Executive Summary

Introduction

The National Health Policy (NHP) 2017 had defined the vision of ‘health and wellbeing for all at all ages’. Continuum of care is a concept strongly advocated by the policy. Citizen centricity, quality of care, better access, universal health coverage, and inclusiveness are some of the key principles on which the NHP is founded. All these aspirations can be realized principally by leveraging the power of the digital technologies. In the Indian context, due to its size and diversity, this mammoth task requires that a holistic, comprehensive and interoperable digital architecture is crafted and adopted by all the stakeholders. In the absence of such architecture, the use of technology in the health sector continues to grow in an uneven manner and in silos.

Executive Summary

Eco-System, not System

In the above context, the Committee constituted by the Ministry of Health and Family Welfare recognized the need for creating a framework for the evolution of a National Digital Health Eco-system (NDHE) – an Eco-system and not a System. The result is the National Digital Health Blueprint (NDHB), which in addition to being an architectural vision, also provides specific guidance on its implementation. NDHB recognizes the need to establish a specialized organization, called National Digital Health Mission (NDHM) that can drive the implementation of the Blueprint, and promote and facilitate the evolution of NDHE.

The Blueprint keeps the overall vision of NHP 2017 at its core and recommends commencing with a pragmatic agenda to start with, adopting the principle of ‘Think Big, Start Small, Scale Fast’. To this end, it has been designed as a layered framework, with the vision and a set of principles at the core, surrounded by the other layers relating to digital health infrastructure, digital health data hubs, building blocks, standards and regulations, and an institutional framework for its implementation. The document also contains a High‐ Level Action Plan to put these elements into motion in a time-bound manner.

The objectives of NDHB are aligned to the Vision of NHP 2017 and the SDG’s relating to the health sector. These include:

1. Establishing and managing the core digital health data and the infrastructure required for its seamless exchange.
2. Promoting the adoption of open standards by all the actors in the National Digital Health Ecosystem in the development of multiple digital health systems spanning across the sector from wellness to disease management.
3. Creating a system of Electronic Health Records, based on international standards, which are easily accessible to the citizens and service providers based on citizen consent.
4. Establishing data ownership pathways so that the patient is the owner of his/her EHR, and health facilities and government entities maintain the data under trust on behalf of patient. The collection as well as the end use of the data shall be through a consent framework. The anonymized data can, however, be used for research purposes if it duly follows the principles so defined. It is the responsibility of the health facility to ensure privacy, security and confidentiality of the data.
5. Following the best principles of cooperative federalism while working with the states and union territories for the realization of the vision.
6. Promoting health data analytics and medical research.
7. Enhancing the efficiency and effectiveness of governance at all levels.
8. Ensuring quality of healthcare
9. Leveraging the information systems already existing in the health sector.

Executive Summary

Principles

An eco-system cannot be built – it must evolve. Given this, a set of principles - rather than specifications - have been recommended to enable the evolution of the NDHE. The key principles of the Blueprint include from the domain perspective - universal health coverage, inclusiveness, security and privacy by design, education and empowerment of the citizens, and from the technology perspective - building blocks, interoperability, a set of registries as single sources of truth, open standards, open APIs and above all, a minimalistic approach.

Executive Summary

Building Blocks

In the context of the evolution of a digital ecosystem, building blocks are reusable frameworks or artefacts that most stakeholder groups need to rely upon for designing, developing and delivering their services. Building blocks constitute the core of NDHB. The Blueprint identifies the minimum viable set of building blocks required for the NDHE to evolve and describes their capabilities at a high-level. It is for the NDHM, as a specialist organization, to work towards the design, development and establishment of these building blocks. Conformance to both the NDHB Principles as well as to the NDHB Standards and Regulations is critical for an efficient design and development of the building blocks.

The Blueprint has identified 35 building blocks. A few of the critical capabilities and the schematic of the NDHE that will be addressed by appropriate combinations of different building blocks are briefly explained below:

1. Identification: Unique identification of persons, facilities, diseases and devices is a key requirement as well as a challenge in the NDHE. The Blueprint handles this requirement through 2 building blocks, viz. Unique Health Identifier (UHID) and the Health Locker. Working in tandem, these two blocks will facilitate the creation and maintenance of both Electronic Health Records and Personal Health Records.
2. Citizen to be in Control: The need for maintaining the confidentiality, security and privacy of the health records cannot be over-emphasized. These regulatory requirements are built into the design of NDHE a priori, rather than being retrofitted. The Blueprint achieves these complex and mandatory requirements through a combination of a few building blocks, viz. Consent Manager, Anonymizer and Privacy Operations Centre. Besides these building blocks, application-specific features and relevant international standards defined in the Blueprint fortify the privacy regime.
3. Service Access/Delivery: Omni-channel access/delivery are an important capability required in the NDHE. This is achieved by a combination of Web (India Health Portal) and mobile (MyHealth App) applications, as well as the call centres and social media platforms. The Unified Communication Centre enables real-time monitoring and interventions needed in the NDHE. Given the significant reach of smartphones and the potential for further spread of smartphone technologies, the Blueprint emphasizes the ‘mobile first’ principle for delivery of majority of stakeholder-facing services.
4. Interoperability: The most important contribution of the Blueprint is its advocacy of interoperability, which is a prerequisite for development of integrated digital health services and establishing a continuum of care but also propelling parallel development of innovative value‐added services by entrepreneurs. Two building blocks, namely, the Health Information Exchange and the National Health Informatics Standards enable and promote the interoperability of various building blocks and services built on top of them.

The task of developing of these building blocks is allocated under a federated model with three levels of roles delineated between centre, state and health facilities. Except for the minimum data set needed at the centre and state, the data shall primarily reside at health facility level.

A significant effort requiring high-level expertise is involved in the preparation of the detailed designs for these building blocks, which have been elaborated in Chapter 2.

Executive Summary

Applications & Digital Services

The Application Layer of the Blueprint is merely a placeholder in so far as it identifies the thematic areas for development and deployment of applications but refrains from listing them exhaustively. Such an approach has been adopted not only because of the large number and variety of applications that exist, but also because applications must evolve progressively in an innovative manner that cannot be defined upfront. It is, however, necessary here to highlight the importance of leveraging some applications in the health sector that have already evolved and matured over the last few years. Taking these legacy applications on board the NDHE requires that each application is rigorously assessed with respect to its conformance to the pre-defined standards using a set of criteria like those defined by the Digital Service Standard notified by Ministry of Electronics and Information Technology. The design of NDHB enables and promotes the development of a host of innovative applications and apps by start-ups and entrepreneurs to provide value-added services to the citizens and other stakeholders.

The value of the Blueprint can be realized mainly in terms of the impact the digital health services can have for various stakeholder groups. The Blueprint provides an illustrative, but by no means an exhaustive list of digital health services, to indicate the nature of qualitative difference their implementation can make. Needless to say that the portfolio of these services must be validated and updated through a series of consultations with different stakeholder groups.

Executive Summary

Standards

National Health Informatics Standards form the cornerstones of the NDHB. Ideally, the health sector must align with international standards in a large number of areas. However, the Blueprint has adopted a pragmatic approach and recommended only a minimum viable set of standards, to make it easier for the ecosystem players to adopt them. FHIR Release 4 (in a highly condensed form), SNOMED CT and LOINC are among the standards recommended.

Executive Summary

Institutional Framework

A Blueprint is only as good as its implementation. An appropriate implementation framework is suggested in Chapter 4. The establishment of a new entity, the National Digital Health Mission (NDHM), is recommended as a purely government organization with complete functional autonomy while adopting some features of existing National Information Utilities like UIDAI and GSTN. The role and functions of NDHM and an appropriate organizational structure have also been recommended. A high-level Action Plan for the implementation of NDHB has been shared in Chapter 5.

Context & Scope

The Context

Healthcare has always been central to all development efforts at a national and global level. Government of India envisages the attainment of the highest possible level of health and well-being for all at all ages as its goal and intends to provide universal access to high quality health care services without the citizens having to face financial hardship as is enunciated in National Health Policy, 2017. The most promising approach adopted by National Health Policy towards this goal is the extensive deployment of digital tools/technology to enhance health system performance. Digital health technology has a huge potential for supporting Universal Health Coverage (UHC) and the government’s commitment to make healthcare affordable, accessible, and equitable.

The Ministry of Health and Family Welfare (MoHFW) has prioritized the utilization of digital health to ensure effective service delivery and citizen empowerment so as to bring significant improvements in public health delivery.

