across platforms within the same institution, and almost never across vendors at independent institutions. While more systems now allow patients access to their health-related data, few EHRs give patients control over how their data will move across institutions or be shared between providers. Despite significant legislation, a large portion of health data collected today remains inaccessible due to legitimate concerns over confidentiality and privacy, risk-averse hospital policies, prohibitive costs associated with change, and inertia [
While health data have been typically associated with information captured in EHRs, there is growing recognition that data are generated at multiple nodes along the delivery system. For example, at the pharmacist, at the stand-alone imaging facility, at the laboratory, at the general practitioner’s office, at the hospital, at the insurance company, and now, even on one’s wrist [
The concept of a personal health record (PHR) has long been floated as one potential solution to disjointed health care data [
In recent years, additional individual and population health data have been generated by wellness gadgets (eg, Fitbit), Web-based diagnostic devices (eg, AliveCor), patient-facing apps (eg, Stanford Healthcare), provider-facing apps (eg, Practo), or researcher-facing apps (like Apple’s Research Kit). These new apps and gadgets create additional silos of health data. In fact, of the 260,000 mHealth apps that existed on the last count, 90% were free—their financial viability predicated on their ability to monetize the data they collect [
The call for data integration, universal compatibility, and portability has come from many quarters. There is no shortage of standards, but few are universally applied. There are standards for nomenclature and terminology, structural and semantic standards, and open source technology platforms that promote secure health information exchange [
There is now sufficient recognition that restricting health data access is detrimental to patient care, provider satisfaction, and health care costs [
Health is a “state” subject in India, managed and funded by state governments, with part-funding from the Center (ie, the federal government in Delhi). Consequently, there is wide variation in quality of care within and among states [
Conversations about health information exchange in India must acknowledge these realities, as well as the near absence of digital health information in most clinical transactions. The private sector is mostly not digitized except for major diagnostic laboratory and radiology franchises, and some private hospital networks [
In the public sector, data have been collected through various overlapping, regional or national mandates, or dictated by the needs of sponsoring philanthropic foundations [
At the primary care level, community health workers and clinical staff log data in paper-based notebooks, tablets, excel sheets, and a variety of software applications that differ from state to state. The validity of much of these data is questionable [
Health data are also captured at hundreds of research institutions across the country, in paper files, personal flash drives, hard drives, and sometimes on institutional servers. There is a general consensus among local researchers that much of these data are never analyzed, and they seldom change clinical practice or care delivery [
Data do not travel across jurisdictions. For example, the Indian Council of Medical Research, India’s leading body for biomedical research has limited access to the data generated across its various collaborating institutions, and almost none to data generated in private institutions. Critical clinical data with significant individual and public health consequence, like information on compliance and antibiotic resistance, are not portable across institutions. Also, the government’s Revised National TB Control Program cannot follow patients or monitor their care once they choose to seek treatment in the private sector. Even if private sector entities were willing to share data, there are no mechanisms to do so. The lack of interoperability of such critical data has a profoundly negative consequences on existing disease surveillance systems [
There is growing recognition among the public sector that all new digitization efforts must conform to prescribed standards. The government adopted Systematized Nomenclature of Medicine (SNOMED) and is making it available free of cost to health systems across India [
Until 2017, the lack of a significant insurance player in the market precluded piggybacking EHR adoption on the billing requirements of payers and providers. Deliberations with critical stakeholders in India facilitated by the authors through 2016 and 2017 focused on the three nodes in the system that were most digitized, namely, laboratories, pharmacies and radiology reports. Still, mechanisms for change were not clear. The 2018 NHPS, with its urgent need for a technological backbone, changes all that—it has potential to finally develop this vision for universal HIE in India.
This approach is, however, not without its dangers. The EHRs in the United States have evolved as very effective billing instruments and provided medicolegal safeguards, but basic patient and provider needs like portability and access were an afterthought and required prohibitively expensive retrofitting. Systems work best, and compliance is highest, when the EHRs can be customized to local workflows, and when they can be modified or upgraded with relative ease and at low costs. Hospital mergers in the United States have resulted in near-uniform systems across vastly different enterprises, changes in which require universal consensus across the ecosystem and entail prohibitive fees charged by EHR corporations and additional re-training costs.
