In early May 2021, 29-year-old Sweta Sundar went with three members of her family to a government school in south Delhi to get their first doses of the Covishield vaccine. The staff at the vaccination centre insisted that they verify their identities by submitting their Aadhaar details, even though, according to government issued guidelines, beneficiaries can provide six other types of government identification. “At the time, I just did as I was told,” Sundar said. “I didn’t think too much about it.” When Sundar returned home, she saw that she had been issued a Unique Health ID or UHID with the number printed on her vaccination certificate above her beneficiary reference number. Sundar was not sure what this identification number was. The three members of her family who had also been vaccinated after providing their Aadhaar information had been issued health ID numbers too. “They had not told us anything about a health ID or that they were issuing us one,” Sundar told me. “There was no conversation around it, let alone a consent seeking process. How could I give consent when I didn’t even know what the health ID was?”
The UHID that Sundar and her family found on their vaccination certificates is a unique identification code generated under the National Digital Health Mission or NDHM. The government launched the mission in August 2020 with the stated aim of leveraging technology for better health outcomes. The National Health Authority, the governmental body responsible for implementing various central health schemes including the NDHM, describes the mission on its website as one that “aims to develop the backbone necessary to support the integrated digital health infrastructure of the country.” The UHID is supposed to link each beneficiary of the NDHM to several other components of a digital health ecosystem by digitising personal health records, providing access to healthcare services including online pharmacies and telemedicine providers. The UHID is supposed to allow beneficiaries to access all their health records such as lab reports, prescriptions and discharge summaries and all other personal health data. Despite the NHA’s assurances of safeguarding sensitive health data shared under the NDHM, there are concerns about how such data can be used when India still lacks a data protection law. The government has also claimed that opting in by creating a UHID, and opting out by requesting a deletion of all personal data from the NDHM, is completely voluntary. However, several people like Sundar had already been allotted UHIDs without their consent.
COMMENT