To improve efficiency in health delivery, extend healthcare to rural areas and provide better quality services at low cost, certain eHealth initiatives using ICT (Information and Communication Technologies) were undertaken by MoHFW across the country with th following objectives:

• To ensure availability of services on wider scale
• To address the human resource gap by efficient & optimum utilization of the existing manpower in the health sector
• To provide healthcare services in remote & inaccessible areas through telemedicine
• To improve patient safety by access to medical records which also help in reducing healthcare costs
• To monitor geographically dispersed tasks for meaningful field level interactions through effective use of MIS
• To help in evidence-based planning and decision making
• To improve efficiency of imparting training for capacity building

Some of the key ongoing initiatives in digital health being implemented by MoHFW include : Reproductive Child Healthcare (RCH), Integrated Disease Surveillance Program (IDSP), Integrated Health Information System (IHIP), eHospital, e-Shushrut, Electronic Vaccine Intelligence Network (eVIN), Central Government Health Scheme (CGHS), Integrated Health Information Platform (IHIP), National Health Portal (NHP), National Identification Number (NIN), Online Registration System (ORS), Mera Aspatal (Patient Feedback System), Health Management Information System (HMIS), and National Medical College Network (NMCN). These initiatives are operational at a substantially mature level and are already generating enormous amount of data in the health sector. Since health is a state subject, states are supported under National Health Mission (NHM) for services like Telemedicine, Tele-Radiology, Tele-Oncology, Tele-Ophthalmology and Hospital Information System (HIS).

The Government of India approved the National Health Policy 2017 (NHP 2017) with the vision of providing universal health care. As a sequel to the NHP 2017, the Union Budget for the fiscal year 2018–19 announced the Ayushman Bharat Yojana, a program designed to address health holistically through a two-pronged approach:

• To set up 1.5 Lakh Health and Wellness Centres for comprehensive primary healthcare, including preventive and promotive healthcare accessible to all, and
• A flagship scheme Pradhan Mantri-Jan Arogya Yojna (PMJAY) to provide healthcare cover to over 10 Crore poor and vulnerable families for up to Rs 5 lakh per family per year for secondary and tertiary care requiring hospitalization.

Through Ayushman Bharat, the Government of India has taken steps to lay the foundation of a 21st century health system. It is expected that the provision of services through public and private sector under Ayushman Bharat will generate enormous amounts of health data, mostly in the digital space. To ensure that cutting-edge digital technologies are leveraged, it is crucial to focus on creating an appropriate architecture and data structures which are both pan-India. With the current system of fragmented data capture by multiple stakeholders without any standardization, there is a serious risk of compartmentalization of digital health assets.

The aforesaid challenge also presents us with an opportunity to build a state-of-the-art National Digital Health Eco-system (NDHE) that can enable us to leapfrog many of the traps that bedevil health information systems even in developed economies.

Towards this end, NITI Aayog had proposed a conceptual framework for creation of a National Health Stack - a set of core building blocks to be "built as a common public good" that helps avoid duplication of efforts and achieve convergence among the IT systems of the diverse stake holders such as the Governments, the Payers, the Providers and the Citizens. Even at the conceptualization stage, it was recognized that the issue of data safety, privacy and confidentiality will be critical for the success of the NHS and consequently, the need has arisen for a mechanism to incorporate these elements ab‐initio into the architecture.

The Ministry of Health & Family Welfare constituted a Committee chaired by Shri J. Satyanarayana, the then Chairman, Unique Identification Authority of India (UIDAI) to create an implementation framework for the proposed National Health Stack. The composition of the committee is shown in Annexure I.

Given the vastness of the Health Domain and the complexities involved in designing architecture for National Digital Health Eco-system, the committee constituted 4 Sub-Groups to deal with 4 distinct aspects of the mandate of the committee. These relate to

1. Scope of NDHB, overarching principles and target digital services
2. Building blocks of NDHB, including Universal Health ID
3. Standards and regulations, and
4. Institutional framework

The composition of the Sub-Groups and terms of reference are given in Annexure II.

Based on the efforts of the 4 Sub-Groups, the committee prepared the National Digital Health Blueprint (NDHB) as a document that would act as an authoritative reference in guiding all future efforts for creation of NDHE. It is envisaged that the Blueprint will shape the path for a digitally inclusive healthcare system to be established in our country. The nomenclature of “National Digital Health Blueprint” is considered more appropriate as the document is a balanced combination of architectural principles, building blocks and an implementation framework as well, which together, provide an immediate setting for action in multiple dimensions and at multiple levels.

Context & Scope

Vision

To complement the overall vision of government to create an enabling digital health ecosystem and prioritization of digital health by government as enunciated in the national level programs, the following vision statement is recommended to be adopted for National Digital Health Blueprint:

"To create a National Digital Health Eco-system that supports Universal Health Coverage in an efficient, accessible, inclusive, affordable, timely and safe manner, through provision of a wide-range of data, information and infrastructure services, duly leveraging open, interoperable, standards-based digital systems, and ensuring the security, confidentiality and privacy of health-related personal information."

The vision of NDHM encapsulates the goals of NHP 2017 and aims to leapfrog to the digital age by providing a wide range of digital health services.

Context & Scope

Objectives

The following specific objectives need to be achieved if the Vision of NDHM is to be realized:

1. To establish state-of-the-art digital health systems, for managing the core digital health data, and the infrastructure required for its seamless exchange
2. To establish national and regional registries to create single source of truth in respect of clinical establishments, healthcare professionals, health workers and pharmacies
3. To enforce adoption of open standards by all the actors in the National Digital Health Eco-system
4. To create a system of Electronic Health Records based on international standards, easily accessible to the citizens and to the healthcare professionals and services providers, based on citizen-consent
5. To promote development of enterprise-class health application systems with a special focus on addressing the Sustainable Development Goals related to the health sector
6. To adopt the best principles of cooperative federalism while working with the states and union territories for the realization of the vision
7. To ensure that the healthcare institutions and professionals in the private sector participate actively in the building of the NDHE, through a combination of prescription and incentivization
8. To ensure national portability in the provision of health services
9. To promote the use of Clinical Decision Support (CDS) Systems by health professionals and practitioners
10. To promote a better management of the health sector leveraging health data analytics and medical research
11. To provide for enhancing the efficiency and effectiveness of governance at all levels through digital tools in the area of performance management
12. To support effective steps being taken for ensuring quality of healthcare
13. To leverage the information systems existing in the health sector, by ensuring that they conform to the defined standards and integrate with the proposed NDHE

Context & Scope

Overview

The National Digital Health Eco-system is large, complex, heterogeneous, sensitive and critical at the same time. Evolution of such an eco-system can and should happen by a combination of two distinct approaches, namely, establishment/creation of core information systems on a minimalist basis, and promotion of a set of principles and standards to be adopted by all the eco-system players. The Blueprint adopts this twin approach precisely.

The NDHB has been conceptualized as a layered structure depicted in Figure 1.1 and described later.

1. At the core of the Blueprint are its Vision and a set of Principles that should guide all the eco-system players. While the vision has already been stated in Section 1.2 and supplemented by the objectives in Section 1.3, the Blueprint principles are enumerated in the following Section.
2. A federated architecture and its building blocks are defined in Chapter 2. While the core building blocks will be established centrally by NDHB, the remaining would have to be created in an interoperable manner by the eco-system players.
3. Chapter 3 defines the minimum set of standards to be adopted by all the eco-system players. It also touches upon the regulations to be enforced in the health domain.
4. The applications and services layers are substantially in the realm of the providers of healthcare services, Wellness Services and Support Services. However, it shall be the endeavour of the NDHB to design, develop and put in place certain Core and Reusable applications and services, which are commonly used across the country and across the health domain.



Figure 1.1 Layered Structures

5. Chapter 4 recommends an institutional framework appropriate for facilitating the establishment of the National Digital Health Eco-system in terms of all the components.
6. Chapter 5 provides a high-level action plan that envisages implementing the NDHB over 5 years.
7. It may be noted that each of the layers has components that fall under both the areas, namely health domain and pure-play technology.

Context & Scope

Core Principles

As alluded to earlier, an eco-system cannot be built, nor can it evolve on a prescriptive approach. Hence the Blueprint proposes to be evolved on the basis of a set of commonly believed principles, which again, pertain to the business (i.e. the Health Domain) and to technology. The governments, central and state, must play the role of facilitators, enablers and advocates of these principles to speed up the evolution of the National Digital Health Eco-system.