While the NHPS may indeed be the much-awaited catalyst for jumpstarting the digital health ecosystem in India, mandating a one-size-fits-all nationwide billing platform will do irreparable and costly damage—costs the Indian health care system cannot afford to bear [
Between August 2013 and December 2016, India’s MoHFW released a set of recommendations for electronic health records that outlined vital components of a standardized health care information ecosystem, and a common language for the organization of medical terminology and data [
The prototype outlined below argues against the use of a centralized repository of health data. Instead, we submit that the way forward must be an API–enabled, blockchain-based information network in which the personal health record underpins a system where free, real-time flow of data is predicated on consent and authorized access. India is uniquely positioned to build this ecosystem armed with a universal identity system, experience with digitization across multiple other industries, and a sophisticated domestic IT workforce.
We describe below the technical and legal basis for the design proposed.
Our proposed model calls for a federated architecture that acknowledges current and future health information flow; for example, between providers and patients, wearables and EHRs, consumers and pharmacies, physicians and laboratories, or institutions and payers. Collating all data in a national repository for 1.3 billion Indians will prove to be prohibitively expensive, redundant, and wasteful. It would also offer a single point of failure where security breaches would result in colossal data compromise. A federated system would allow data to sit at the source and be recalled on demand.
An API–enabled federated health data architecture would function on blockchain principles as an “open, distributed ledger that can record transactions between two parties efficiently and in a verifiable and permanent way” [
An authorized physician—even a virtual “teledoc”—would be able to call for her patient’s entire record, either through pre-authorization, real-time authentication, or waivers in case of emergencies [
Federated Health Information Exchange Schema: The personal health record (PHR) would access data from existing and novel sources, by preauthorization, waiver or legal mandate. EHR: electronic health record; MOH: Ministry of Health.
A customizable personal health record (PHR) interface. Through user-driven consent and control, third-party plug-ins (apps) can access the PHR via standard open application programming interfaces (APIs).
As long as the user is “recognized” by the system, and therefore has pre-authorization to query particular types of data, access should be easy and near instantaneous. Essentially, the “consent” process is separated in time and place from data flow, allowing timely, secure, exchange of relevant health data between nodes. A federated and distributed network so constructed would obviate the need for constructing large national or regional databases of the patient’s “entire” medical record. Opportunistic synchronization and personal device-based back-up may reasonably mitigate the effect of unreliable electricity and connectivity. Moreover, all these inquiries and interactions should generate audit trails to prevent misuse.
Smartphone penetration in India is expected to reach about 36% of all mobile phone users [
While seemingly simple in architecture, such a system is predicated on standardization and widespread adoption. We next discuss how there is sufficient precedence and local capacity to favor such sweeping change.
Prima facie, access to the federated architecture would require a universal identifier. All data would be tagged with that unique identifier no matter where the patient interfaced with the medical system. Further, any entity contributing to or extracting from the system would need a unique institution and personal identity tag.
While usually a daunting system to create, the near universal penetration of India’s unique biometric identification program, Aadhaar, offers a solution to this challenge. Aadhaar has been built around the principles of privacy by design, and data minimization, that are particularly relevant in security-sensitive applications like health care. Administered by the Unique Identification Authority of India, the system is actively used today for the central government's direct benefit transfers and subsidies programs and has also been used by several banks and telecom operators. By 2017 over a billion Indian residents were enrolled in Aadhaar, making it the most widely deployed single ID system anywhere in the world.
