It was on September 30, 1963, that Charles Schulz first used 555 95472 to introduce one of his comic characters in his much-loved Peanuts series. More than a half century ago, he recognised, so to say, the replacement of numbers for names.

In August 2020, the National Digital Health Mission (or, to give its rightful name, Ayushman Bharat Digital Mission) was launched as a pilot project, with the intention of inclusive access to healthcare for all. This adheres to the Government of India's aim to achieve the goals of the National Health Policy, 2017, especially increasing access, improving quality, and lowering the cost of healthcare delivery while continuing to focus on integrating the digital healthcare industry with other policy initiatives such as the Electronic Health Record (EHR) Standards, 2016, NITI Aayog's National Health Stack, 2018, and the National Digital Health Blueprint, 2019.

Adopting the standard UPI-based model of the financial sector, the NDHM called for the provision of 'digital health ids' as part of a federated health system for the quicker and more efficient delivery of healthcare to all. The NDHM envisages a system whereby an individual can create a 14-digit unique id -- the health id -- which will contain the concerned individual's medical records, that is, all details of their physical, mental, and emotional wellbeing. The system would also connect hospitals countrywide with one another, enabling easier second and third opinions as also consultations.

Unquestionably a system that may facilitate easier and more inclusive access to healthcare for all, the NDHM however has certain concerns that may need to be addressed, preferably without the Government dragging its heels over important legislation such as the Personal Data Protection Bill, 2019.

The first point, and one that was recognized in the National Health Policy, 2017, is the glaring concerns of a federated health system when health is a state subject. This issue may finally result in flawed implementations of the system, with neither state nor centre taking responsibility for the flaws.

The second concern is in respect of the protection of personal data. Currently, if there is a breach, the patient has recourse only to the archaic rules under the Information Technology Act, 2000, which are, to say the least, ambiguous, serving only for advisory purposes, and as ineffectual as a toothless tiger. The earlier the Personal Data Protection Bill is enacted, with its accompanying rules and regulations, the better it would be for the patient seeking to put their health details online.

The third concern is consent. This connotes informed consent, as per Benjamin Cardozo's infamous dictum in Schloendorff, which courts across the world have taken to heart when dealing with cases involving health. However, consent in India (albeit from a health and treatment perspective) has always been doctor-centric, with the medical professional often being the decision-making authority. Given that courts in India have refused to adopt the Montgomery and Chester approaches to consent, it would be interesting to see how much disclosure would be deemed necessary before an individual decides to provide their consent.

Consent has its limitations, the main one being that in the health space as also in the privacy space, it is often never express, is always broad and never specific, and, more often than not, never informed. This would always result in standard questions of who would be responsible during a data breach – the medical professional, the cloud-based host, or the Government, and if the Government, would it be state or central?

Being an advocate of the 'bundles of rights' approach, as proposed by Honoré, I would opt for a commodification-based approach to the collection and storage of the health data collected under the health id: as the possessor of his/her health data, the concerned individual is the one with maximum interest in the data and, consequently, would have all the incidents that would make them the owner of their data. In short, the health data is the individual's private property, and any misuse could also be seen as a violation of such right.

The fourth concern is the drawing of parallels between the Aadhaar and the health id, the common thread being the easier delivery of services. Of course, in practice, the delivery of services without the Aadhaar is virtually not possible in many instances, notwithstanding judgements of the courts in this regard. Would this mean then that unless a person 'voluntarily' registers for a health id, the chances of them receiving health-related services are gradually moving from low to minimal?

While the overall NDHM project is laudable, the above-mentioned concerns, apart from others, would need to be addressed before the NDHM remains another 'castle in the air'.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.