While identifying and defining the principles, the following core requirements and architectural priorities have been kept in view:

1. Unique and Reliable Identification of persons, relations, professionals, providers, facilities, and payers across the whole eco-system.
2. Trustworthiness of the information created by the entities in the eco-system.
3. Capability for creation of a longitudinal health record for every individual from information held in diverse systems.
4. Managing the consents for collection and/or use of personal/health data, to ensure privacy and confidentiality, in conformance to the laws of the land.
5. Adopting and aligning with IndEA principles, given the enterprise nature of NDHE.

The Principles of NDHB are stated and briefly explained Table 1.1 and shown as a bird-eye view in Figure 1.2.

Federated Architecture & Building Blocks

Introduction

Digital technologies are playing a pervasive role in the delivery of healthcare today. The National Digital Health Blueprint (NDHB) provides an approach to establish a Federated Architecture, defined in terms of its Building Blocks. The federated architecture seeks to enable the health ecosystem by streamlining information flows across players in the ecosystem while keeping citizens, their privacy and confidentiality of data at the forefront. A good design can help accelerate the adoption and improve delivery of health services across both the public and private sectors. NDHB identifies key building blocks by looking at the most common requirements of the overall health ecosystem

Federated Architecture & Building Blocks

Federated Architecture

Federated architecture (FA) is a pattern in enterprise architecture that allows interoperability and information sharing between semi-autonomous de-centrally organized entities, information technology systems and applications. In terms of the Technology Principle T3, specified in Table 1.1, NDHB is required to be designed using the principles of Federated Architecture. The purpose of using the Federated Architectural pattern in NDHB is essential for enhancing the security and privacy of the personal and sensitive information of the citizens while ensuring interoperability and technological flexibility and independence. Such an architectural pattern is also ideally suited to the conditions prevalent in a federal set up like India and includes both public and private health facilities and institutions.

Principles

The federated architecture presented in this Chapter is based on a set of principles. It is not prescriptive, but illustrative. The following principles are recommended for the detailed design of the federated architecture and its components:

1. All digital health data and applications are held at 3 levels – National, State and Facility levels, in a decentralized manner, following the principle of minimality at each level
2. Patient data is held at the Point of Care or at the closest possible physical location
3. Citizen shall be in full control of the 'processing of health data' relating to him/her
4. Systems of Record (SoR) shall hold the primary data and all other IT systems, applications or entities will have access to it only through links, subject to the applicable permissions and consent.
5. Large facilities and government health departments shall be data fiduciaries. Small facilities which do not have the capacity/infrastructure can take the services of licensed health data repositories, who will perform the role of data processors.
6. The data fiduciary managing the data and the data processor holding and processing the same shall be responsible for the data protection obligations and compliances under the applicable laws.
7. An indicative set of principles for governance of the federated architecture are given in Annexure VIII.

Overview

The Figure 2.1 provides a high-level view of the federated architecture of NDHB.

The following are the salient features of the architecture:

1. The architecture is laid out at 3 Levels – National, State/UT/Regional and Facility Levels.
2. Each level has the systems designed in 4 Layers, each layer consisting of a set of building blocks of a particular type, namely, Infrastructure, Data, Technology and Application building blocks.
3. The building blocks at each layer and across the 4 layers and 3 levels are loosely coupled on a 'Need-to-Connect' basis, using standardized API's.
4. The granular details of each level and layer and a description of the building blocks along with broad functionalities is provided in Section 2.3.
5. The principle of minimality is applied at each level and layer and in the design of the building blocks.
6. To ensure data consistency, interoperability and national portability, only the minimum required number of building blocks are designed, developed, held and managed centrally.
7. Health records of a citizen are not held at the national level.
8. Only the indexes, pointers or links to the health records are maintained at the state level.

Federated Architecture & Building Blocks

Building Blocks – the essence of NDHB

In architectural parlance, a building block is a package of functionality defined to meet business needs. Building blocks have to operate with other building blocks. A good choice of building blocks will facilitate legacy system integration, improved interoperability, and flexibility in the creation of new systems and applications. Wherever interoperability is required, it is important that the interfaces to a building block are published and are reasonably stable. A building block is intentionally designed to be cross-functional, allowing for its generic functionality to be applied in different contexts.

Identifying the Building Blocks

Each building block must have the following characteristics:

• Provide a standalone, useful, reusable and implementable capability in the health domain
• Cross-functional across the value chain by design
• Applicable to multiple use cases in healthcare
• Interoperable with other building blocks
• Use shared digital infrastructure (to the extent feasible)
• Standards-based and
• Designed for scale

Each building block must have a clear 'Business Owner' and 'Technology Owner'. The business owner is responsible for defining the rules and policies essential to effectively manage the building block. The technology owner would be responsible for managing the business requirements and technical implementation of these requirements efficiently.

Building blocks once identified shall be implemented using workflow-based modules and must interface with other building blocks using open APIs. The building block of Unique Health Identifier (UHID) will be centre-piece for integration with all the other components of health ecosystem and for maintaining the Electronic Health Record (EHR).

Identification of new blocks is an ongoing activity and more blocks would come up over time.

Federated Architecture (FA) in terms of Building Blocks

The recommended set of essential and minimal building blocks under the Federated Architecture (FA) of NDHB are represented in Figure 2.2. The salient features of the detailed architecture of NDHB are given below:

1. The federated architecture is indicative. It can be modified, enhanced and evolved with time.
2. The federated architecture is modular in nature. The combination of modules necessary at each level / setting will be decided while designing the information systems.
3. All the blocks and designs shall conform to the minimum set of standards specified in Chapter 3.
4. The Building Block of 'Common Application' shown in the Application Layer at the national level in Figure 2.2 indicates the intention to publish the code of a few most commonly used applications, designed and developed as reusable, multi-tenant, opensource and standards-compliant applications, placed in an Application Store. Registered users can download the applications, customize / configure them and deploy them in their environments.
5. Anonymization and Consent Management are best done at the point of care. However, two building blocks, 'Anonymizer-as-a-Service' and 'Consent Management as- a-Service' are provided in the state layer, so as to take care of these requirements in the cases of inter-facility transfers. This also addresses the needs of individual practitioners and small clinical establishments that cannot afford and/or manage these components on their own.
6. All the building blocks relating to data at all levels are marked as "SOR", to indicate that they are the 'System of Record'. All the technology requirements and specifications of SOR shall be supported by these building blocks. It may be observed that each health data type (including master and transaction data) is maintained at one level only, to ensure uniqueness and consistency. For instance, while Electronic Medical Record (EMR) relating to an episode or a set of episodes relating to a patient, is maintained at the facility level, the EHR (Electronic Health Record) is a longitudinal record of a particular patient across several facilities and is maintained as a collection of links to the primary data (EMRs). Only the systems for allocation and management of UHID are maintained centrally at the national level. Health records relating to individuals (EMR/EHR) are not kept or maintained at the national level.
7. A repository of standards, APIs, metadata and data dictionaries is maintained at the national level. All entities (especially the architects, system analysts and developers) may source (download) their requirements from this repository.
8. A few of the building blocks are represented at multiple levels, to meet the varying requirements

Figure 2.2 Federated Architecture of NDHB (with Building Blocks)

Federated Architecture & Building Blocks

Building Blocks of National Digital Health Blueprint

Based on detailed studies of the existing health systems and discussions with stakeholders, the 35 key building blocks have been identified across the 3-Level/4-layered architecture of NDHB. These have been represented in Figure 2.3. It may be noted that Figure 2.3 is a '2- dimensional representation' of the major building blocks, abstracted from the '3-dimensional representation' presented in Figure 2.3. It should not be construed from Figure 2.3 that all the building blocks would be maintained centrally at the national level.

Figure 2.3 Building Blocks of NDHB

The important building blocks are explained in the remaining part of this section:

1. Infrastructure (Layer-1): Privacy by design being a key principle of the National Digital Health Blueprint, which requires an Infrastructure layer to be established for management of the key data services in a compliant manner. The objective of the infrastructure layer is to ensure that health data and its traversal are always secure and adheres to all privacy requirements. The government community cloud infrastructure, as defined by MeitY, should be adopted for hosting of data building blocks in Level 1 (National) and Level 2 (State). A hybrid cloud environment is recommended for other levels and layers.