This astonishing penetration notwithstanding, mandating the linkage of public services to Aadhaar has been problematic, and a subject of constitutional challenges before the Supreme Court, with legitimate concerns of misuse and state overreach [
The use of APIs would underpin the proposed federated architecture. An API is a set of routines, protocols, and tools built into a software application that enables it to communicate easily with other applications. APIs provide the means to build interoperable software and data exchange services. APIs are already behind the seamless integration from which we benefit every day. They allow Instagram to access the camera on our phones, agnostic to the maker of the device; or allow WhatsApp to access our phone directory (“contact lists”); or a taxi app to use Google maps. Industries like banking, finance, and social media have already successfully tapped into the explosive growth of software applications by adopting API-based solutions [
India’s own experience with wide-scale API adoption in the financial technology (eg, fin-tech) sector has been regarded as hugely successful: The Unified Payments Interface, rolled out in 2016, has demonstrated both the feasibility and the advantages of adopting an API-based ecosystem. Aadhar spurred a range of nationwide API-based IT solutions, collectively referred to as IndiaStack [
The Digital Locker is another successful application that provides a cloud-based storage service to all residents that authorized users can access. Registered Digital Locker organizations can push (or retrieve) electronic copies of documents and certificates (eg, driving license, voter ID, school certificates) directly into the lockers of Indian citizens, once again making credentialing and verification processes near-instantaneous. As of January 2018, nearly 2 billion digital documents have been issued through the Digital Locker API [
The successful and explosive use of mobile financial services notwithstanding, user-controlled dataflow through the federated network assumes some degree of digital literacy and understanding the ramifications of consent, secondary data use, artificial intelligence algorithms, and so on. Until such time that the Indian populace is assumed to have such knowledge, concomitant local laws will need to require that default data access protects foremost, the patient. We discuss the relevant existing and evolving Indian legal standards in subsequent sections.
Globally, the health care industry has begun embracing API-based exchange. Open Medical Record System, and platforms like SMART Health IT, developed at Boston Children’s Hospital, have long pursued health data ecosystems anchored in open standard APIs [
Successful interoperability will rely on widely adopted standardization in data storage and retrieval. Systematized Nomenclature of Medicine-Clinical Terms (SNOMED-CT), Logical Observation Identifiers Names and Codes (LOINC), and RxNorm, a standardizing nomenclature for a medication that can interpret varying vocabulary used by pharmacy and drug interaction software, are increasingly used globally. Health Level 7 (HL7) enables health records and exchanges to be built with typical architecture and structure. Fast Healthcare Interoperability Resources (FHIR), building off HL7 standards, provides data formats and resources for building APIs for facilitating exchange. Project Argonaut, for example, a consortium involving governmental, private and academic health IT leaders, has incorporated these standards to begin work on supporting the uptake of APIs and including them in “meaningful use” regulation [
The architects of India’s digital health infrastructure, while being compliant with global standards, may consider creating a series of “minimum datasets” for standardization and interoperability. In this article, the use of the term
It is imperative that early prototypes pay critical attention to the user experience. Attempts at EHR adoption in India have failed to date due to the untenable combination of very high patient volume and poor usability. Once again, an API–enabled system will allow providers and institutions to select products that are highly customized to the local context and workflow [
Traditional privacy principles have been articulated in the Organization for Economic Cooperation and Development guidelines first published in the 1980s, revised last in 2013, the European Directive 95/46/EC, and several pieces of national legislation. These principles have come under increasing scrutiny with the power of big data analytics to combine information from discreet datasets. The EU General Data Protection Regulation (GDPR), considered one of the most stringent of data protection laws came into effect on May 25, 2018. It adopts a rights-based framework, placing the individual at the center of the law. In the United States, while the public sector is mostly governed by the Fair Information Practice Principles and related acts, data flow in the private sector is primarily regulated by notice and consent and overseen mostly by the Federal Trade Commission.
As India’s planners imagine its new technologically powered health data ecosystem, hard questions need to be answered. For example, what risks do we pose for individuals and populations by allowing such seamless data travel? Who owns the data? Can such data be sold? If yes, does the patient have a financial claim, even when data are de-identified? What protection measures need to be put in place? What remedy does the patient have? What legal risks do patients, providers, scientists, and governments expose themselves or each other to? Are the technologies for such secure, encrypted, failsafe ecosystems available? What can we learn from other industries? Why have previous attempts failed?
Emerging economies often lack dedicated privacy laws, relying instead on a patchwork of consumer protection laws, telecommunications statutes, human rights provisions and other measures to tackle data breaches, privacy violations, and constitutionally protected rights to equal treatment. However, as government welfare and benefits are increasingly delivered through online platforms on the backs of newly digitized databases, there is a need to ramp up the legal infrastructure in parallel [
Data mining of de-identified information can now reveal very sensitive data [
Societal expectations of privacy can also ebb and flow, and the laws need to be nimble enough to accommodate for the fast pace of IT evolution. Only a few years ago, the idea that Google would scan emails to automatically populate a person’s calendar or send alerts was considered highly unacceptable. Today, for many, it is the norm.
