The Weaponisation of Health Records and Need for Privacy

Recent child marriage arrests in Assam raise the question of how much of our health data the state has access to.

India is rapidly digitising. There are good things and bad, speed-bumps on the way and caveats to be mindful of. The weekly column Terminal focuses on all that is connected and is not – on digital issues, policy, ideas and themes dominating the conversation in India and the world.

There are large-scale arrests that have taken place in Assam with a crackdown on child marriages. The crackdown has led to protests from pregnant women who believe the state is interfering in their married lives. It is believed the state was able to identify and target individuals to be arrested after a health survey was carried out identifying underage pregnant girls. This is leading to a distrust of healthcare service providers in the state.

The Government of India has been collecting health records and details of pregnant women to measure and address issues of infant mortality and maternal mortality. India made significant headways in decreasing these mortality rates over the decades with investments in primary healthcare and providing nutrition to pregnant women. While this entire exercise was decentralised, with Asha workers and anganwadis helping pregnant women in need, digitisation has centralised the information system and tracking of work being carried out.

Over the years, the Government has forced digital systems to track pregnant women and infants for further immunisation post child birth. The Ministry of Health and Family Welfare developed the Reproductive and Child Health portal to track pregnant woman and newborn children. The creation of this digital portal also marks a shift in India’s welfare schemes, where beneficiaries were tracked and targeted in the name of welfare. This tracking, like every other welfare scheme, is carried out using Aadhaar. Without tracking, neither the mother nor a new born child will receive any monetary benefits towards their healthcare needs.

The state serves an important function: providing a host of immunisation vaccines to the mother and to a new born child. This requires knowing basic details of the mother and the child. But with digitisation and the creation of electronic health records, the list of parameters the state has been collecting is ever increasing and not entirely necessary from a healthcare perspective. One can check how much information the Electronic Health Records holds about a mother in this sample record.

Anyone inside the government at every level now has access to entire health records of pregnant women, which brings us to the question of safety of these records. When information is being shared at every level, one cannot know where a leak could have taken place, if there was one. In the case of Assam, there are accusations against the local health clinics and Asha workers for sharing the details of pregnant women resulting in the large-scale arrests of their husbands. But with a centralised system, one should ask whether it is an on-the-ground worker or the highest healthcare official who is sharing this data with the police department.

People may have different opinions on the action taken by the Assam government with regard to the arrests. But what is missing in the debate is how a large-scale privacy violation has led to these arrests. Without a data protection law, these actions are being justified by the state as a routine exercise. The current draft data protection law also gives complete exemptions for the state to use any personal data for implementing various laws. In this case, the state’s excuse has been the Prohibition of Child Marriage Act.

The state is tracking us before we are even born and is constantly showing us how it can weaponise this information. The moment we are born, it wants to collect our biometrics and issue us a “Baal Aadhaar”, a unique identity that will continue to track our 360-degree profiles including health records until we die. It is even intervening at the crematoriums to record our death.

Providing healthcare to citizens is an accepted and important function of the state, I am not questioning that. But now it is also about the weaponisation of information that is taking place through centralisation without any safeguards. No law will fix what is broken in technology designs and information architectures of these upcoming and already built technological artefacts.

If we want to address this problem, we need to look at how the technology is being produced, in this case the technologists and think tanks that are pushing for these 360 degree profiles with impunity. What’s happening in Assam can happen anywhere else with a different excuse, in case of another epidemic where health data could be weaponised. No amount of anonymisation or providing privacy to citizens will solve this when the state is expected to have backdoor access to all of our information.

Srinivas Kodali is a researcher on digitisation and hacktivist.