Secure Health Networks Blueprint should be built to work on public networks by default. Wherever access to sensitive or aggregated data is involved, secure connectivity may be used. For specific applications like Tele-health, Tele-radiology that require strong data links to systems like PACS low latency, high bandwidth network systems may be specially designed.
Health-Cloud (H-Cloud) The Health-Cloud builds on the MeitY initiative of Government Community Cloud (GCC) with stronger security and privacy policies and infrastructure. Key data hub management services of the Blueprint must be deployed on the H-Cloud.
Security and Privacy Operations Centre (SOC) All events on the Health-Cloud and the Health Network need to be under 24x7 security surveillance ensuring every data byte is highly secure. This is achieved through a Security Operations Centre (SOC). The Committee recommends the establishment of a dedicated Privacy Operations Centre (POC) to help drive compliance on the privacy requirements, adherence to which is a must in the health sector. The POC will monitor all access to private data, review consent artefacts, audit services for privacy compliance, evangelize the privacy principles on which the Blueprint is being built and bring trust and strategic control in the usage of health data in the ecosystem.

 
2. Data Hubs (Layer-2): Data Hubs provide the fundamental building blocks that manage the key entities and standardized master data required for any health ecosystem transaction. This layer also identifies the minimum and critical transactional data blocks required for successful implementation of the other building blocks. The most important data hubs are those relating to unique identification of persons, facilities and organizations. The following types of entities need to be identified uniquely through a rationalized system of identification:
   • Person - Patient, Family Member, Beneficiary
   • Care Professional – Doctors, Nurses, Lab technicians, ASHA workers
   • Care Provider – Hospital, Clinic, Diagnostic Centre
   • Payer – Insurer, Health Plan, Charity
   • Governing Bodies – Ministry, Professional bodies, Regulator
   • Research Bodies – Researcher, Statistician, Analyst
   • Pharmaceuticals – Drug, Device Manufacturers and Supply Chain players

The recommendations in respect of identification of the major entities are given in the following sub-sections.

1. Unique Health Identifier (UHID): It is important to standardize the process of identification of an individual at any point providing healthcare. This is the only way to ensure medical records created are issued to the correct individual or to obtain consented access. In order to issue the UHID, the system must collect certain basic details including demographic and location, family/relationship, and contact details. Ability to update contact information easily is the key. The relevant FHIR specifications for recording personal details must be followed.
2. Electronic Health Record (EHR): The National Health Policy, 2017 (NHP, 2017) seeks to move everyone towards wellness in a comprehensive and integrated way. The proposed EHR complies with the principles of NHP-2017 and NDHB to generate and aggregate health records for a person and puts the information in the control of the individual who only can authorize sharing episodic medical records with other health providers as per consent framework.

   While there are several approaches to implementing an EHR system, keeping in line with the principles of NDHB, a federated system with multiple market players working on a national interoperable standard for sharing of health data is preferred. Health care providers are expected to identify the individual (through UHID) and insert a medical record into the person’s EHR after providing care. The content in the EHR will need to allow for change, from basic content with very little metadata to a strongly structured content that meets the standards specified in Chapter 3. Initially the EHR may capture, data relating to significant medical and health conditions, episodes and events to be identified and notified. The scope of EHR can be expanded in a phased manner to include other health conditions. Annexure V specifically highlights mistakes to be avoided in designing EHR.

   The design of the Digi Locker system, which has multiple issuers and users who can exchange data with consent and strong non‐repudiation methods, should be adopted with appropriate modifications and enhancements for creation of EHR.

3. Health Directories and Health Registries: Health Directories play a key role in the health ecosystem as they hold the master data of various entities. Directories must be built with strong ownership and governance mechanism and must adhere to the principle of being the "single source of truth". Directories must be designed to be easily accessible and usable by multiple users. Directories related to professionals must enable Identity and Access Management (IAM) for health applications that adopt the blueprint. Health applications must be able to verify the identity of a doctor using the registries, allow them access to records that they have been authorized for.

   Health registries hold information about individuals, usually focused around a specific disease or condition. Some registries seek and hold information about volunteers who want to participate and contribute to a health cause, such as eye/blood/organ donation. Section 2.4 provides a recommended structure for health registries of the first type. A more structured, standards-based approach is required to derive the best benefits of health registries – ongoing and new. Table 2.1 shows the key health directories to be established in the first phase of the NDHB.

Facilities Directory		The Facility Directory will consist of one record and a unique identifier for each Health facility in the country – Hospitals, Clinics, Diagnostic centres, Pharmacies etc.
Doctors Directory		The Doctor directory will consist of one record for each doctor who has registered with the medical council after completion of their education. The directory must be designed to be kept up-to-date as doctors gain skills via fellowships and map them to the facilities they are associated with.
Nurses & Paramedical Directory		The Nurses directory will essentially include the medical support staff including Nurses, ANMs etc. and will also consist of one record for each paramedical staff that is awarded a certification by the Paramedical board, Ophthalmic Technicians, Operation Theatre technicians, etc.
Health Workers Directory		This directory will consist of Health Workers like ASHA who act as the extended work force enabling door to door healthcare related services.
Allied Professionals Directory		This directory contains the other key roles in the healthcare industry including Masters in Hospital Administration, Health IT, Disease Coders, Pradhan Mantri Arogya Mitras, etc.

Table 2.1 Key Directories to be established in the first phase of the NDHB

Health Masters/Health Data Dictionary: There are several master data requirements in healthcare including names of drugs, diseases, lab tests, procedures, etc. The content and interoperability section in Chapter 3 outlines the various standards / code sets which need to be adopted. The Blueprint must enable easy access to developers to incorporate master data into their applications.

3. Technology Building Blocks (Layer-3): Operationalization of the master data directories provides standardized operating data for enabling a health transaction. The Blueprint defines several technology building blocks at the 3 levels. Amongst these, six key building blocks relate to data access management, Table 2.1 Key Directories to be established in the first phase of the NDHB consent and privacy, which need to be adhered to by all implementation agencies. These are described in Table 2.2.