In August 2017, the Supreme Court of India ruled that privacy is a fundamental right [
Responses to the White Paper included recommendations focused on the protection and use of health data, calling for automated but consented flows, easier access, and portability, and without jeopardizing the safety or privacy of vast swathes of India’s digitally illiterate populations. Reviewers opined that health data are generated jointly by the patient and the provider, and are used for purposes beyond clinical care, including for research, operations, payments, quality control, and public health. The patient serves as the “data controller” with a reasonable say in which of their data are made available, to whom, and when. A “data processor” co-creates and adds data to the patient’s health record and accesses it when implicitly or explicitly authorized to do so. When patients cannot consent for lack of capacity, illiteracy, or circumstance, regulations should favor the patient’s best interest [
In March 2018, the MoHFW invited public comment on a new bill it has proposed, the Digital Information Security in Health Care Act [
In July 2018, the Government of India's NITI Aayog, the National Institute for Transforming India, published a blueprint for a "National Health Stack," embracing the principles of federated patient-centric data flows outlined in this paper [
For this proposed technological framework to meet its game-changing potential, the model will benefit from adhering to the following principles: (1) adopting a federated architecture, (2) prioritizing patient and population health needs over billing needs, (3) guaranteeing a patient’s right to her structured data, (4) allowing a plug and play model of highly customizable applications that can address varying context-specific needs, and that respond to market incentives for better user-interfaces, (5) mandating minimum data sets, (6) adopting privacy by design: automate audited and consented data flow, and finally (7) defaulting to safeguarding patients’ control over their data.
For patients, scientists and clinical providers to recognize, adopt and benefit from the vast potential of a secure, federated health information ecosystem, we propose a suite of initial applications whose benefits to society are palpable. For example, medication alerts, laboratory trends, schedulers and payment logs would prove highly useful to patients but would require interoperability among different sources of data, mandated or incentivized by the state. At a population level, disease surveillance data for modeling and forecasting outbreaks would be particularly useful to public health agencies. Standardized registries for trauma, cancer, rare diseases are desperately needed in India and can be built on the proposed framework. Aggregated and anonymized data sets accessed through an audited trail would help accelerate medical research, given the sheer volume of patient load in India.
However, such widespread adoption and data transfer between entities would necessitate buy-in from multiple stakeholders—through a combination of incentivization, legal mandate, budgetary allocation, and market demand for patient–provider, provider–provider, provider–payer, and payer–patient interactions [
India must take advantage of its vibrant IT ecosystem and the widespread adoption of mobile technologies across its socio-economic strata. A light and robust API–enabled spine upon which both the public and private sector can be invited to build contextually appropriate, competing, substitutable, and incremental solutions will be the key to a forward-looking digital health ecosystem. The time for large centralized data warehouses and homogenous systems has passed.
There is much excitement globally about the power of big data, artificial intelligence and machine learning in reshaping medicine and health care delivery. However, the potential of these promising sciences can only be harnessed with reliable and timely data. A federated PHR in India will provide unprecedented amounts of health data; among them may lie answers to our well-being and happiness.
application programming interface
electronic health record
Fast Healthcare Interoperability Resources
General Data Protection Regulation
Health Information Exchange
Information Technology for Economic and Clinical Health
identification
Integrated Health Information Platform
information technology
know your customer
Logical Observation Identifiers Names and Codes
The Ministry of Health and Family Welfare
National Health Protection Scheme
personal health record
Systematized Nomenclature of Medicine-Clinical Terms
The authors would like to acknowledge the support of the Radcliffe Institute for Advanced Studies at Harvard University for sponsoring the workshop, “Exploring health information exchange: setting an interdisciplinary agenda,” in September 2016, where the first draft of this paper was proposed.
SB wrote the first and final drafts of this paper, with significant editorial contributions from AF. All other authors contributed equally.
None declared.