According to the Oscar award-winning American actor and film director Marlon Brando, “Privacy is not something that I’m merely entitled to, it’s an absolute prerequisite.” According to the definition from the Cambridge dictionary, privacy is “Someone’s right to keep their matters and relationships secret”. Privacy is the fundamental right of human beings and the same has been reiterated a number of times by the juridical systems of various countries. But today, privacy and data breaches are happening every day in this world.
More than 200 million surveillance cameras are installed around China with improved facial recognition and artificial intelligence technologies. The purpose of installing these is to identify malpractices happening around cities. Through its attention on pedestrians, luxury retail stores, inside classrooms to identify students’ malpractices – the privacy of individuals has been compromised.
The healthcare industry is one of the largest and rapidly developing industries. According to IBM Global Business Services (Executive Report-2012), the focus of overall healthcare management is changing from disease-centric to patient-centric. Thus, while the analysis of healthcare data plays an important role in healthcare management, on the other hand, the privacy of patient’s records is assuming critical concern.
Preserving the privacy of medical data is not only an ethical but also a legal requirement, posed by several data-sharing regulations and policies worldwide, such as the Privacy Rule of the Health Insurance Portability and Accountability Act in the USA, and the Data Protection Act in the UK. Besides, we are witnessing a wealth of approaches for preserving privacy in many phases of the healthcare information lifecycle, including data collection, communication and sharing, as well as the knowledge management of healthcare information. To achieve privacy goals, these approaches employ various techniques, such as cryptography, access control, and data anonymization, generalization, and perturbation.
Privacy issues in healthcare-specific domains in India are still quite lax, due to prevalent complacency, culture, politics, budget limitations, huge population and the inadequate infrastructure. Due to these factors, data security takes a backseat, allowing for easy access to confidential information. The prevalent culture also affects healthcare disclosure in India. In many cultures, the disclosure of sensitive personal healthcare data is looked down upon. This leads to discrepancies in the healthcare data recorded as well as a decline in the level of treatment prescribed. Research and statistics of treatment given many a times don’t match the records due to inaccurate reporting of data.
India is a country of large democracy and large populations. Maintaining standard infrastructure is another issue of implementing privacy. The cost required to implement a privacy model is substantial and requires funding from the government and individuals. To make the privacy model a success involves the work of specialists in the field of privacy and the field of healthcare. Budget constraints may lead to an ineffective model getting implemented which will not be secure and safe from attacks.
It’s important that privacy issues to Indian healthcare system must be addressed first. Surprisingly, there are hardly any research documents on that subject. Very few researchers have a keen interest in solving the privacy threats and data breaching issues in Indian healthcare data. This motivation made us take steps to consolidate the privacy and data breaching issues in India and make it available as an open-access manuscript. According to the limited available research, the Indian healthcare data which is already published on public platforms does not have any procedure to de-identify the individual patient’s record.
Data publishing is one of the state-of-the-art techniques of publishing healthcare data in tabular format on either public platforms such as blogs/ websites/ public columns, or for publishing selective data to discriminating individuals which can be only accessed upon authentication. Since Indian healthcare data contains sensitive information of an individual, the privacy concerns of the user must treat equally important.
According to the recent news, India’s health ministry has proposed a law to govern data security in the healthcare sector that would give individuals complete ownership of their health data. Individuals can access, share and deny the healthcare records. The draft Digital Information Security in Healthcare Act was proposed by the health ministry on March 11, 2018. The committee suggested the following key-points and developed privacy framework:
The law must be flexible and must adhere to changing technologies
Law must be applied to public and private sector entities
Entities controlling the data should be accountable for any data processing
Consent must be structured and genuine
Processing and analysis of healthcare data must be minimal
Enforcement of the data protection framework should be by a high-powered statutory authority.
The fruitful observations that can be drawn from above perspective are: Indian published health data is very diverse and collected from different heterogeneous sources; there are no proper regulations over the authorship of the health data; and any third party can get access to the sensitive data and can misuse them. The re-identification attack is the most common attack of health data wherein with the help of a group of some entities (called as quasi-identifiers), an identity of an individual can be easily determined. The proposed law mentioned in the above paragraph has guidelines and technological aspects of preserving the privacy of healthcare data.
According to our research, the proposed solution may include the awareness of understanding the procedure of how healthcare data is stored and processed. The backup of healthcare data, distribution of data among data publishers, working of consent, etc. must be clearly understood by every Indian who has healthcare records. Assurance of an individual’s healthcare data is a fundamental right of every Indian citizen. The surety can be only be increased if the technology can be implemented in publicly available Indian healthcare data. Another aspect of cognizance that we must address is to have proper authentication for accessing healthcare data.
The trust of Indian individuals to any organization is highly vacillating as far as healthcare data sharing is concerned. Every client should be properly verified before granting access to the information and should be immediately taken back if there is some suspicious activity from the user side. Verification can be done from UID/AADHAR authentication. Strong anonymization technique is still needed in heterogeneous, diverse healthcare data which should lead to data privatization, and can subsequently be used for utility analysis for further research in Indian healthcare for the betterment of the society.
Another angle of the story is the cultural and sociological view of the said problem. Literacy and awareness should be spread about the need to disclose healthcare information accurately and promptly. Healthcare privacy models can only be successful when the Indian citizens change their mindset and are willing to share their information correctly. Trust is a must be from both the sides. It should be understood that disclosing medical data is not a weakness and shouldn’t be looked down upon. Education and awareness camps should be held to inform citizens about the privacy model and the need to disclose healthcare information in a secure data environment. An evolved sociological view is essential to combat slackness and laxness prevalent in India. In addition, promotion to levels of authority should be based on merit. Corruption should be eliminated and bureaucrats should be held responsible for their failures. A strict work ethic should be established and deadlines should be met. This can be done only if the mindset of bureaucrats changes from doing something only for themselves to a mindset of doing something for the citizens and the country.
This research document is concluded by saying “Data privacy is not a product to be marketed, it is a secure, personal human right.” Thank you.