Anonymizer		"Anonymization" with respect to personal data, means the irreversible process of transforming or converting personal data to a form in which a data principal (owner/ citizen) cannot be identified. For the purposes of this report, the term Anonymization has been used in a broader sense to include the related concepts like de-identification and encryption. The Anonymizer takes data from the Health Locker and/or other health data sets, removes all personally identifiable information to protect privacy and provides the anonymized data to the seeker. Tools available can anonymize both structured and un-structured data. At the same time, Anonymizer systems allow the Government or authorized agencies to access the health records of the citizens in critical cases like monitoring of notified diseases etc. This enables the government to take effective decisions to promote wellness in the country and to ensure that healthcare is provided in a timely fashion, as needed. There are 2 levels of delinking the personally identifiable information from the related health record(s), namely, de-identification and anonymization. Deidentification process is reversible, whereby re-identification by the competent authority is possible for specified purposes. Anonymization, on the other hand, is a one-way process, whereby the data once anonymized, cannot be related to any person subsequently. It is necessary to identify the use cases for these 2 processes, depending upon the degree of privacy required. Though combined as a single building block, Anonymizer shall have all the capabilities required, namely, anonymization, De-identification and reidentification including encryption and decryption as needed. Ideally, data is anonymized at the primary source of its capture and retention, mostly at the facility level, so as to minimize its leakage while in transit. However, not all facilities may have the infrastructure and capacity to handle the task efficiently. NDHB, therefore, proposes an additional building block, namely, Anonymizer-as-a-Service, positioned at the intermediate (state) layer which will define the principles of anonymization. The NDHM will facilitate the anonymization of data through appropriate software, utilities, hardware etc. ensuring conformance to the aforesaid principles.
Consent Manager		Health records are personal for an individual and every access to each record requires explicit consent of the individual (data principal). The electronic consent framework specifications notified by MeitY should be used in all aspects relating to the information processing requirements. The goal of the Consent Management Framework and the Consent Manager should be to ensure that the citizen/patient as the data principal, is in complete control of what data is collected, and how/with whom it is shared and for what purpose, and how it is processed. The framework should apply not only to the data collected at each touch point and each encounter but to the data relating to the entire Electronic Health Record, both longitudinal (over a period of time) and vertical (relating to an episode). The IT systems envisaged under the NDHB shall be designed and the existing IT systems enhanced suitably to meet the requirements specified in the Data Protection Bill, in addition to the provisions of IT Act 2000 and the Aadhaar Act 2016 and the rules and regulations notified thereunder. Such a course of action would ensure that the systems are compliant to the existing regulatory provisions, as well as potential future requirements. The Privacy Operations Centre, envisaged as an independent building block that draws its inputs from the various consent management systems, shall play a proactive role in monitoring privacy, consent and access of health data so as to predict and prevent breaches and to notify the concerned data principals and entities in the event of a suspected breach. A combination of data protection techniques like anonymization, deidentification, encryption and strong responsibilities on the data fiduciaries and data processors in addition to consent manager is recommended, as no single technique could take care of all eventualities. Consent shall be obtained at the primary source of its capture and retention, mostly at the facility level, before collection of data and before its processing and /or sharing. However, not all facilities may have the infrastructure and capacity to handle this task efficiently. NDHB, therefore, proposes an additional building block, namely, Consent Management-as-a-Service, positioned at the Intermediate (State) Layer which will define the principles of Consent management. The NDHM will facilitate implementation of consent framework through appropriate software, utilities, hardware etc. ensuring conformance to the aforesaid principles.
Health Locker		The Health Locker is a standards-based interoperability specification that can be implemented by multiple players to enable the creation of an Electronic Health Record ecosystem. When a medical record needs to be issued, only a reference link is shared with the locker ecosystem. Small clinics / hospitals are expected to subscribe to the authorized repository providers who can integrate with the Health Locker to be able to participate in this ecosystem. The health lockers enable creation of a longitudinal health record from the various links it stores and provide the EHR to the providers who need the same. The EHR is created only after consent is sought from the user. The design will factor uptime, network, storage and security considerations. The Health Locker system should enable processing the requests for correction of health data and also for the citizen to exercise his/her 'right to be forgotten', i.e. the right to restrict or prevent continuing disclosure of personal data by a data fiduciary related to the data principal where such disclosure (a) has served the purpose for which it was made and is no longer necessary; or (b) was made on the basis of a consent which has since been withdrawn.
Health Information Exchange		All actors in the health ecosystem would in some way or the other be generating or accessing health information, using one or more access applications. The exchange of information needs to be enabled as realtime data exchange by implementation of Open APIs and other data exchange mechanisms. From a flow perspective, each access application, to submit or retrieve/access any information from/ via the Blueprint, needs to be registered with the Health Information Exchange (HIE). The HIE would be responsible for authentication and authorization of all data exchange requests and, if authorized, for routing the request to the providing applications. The design of this component should support implementation of multi-channel solutions by participating applications, to ensure cross channel capabilities and a seamless user experience and for enabling an open market ecosystem.
Health Analytics		This building block has the objective of providing decision support to the stakeholders on a wide variety of themes, by analysing the aggregated datasets. The Blueprint design must ensure that analytics data is created / collected at source when the medical record is being prepared to be issued to the EHR. Analytics data can be aggregated using either a subscription model or a push model where the data is sent mandatorily to one or more government-controlled analytics systems. Policies for access to the aggregated health data need to be setup. Figure 2.3 indicates that health analytics component should be available both at the national and state levels. While the building block of health analytics can have very large scope in terms of the number and nature of themes for analysis, the following initial set of themes is recommended with the corresponding benefits, as shown below: Theme Decision Support Goal(s)(Illustrative) Quality of Care Quality of Infrastructure Quality of treatment Effectiveness of follow up Hospital-acquired Infections Quality of Data Accuracy of Data Completeness of Data Appropriateness of Data Conformance to Standards Wellness Need for Screening Early Detection Preventive Interventions Public Health Targeted Interventions in NCD’s Identification of endemic areas Identification of endemic groups Disease Surveillance Fraud Detection Fraud Classification Fraud Detection Fraud Prevention through systemic improvements Policy Policy Formulation Support
GIS/Visualization		This building block provides GIS / Visualization services that can be used by the application layer to answer queries such as finding the nearest hospital with a required specialty? Or plotting of disease incidence in a geographic area etc. The building block must take data sets from the health analytics system and produce outputs that can be consumed by the application layers. The GIS services will help in regional/state level planning and monitoring of health services.

Table 2.2 Technology Building Blocks

4. Application Building Blocks (Layer-4): The three layers described earlier are expected to provide open APIs that can be used by a wide variety of applications across the health sector – both by public and private providers. Applications across emergency care, healthcare, wellness, medical education and public health are expected to benefit from the National Digital Health Blueprint. Several existing applications need to be modified to comply with the National Digital Health Blueprint. These include:

Government Managed Health Applications e.g.: Reproductive and Child Health (RCH), NIKSHAY (Online TB Patients monitoring application), e-Raktkosh, Health Management Information System (HMIS), National Programme for Control of Blindness (NPCB), Ayushman Bharat, Hospital Information System (HIS), Integrated Disease Surveillance Program (IDSP) etc. Telemedicine should be given a high priority given the low Doctor‐Population ratio, especially in the rural areas. The Ministry of Health and Family Welfare, with the support of WHO, had launched one of the world’s largest web-enabled, near real-time electronic information system – the Integrated Health Information Platform (IHIP). IHIP provides for public health surveillance for 33 major outbreak-prone diseases (IDSP), malaria and Health Management Information System.

 
5. Access & Delivery (Layer-5): Since Healthcare and Wellness related services are primarily contact driven, in addition to the blocks requiring specific IT intervention, the Blueprint also identifies the varied access and service delivery points that need to be the physical/ virtual points of access for the actors of the ecosystem. These are shown in Table 2.3.

Call Centre(s)		Provide telephonic support to all actors of the ecosystem, principally the citizens.
India Health Portal		A multi‐lingual national portal enabling access to digital health services and data
Social Media		For emergency management, health awareness / education and community-based services like Blood/ Organ Donations.
MyHealth Apps		A wide range of Apps can be built by open market, including Start‐ups and existing Health IT companies of all scales besides Government organizations. The end user thus has the choice of selecting the app that suits their needs best.

Table 2.3 Access & Service Delivery Points

Given the prospects of a near universal coverage of all families in the country with smart phones, all the digital services are to be designed to be delivered through smart phones adopting the Mobile First principle.

The Smart Phones should the preferred medium / channel for dissemination of appropriate content, information, alerts and updates to the large force of health workers, predominantly, the ASHA workers, given that a significant thrust has to be given to the MCH and NCD programs and related field activities. Smart phones can also be the preferred channel for online education of citizens and the field force.

Specific efforts shall be made to launch voice-based services using appropriate tools customized to work in spoken Indian Languages, in collaboration with the OEMs. In addition to the above 5 horizontal layers, the Blueprint also identify the following two vertical layers cutting across all the horizontal layers:

6. National Health Standards: Governance, strategic control, data security, privacy and compliance to standards would be one of the key verticals that cut across all building blocks of the Blueprint. Chapter 3 specifies the various standards to be adopted in these areas.
7. Unified Health Communication Centre: The goal of the Unified Health Communication Centre is to provide a single point of contact to manage public health emergencies. The UHCC consists of a response team and also has the ability to constantly monitor disease surveillance and outbreak response. The large amounts of health data coming into the NDHB should be used to monitor for various diseases working closely with the existing programs of MoHFW and the states. The UHCC consuming information from all other components (internal as well as external), will run analytics on that information and generate alerts and visualizations as required. It shall also deploy artificial intelligence and machine learning technologies.

Federated Architecture & Building Blocks

Structure of Disease Registries for NCD

Registries can provide healthcare professionals and researchers with first-hand information about people with certain diseases, both individually and as a group, and it can increase our understanding of the disease over time.

Broadly, disease registries are based on information gathered during community screening and in the hospitals. Screening-based registries are concerned with recording information about diseases for population at large for different age groups based on well-defined parameters and invoke referrals. Hospital-based registries are concerned with recording of information on the patients seen in a particular hospital.

National Cancer Registry being maintained by ICMR and the other disease registries currently maintained in India are not interoperable and not integrated with Hospital Management Information System (HMIS). Disease registries need to be standardized following the NDHB to make them integrated and interoperable. Table 2.4 depicts generic structure of recommended registries.

Federated Architecture & Building Blocks

Harmonizing Current Facility Registry Initiatives

There is a strong need to uniquely identify health facilities and ensure that any health data is correctly tagged with the facility ID to ensure traceability, accountability and reliability of the health information. The Government needs to create a strong facility registry for use by several actors in the ecosystem.

After a comparative analysis of the ongoing initiatives for creation of facility registries (details in Annexure III), the Committee recommends the following:

1. National Health Resources Repository (NHRR) complimented with National Identification Number (NIN) shall be utilized as the main facility registry
2. Incentive-driven governance mechanisms need to be designed to ensure facility registry is kept updated and made available for integration with health systems
3. The format of the Facility Identifier being used by NHRR may be reviewed and enhanced considering the need for it to interoperate with other identifiers like NIN and ROHINI
4. The format and structure of the identifier should be designed such that it does not allow deciphering of any information offline

Federated Architecture & Building Blocks

Approach to Unique Health Identifier (UHID)

In the health domain, the need for Unique Health Identifier (UHID) has been recognized for the purposes of uniquely identifying persons, authenticating them and threading their medical records across multiple systems and stakeholders.

