National

Patients' Health Data Is Not Shared With Insurance, Pharma Firms Without Consent: Government

Health Minister Mansukh Mandaviya said the HDM policy is a guidance document which sets out the minimum standards for privacy and data protection that should be followed by all the participants/stakeholders of the ABDM ecosystem.

Getting your Trinity Audio player ready...
Union Health Minister Mansukh Mandaviya.
info_icon

The Ayushman Bharat Digital Mission (ABDM) facilitates secure data exchange between intended stakeholders on its network after the patient's consent and no data is shared with any other entity, including insurance and pharma firms, without the individual's consent, the Rajya Sabha was told on Tuesday.

Responding to a question on whether patients' health data is shared with insurance and pharmaceutical companies under the Health Data Management (HDM) policy, Health Minister Mansukh Mandaviya said the HDM policy is a guidance document which sets out the minimum standards for privacy and data protection that should be followed by all the participants/stakeholders of the ABDM ecosystem. 

The policy was released on December 14, 2020, by the Ministry of Health.

'Privacy by Design' is one of the key guiding principles of ABDM and implemented following the principles of federated digital architecture, Mandaviya said. 

"Therefore, there is no centralised repository of data. The ABDM facilitates secure data exchange between the intended stakeholders on ABDM network after the patient's consent. HDM policy specifies that no data shall be shared with any other entity including insurance and pharmaceutical companies without consent of the individual," he said.

The health minister further said that under the HDM policy, various limitations have been imposed on sharing of health data so as to ensure that the privacy and data protection principles are adhered to at all times during the course of sharing of such health data. 

A purpose-based limitation on sharing of data has been imposed on the Health Information Users. Also, the entity to which data is shared (Health Information User) would not further disclose the data without obtaining the consent of the data principal (the individual), he said. 

"The data shared would also not be stored beyond the period necessary for the purpose specified while obtaining the prior consent of the individual. In addition, principle of data minimisation will also have to be adhered to by the entity which has received the shared data," Mandaviya said.

-With PTI Input