UHID contains demographic details like name, father's / mother's/ spouse's name, date of birth/age, gender, mobile number, authentication route, email address, location, family ID and photograph, in line with the person resource defined by FHIR (please refer to Chapter 3 for relevant details of FHIR).

Uniqueness is a key attribute of UHID, and the algorithm that issues a UHID must try to return the same identifier for the individual in all scenarios. The design of UHID may leverage existing multiple identifiers including Aadhaar, PAN card, Ration Card, Electors Photo Identity Card (EPIC) etc., for designing the structure and processes relating to UHID, subject to conformity with the regulatory requirements.

The existing identifiers may be utilized to generate various 'levels of confidence' to uniquely identify the patient duly following the 2 principles:

• 'No denial of Health Service to anyone in any scenario'.
• No scope for medical errors arising out of wrong identification of the patient.

As an identity system, UHID can opt for one of the three system archetypes – centralized, federated and decentralized. A comparative analysis of the three archetypes is shown Annexure IV. It is recommended that the centralized approach is adopted for the following benefits:

• It is easier for a single organization to provide and manage identifiers across the country maintaining uniqueness
• When supported with adequate institutional mechanisms and checks, it evokes higher trust and authenticity

Standards & Regulations

Objectives of Standards and Regulations

The National Digital Health Blueprint envisages the evolution of an entire eco-system in the health sector to provide a wide range of services to the stakeholders in a digitally enabled manner. Creation of such an eco-system, in a heterogeneous and multi-level environment that exists in India, can happen only through a multi‐pronged approach through the efforts of many actors acting in sync. The Building Blocks of NDHB defined in Chapter 2 need to work in unison in an interoperable manner if all the digital services must be realized for the benefit of all the stakeholders, especially the citizens. Such seamless and boundary‐less interoperability is possible only if all the building blocks and the digital systems are built using the defined standards.

The objective of this Chapter is to define the standards required for ensuring interoperability within the National Digital Health Eco-system. Adoption and implementation of standards in the health domain is a relatively slow process, as observed from the experiences of some of the countries that embarked on the same. Given this, it is proposed to recommend a set of minimum viable standards in the initial stages.

Given the sensitivity of personal and health- related data, appropriate recommendations are made with respect to the regulations to be complied with by the actors in the digital health eco-system.

Standards & Regulations

Framework & Scope of Standards

The scope of National Digital Health Initiative, the digital services envisaged by it, its guiding principles and Building Blocks have all been identified and defined in the earlier Chapters. The scope of the standards is defined keeping the foregoing in view. Table 3.1 depicts the areas chosen to define the standards for the NDHB.

Appropriate recommendations are also made on the aspects relating to adoption and implementation of the Standards.

Standards & Regulations

RECOMMENDED STANDARDS

Standard for Consent Management

The consent of the citizen plays a major role in ensuring that collection of data is done in a manner consistent with legal rights of the patient. It is also important to ensure that once collected, the data captured is used and disclosed (in an identifiable or anonymized form) in a manner appropriate in law and preserving the citizen-directed constraints. Towards these, the standards shown in Table 3.2 are recommended for designing the systems and workflows required for consent management:

The above standard should be implemented in a way consistent with the applicable laws such as Information Technology Act 2000 (and its amendments), various directions, and rules of National Medical Commission and its State counterparts regarding patient consent and protecting patient privacy.

Standards & Regulations

Standards for Content & Interoperability

Data content plays a major role in availability of appropriate medical information to be used in healthcare, policy formulation and health analytics. The interoperability standards should support the major clinical artefacts used globally. The standards should additionally support extensions to it for any national needs such as country specific clinical data elements, fields, records and value sets.

Interoperability in the context of digital health is of two types, viz. technical interoperability and semantic & syntactic interoperability. This section defines the minimum requirements of interoperability of both the types.

a. Technical Interoperability

Technical Interoperability is substantially defined in IndEA and its basic requirements are mentioned briefly here:

• The Interoperability Standards defined by IndEA Framework shall be adopted by all systems constituting the NDHE. This should preferably be a mandatory requirement for registration of the entities involved.
• NDHE seeks to connect varied systems developed using different technologies and on different platforms. The standards should therefore support integration of all such systems. This reduces complexity and change management of all the implementers.
• The standards should be agnostic to the underlying infrastructure relating to computing, storage and networking. Implementers should be able to incorporate the standard on top of their existing solutions.
• The blueprint recommends a federated architecture for collecting and storing health information. While certain core datasets like registries, would be managed centrally, the bulk of information relating to citizen/patient health records would be maintained and managed in a distributed model, i.e. at state/regional centers or at the sites of the service providers. The repositories of NDHB shall support only records conforming to standardized formats of content.

b. Semantic & Syntactic Interoperability (Content)

Apart from technical interoperability, required for seamless exchange of clinical records, semantic interoperability standards shall be adopted for health-related terminology and formats

The Fast Healthcare Interoperability Resources (FHIR) R4 Specification is the latest standard for exchanging healthcare information electronically. It is built upon the HL7 series of standards and is considerably rationalized and simplified. Adoption of FHIR ensures that the electronic health records are available, discoverable, understandable, and structured and standardized to support automated Clinical Decision Support (CDS).

The building blocks of FHIR are Resources. FHIR specification defines a set of 13 modules with 143 resources, and the infrastructure for handling the resources.

The following recommendations are made in respect of adoption of semantic interoperability:

• FHIR Release 4 should be adopted with any future errata(s) for all health-related information sharing/exchange.
• For quick implementation a small but necessary set of health record artefacts shall be taken up first.
• Other artefacts may be taken up in phased manner to ensure early roll-out, easy adherence by implementers (source of data/record), and to enable spreading of the associated costs over a period.

A set of 8 essential and minimum classes of health record artefacts should be notified for data capture in NDHB. The list of health record artefacts prioritized and mapped to the suggested corresponding FHIR resources is shown in Table 3.3. Depending on health record Table 3.3 Health record artifacts mapped to FHIR resources artefact requirement, other relevant FHIR Resources (not explicitly mentioned here) may also be used.

c. Content & Interoperability Standards

Apart from standards for content, it is necessary to define the standards required in the major areas of healthcare, namely, diagnostic content, terminology and codes for statistics and laboratory tests. These standards are specified in Table 3.4.

Standards & Regulations

Standards for Privacy & Security

Preservation of privacy of patient’s healthcare is an important consideration that needs to be incorporated in the overall design and implementation of the Blueprint. The standards and various operational requirements for privacy and data security are specified in Table 3.5.

Standards & Regulations

Standards for Patient Safety & Data Quality

Quality in healthcare services and safety of electrical‐medical equipment are of utmost importance in the NDHB. Electrical-medical equipment used in the NDHE should be safe for the patient and para‐medical personnel and against safety hazards like electric shock, harmful radiation, excessive temperature, implosion, mechanical instability and fire. Bureau of Indian Standard has published 38 standards in this area. These standards are either an adoption or technical equivalent of the related IEC standard. The work on some additional standards is ongoing in IEC/TC 62. At present, the certification against these safety standards is not mandatory in India. Keeping importance of safety of such equipment, safety certification of the equipment may be made mandatory for participation in NDHE.

Delivery of standardised care / treatment provided to patient can go a long way in ensuring safety of patient throughout treatment and instil confidence in patient and care provider towards diagnosis and treatment, among other benefits. The Standard Treatment Guidelines (STGs) issued by public health authorities should be incorporated into clinical treatment and IT system workflow for standardisation of treatment / care given to Patient and reporting to public authorities where required.

Standards & Regulations

Availability of Standards

Most of proposed standards except FHIR are already part of EHR Standards for India 2016 notification. All proposed standards are open specifications from respective Standards Bodies and are internationally supported. The ISO/BIS standards are readily available. Use of SNOMED CT is free as India is already a member country.

Standards & Regulations

Enablers of NDHB

Other than standards, various architectural, design and operational recommendations are shown in Table 3.6 to ensure cohesiveness of the Blueprint:

Standards & Regulations

Recommended further work on Standards

While an attempt has been made in this Chapter to deal with the core and minimal standards required in the initial phases of implementing the Blueprint, further work of creating appropriate policies is needed in the following areas:

1. Structure of Core Health Records for AYUSH and Wellness related information and Indexes to be maintained centrally
2. Policy for digitization of legacy or non-standardized (free-text/paper) health record
3. Policy for storing heavy records (PET/MRI/CT)
4. Policy for making the EHR System citizen-controlled
5. Policy for emergency access to the records
6. Policy for use of records for research (anonymization & de-identification) and analytics
7. Policy for record retention and archival
8. National Safety Certification Infrastructure for Electrical-Medical Equipment
9. MoHFW when revising EHR Standards for India 2016 may include FHIR R4

Institutional Framework

Background

An ambitious initiative like NDHB can materialize only if the right institutional framework is put in place. The following factors should be considered in suggesting the right organizational structure:

• Evaluation of capabilities of existing organizations handling large scale health IT systems to be considered as potential candidates for implementing the Blueprint
• Identification of the gaps between the existing capabilities in the identified organizations and that required for the Blueprint and analysing whether such an organization could be re-organized and strengthened to carry out the task.
• Whether we would require an entirely new organizational entity to drive this initiative.
• Learning from international experiences of creating similar institutions
• Designing a governance and operational structure that could accommodate the concerns of a wide variety of stakeholders and yet be operationally nimble enough to adapt to a complex business environment and ever‐changing technological ecosystem.

An evaluation was done of the existing organizations such as CHI and CBHI which are handling health data and housed within the Ministry of Health and Family Welfare, Government of India. A comparative analysis has also been done of all the national organizations handling large data. Additionally, focus has also been on reviewing the international experience in creating Electronic Health Record (EHR) structures (especially studying the South Korean model of EHR structure). It is observed that any new organization will need to have certain attributes by design:

• financial independence,
• ability to get the right personnel and retain them,
• staying ahead of the technology curve,
• speed and productivity in implementation,
• promoting ownership on the part of the user community within the new structure and the institutions supporting them,
• cost and time effectiveness

At the outset, it is proposed that the entity to be charged with the responsibility of implementing NDHB be called ‘National Digital Health Mission’ (NDHM), to connote the missionary approach required for its successful implementation.

In a nutshell, it is important to underscore that the success of NDHM is dependent on its wide adoption by both Centre and State, public as well as private entities. Its adoption rests heavily upon the clear definition of the role and responsibilities of NDHM. To establish a clear mandate for the NDHM, the following key components, roles and responsibilities are envisaged:

The responsibilities of the NDHM will include:

• Promoting establishment of the core technology components and standards for collection of core health data by the providers and patients
• Facilitating interoperability of healthcare data through a unique identifier for the provider and patient across the health system
• Facilitating linkage and consolidation of health records generated in various national programs of the Central and State Governments, besides the records generated by the private hospitals, labs and other service providers
• Improving the quality of health data collection, storage and dissemination for purposes of research and policy decisions
• Publishing national indicators for health, to measure quality of care and progress against policy initiatives and SDG Goals
• Capacity building on health informatics, safety, security and privacy

Institutional Framework

Essential Elements of the National Digital Health Mission (NDHM)

The Institutional Framework of the NDHM will have to operate at two levels, namely the Governance level and the Implementation level.

The Governance architecture of NDHM should comprise of the following elements for it to be a successful enterprise:

• Clear and well-defined leadership structure with reasonable autonomy
• Clear demarcation of roles and responsibilities
• Separation of policy, regulatory and operational functions
• Decentralized leadership and decision making
• Robust and transparent processes and systems

The implementation architecture of NDHM must incorporate key elements such as a clear leadership structure, convergence between core ministries and departments, citizen-centric approach and services, conductive policies, legal and regulatory frameworks, appropriate technology architecture, information management and security, infrastructure expansion, planning, monitoring and evaluation in a comprehensive manner.

Institutional Framework

Global Experiences

Over the past two decades there have been several Digital Health initiatives that were launched globally to improve the quality of health care and bring down the healthcare costs. While some countries like the United States are ahead of the curve in terms of the availability of Information and Communication Technology (ICT) infrastructure, other countries are in the process of reforming their respective health care sector using IT as a key component of the process.

In England, the National Health Services-Digital (NHS Digital) is the national provider of information, data and IT systems for commissioners, analysts and clinicians in health and social care. It provides digital services for the NHS, including the management of large health informatics programmes. They deliver national systems through in‐house teams, and by contracting private suppliers. These services include managing patient data, the NHS Spine, which allows the secure sharing of information between different parts of the NHS, and forms the basis of the Electronic Prescription Service, Summary Care Record and Electronic Referral Service.

In South Korea, the Ministry of Health and Welfare (MOHW) created a specialized organization to maintain EHR. Several advisory committees were created for providing policy directions and expert opinions. Two centres were created for carrying out system development and the related researches: Implementation Centre for Development and Research, and Development Centre for EHR. South Korea has been successful in developing their digital health infrastructure due to reliable and cost‐effective IT platform, user-friendly application systems, standards, laws, budgets, and strong support from various stakeholder groups such as the Korean Medical Association and citizens’ groups.

The experiences of NHS Digital in England, Canada and the South Korean Model are particularly relevant for India and what we intend to achieve through the proposed NDHM.

Institutional Framework

Indian Scenario: Comparative Analysis of existing Organizations

India has made remarkable progress in the Information & Communication Technology (ICT) space over the past two decades. The IT revolution in India has also had a positive impact on the public sector governance architecture in India which led to some transformational initiatives like Unique Identification Number (UID-Aadhaar) for almost all the residents of India, IT enabled platform for GST, IT systems integration in banking sector and IT‐enabled public service delivery.

While India has pockets of IT excellence within the public sector the application of IT enabled systems has not been uniformly adopted across the entire governance system. The IT initiatives in the health sector in particular, have been fragmented and compartmentalized hindering the realization of the full potential of ICT.

To develop a robust Institutional Framework for the National Digital Health Infrastructure it is imperative to understand and analyse the institutional framework of existing organizations that have been successful in implementing IT-enabled services for the citizens. A detailed analysis of 8 existing organizations implementing IT enabled services (namely, NSDL, UIDAI, GSTN, NIHFW, NPCI, NIC, CHI and NHA) (Annexure: VI) has been done along 3 different dimensions, namely

1. Nature of legal entity, ownership, mandate and services provided
2. Suitability of the organization/ its Model w.r.t the needs of NDHM
3. Pros and cons of choosing an existing institution Vs creating a new institution.

Following the analysis of the organizations it is concluded that none of the organizations in its current form can take on the responsibilities of such large-scale implementation of the specialized task of realizing NDHB. However, it is instructive to pick up some specific features of these organizations, which are relevant and essentially required for implementation of NDHB.

Institutional Framework

Recommended Institutional Framework of NDHM

Given the federal nature of Indian government and the fact that (a) Health is a state subject, and (b) it is necessary to incorporate private sector (both service providers and insurance), it is felt that an institutional framework which is a hybrid of GSTN, UIDAI and NPCI should be considered. The following factors weighed with the committee in this regard:

• Study of international institutional frameworks is suggestive of separation of regulatory and implementation bodies. While regulatory body takes care of policy making and policy administration, the implementation body should stay close to market for voluntary adoption; build best technical solutions and processes around products (building blocks), with security and privacy being of great importance.
• The model Institution should have a legal backing with right level of focused leadership, to allow the necessary independence for hiring the best technical staff at market rates, manage human resources, access to enough funds and ability to co-opt the private players.

Following the analysis of existing Indian organizations and reviewing the international case studies, it is proposed that the National Digital Health Mission should be set up as a new organization. The following further suggestions are made:

1. To avoid duplication of activities the existing organizations handling electronic records and with similar functions should be subsumed in the new organization.
2. It is essential that both the Central and State Governments be the joint owners or stakeholders in this new organization.
3. A combination of the GSTN and UIDAI models of institutional structure is suitable for National Digital Health Mission.
4. Given the sensitivity of health data involved, Government should have complete ownership of the proposed institution with flexibility to attract private sector talent at appropriate levels of implementation, with adequate safeguards.
5. While the organization may be established as a Mission initially, it can be converted into a National Digital Health Authority, a statutory body, at an appropriate time in its evolution.
6. The Structure of the Organization should include two separate arms - one for regulation and the other for operational management as shown in Figure 4.1

Figure 4.1 Vision and Mission of NDHM Organization

Institutional Framework

Roles and Responsibilities within the Institutional Framework

The roles and responsibilities at various levels of NDHM are suggested in Table 4.2

Institutional Framework

Core Digital Services

The value of a Mission such as NDHM will be realized through the quality of the core services it offers to the stakeholders, and facilitates the design, development and delivery of digital health services to the end users. NDHM will be shaped as the Technology Arm of the Health Sector of India. As such the focus of NDHM shall be primarily on the Core Technical Services it offers to the various organizations comprising the NDHE, in the public, private and NGO Sectors. However, given the nature of NDHB, it is necessary for the Mission also to make available to the stakeholder community certain generic/common applications relating to the health domain, to avoid duplicative efforts by multiple States/organizations. Such common services shall be reusable, multi-tenant, open source, and standards-compliant.

While an exhaustive list of the digital services to be offered or promoted by NDHM will call for a stakeholder consultation and detailed deliberations, the Committee thought it fit to provide an illustrative list of the Digital Services. The list is shown in Annexure VII.

Institutional Framework

Leveraging Emerging Technologies

Significant efforts are going on across the world to deploy the emerging technologies for improving the performance of the health sector. These technologies currently include artificial intelligence, machine learning, internet of things (IoT) and big data. It is essential that a major initiative like the NDHB should leverage these emerging technologies in an appropriate way at the earliest opportunity. While blockchain technology has been much talked about, its efficacy in addressing the issues of the health domain will also be explored.

There is a speedily growing innovation sector in India in the form of large number of startups, many of which are focused on developing innovative solutions for the health sector. It is essential that these creative talents are leveraged and tapped for the rapid growth of digital services in health sector that will contribute to convenience, value-added services and cost effectiveness.

To enable the same, it is recommended that

1. An Innovation Wing may be created within the proposed structure of NDHM, with the responsibilities of (i) keeping abreast of the developments in the emerging technologies, with a special focus on their efficacy in the health sector; (ii) undertaking PoCs in the deployment of emerging technologies and (iii) creating sandbox environments for entrepreneurs to try out these technologies.
2. A policy on Value-Added Services (VAS) may be brought in allowing for (i) identification and notification of areas where VAS would be possible and viable; (ii) registration of startups and developers who intend to develop VAS; (iii) publishing selected APIs to enable the registered developers to develop and provide VAS to the stakeholders.
3. A special focus may be laid by NDHM to leverage the opportunities available to use AI in several different areas, like for instance, (i) empowerment of field functionaries to provide more effective extension services in the rural areas, and (ii) developing userfriendly and trustworthy clinical decision support systems.

Institutional Framework

Critical Role of State/UT Governments

Health is a concurrent subject under the Constitution of India. Several of the recommendations made in NDHB need to be accepted and implemented by the State/UT Governments. It is therefore recommended that an appropriate structure may be designed for a concerted action by the central and state governments for the successful implementation of NDHB. This is particularly important in view of the need for a widespread adoption of health informatics standards and of the building blocks of NDHB. Such a coordinated action is also required to ensure that the fundamental premise of federated architecture adopted by NDHB succeeds at the ground level. An equally important area needing close coordination between the Centre and the States is the security and data protection obligations envisaged under NDHB.

While representation in Figure 2.2 makes an attempt to bring out the nature of responsibilities to be undertaken at the central and state level, a granular definition of these responsibilities has to be done by the Ministry, during the planning phase (see Table 5.1 - Year 1)

Institutional Framework

Financing Model

National Digital Health Infrastructure is a public good. Its funding model must reflect this. In the earlier years, it must have budgetary support from the Government of India to get the core components of the National Digital Health Infrastructure built and operational.

A study was conducted to understand key cost components associated with the set up and running of organizations such as GSTN, UIDAI, NHA etc. to assist in the estimation of budgets required to support successful formation and running of the National Digital Health Mission.

It was observed that development cost (capital cost), people and property (operating costs) formed the major cost components of such organizations. For the NDHM to be successful it will be important to undertake outreach activities with public and private sector players. The NDHM will have to co‐opt market players like MedTech companies, NGOs, Foundations working in Health space as it builds the public utilities in the form of Registries, EHR, Health ID and Health Information Exchange etc. The outreach organization will have to have strong presence in all the states to ensure adoption of public utilities both by the state govt. as well as the Health ecosystem players.

If the new organization raises a part of its funding through a transaction fee, it drives a service orientation within the organization. However, it must be done without the risk of diluting the public good nature of the institution. This can be done by using the concept of toll pricing model where no profit-making is allowed.

Institutional Framework

Criticality of Capacity Building and Change Management

Implementing NDHB is a gigantic matter given the size, complexity of the sector and the diversities across the country. NDHB proposes a fairly complex system that can be realized through high quality expertise flowing into the Architecture, Design and Development phases, not merely within NDHM organization but across all the stakeholder organizations, in a concerted and coordinated way. This requires a carefully designed Capacity Building Plan to be undertaken widely.

Given that significant changes would be called for in the existing processes and systems and in the mind-set of the people currently managing the same, a highly professional approach is needed in the area of Change Management. Adequate budgetary resources need to be provided for Capacity Building and Change Management.

Institutional Framework

Need for Proof-of Concept and Sandbox Environment

Again, given the significant number and complexity of most of the components and building blocks of the NDHB, attempting to implement all of them at a time is fraught with a high risk of failure, not only on the technology front but also on the people side as well as on the regulatory aspects. It is therefore strongly recommended that the NDHM shall undertake a few PoC’s in respect of all the critical components, before production level designs are made. In addition, a set of environments in the form of a set of regulatory sandboxes and technology sandboxes in selected areas.

Institutional Framework

Recommendations in summary

The suggested model for the implementation of the National Digital Health Mission (NDHM) is as shown in Table 4.3

The recommendations are as follows:

1. NDHM should be a completely government owned body to ensure appropriate control within Govt. (centre and states) as well as independence to deliver technology infrastructure within stipulated time frames and a business development orientation to co-opt the private players in the health eco-system.
2. The Institutional structure must include an organization with two different arms - one to handle the policy and regulations and the other for operations and service delivery.
3. Focus on providing concrete value to all players in the health ecosystem (centre and state, private and public, service providers, insurance and citizens) through reduction in transaction costs, availability of core infrastructure and standards as public good and simple processes for easy adoption are more likely to bear desired results.
4. Setting up a new organization to implement the National Digital Health Blueprint.

NDHM Action Plan

Purpose

Any blueprint is as good as the systematic way in which it is planned and implemented. Preparation of a high-level action plan is therefore considered to be an essential part of the National Digital Health Blueprint. The action plan outlined in this Chapter seeks to serve the following purposes:

1. The Action Plan enables crystallization and definition of the scope and outcomes of the initiative and to identify the methods to be deployed for the implementation of the Blueprint;
2. It provides the approach to prioritization of various activities required to fulfil the vision and objectives of the initiatives;
3. It paves the way for the establishment of the institutional structure at the earliest;
4. It identifies the core building blocks of the Blueprint and guides the action to put them in place in a logical sequence;
5. It forms the rallying post around which can be created a widespread awareness of NDHB;
6. It speeds up the process of creation of the critical mass of capacities and capabilities required for a smooth implementation of NDHB.

This Chapter outlines the approach to address the above purposes effectively.

NDHM Action Plan

Scope

The NDHB described in the previous chapters indicates, at different places, the contours of the scope of work to be done if a digital health eco‐system is to be established in the country. It is necessary to identify, collate and analyse all these work items to know the precise scope of NDHM. The following requirements culled from the previous chapters help us define the Scope more precisely:

1. Health and Well-being for all;
2. Health and Well-being at all Ages;
3. Universal Health Coverage;
4. Citizen-centric Services;
5. Quality of Care;
6. Accountability for Performance;
7. Efficiency and Effectiveness in delivery of services;
8. Creation of a holistic and comprehensive health eco-system.

The Action Plan must be designed to ensure that the scope as above is well-served.

NDHM Action Plan

Expected Outcomes

It is essential that clear outcomes are laid down for a major initiative like the NDHM, so that all the stakeholders can work towards achieving a common set of goals. The outcomes listed here are again culled from the previous chapters and collated for a holistic view. The various artefacts and deliverables of NDHM should be designed and developed in such a manner as to enable us to move in the direction of the outcomes.

1. All citizens should be able to access their Electronic Health Records in a convenient manner;
2. Leveraging longitudinal health record data, a citizen to be facilitated and he / she need not undergo diagnostic tests repeatedly unless warranted;
3. Citizens should be able to aggregate health data in a single application (EHR) though multiple agencies/ departments/ services providers are involved where the data Is generated;
4. NDHM shall assure continuum of care to the citizens, across primary, secondary and tertiary care and across public and private service providers;
5. A framework for Unified Communication Centre will be prepared to facilitate voicebased services and outreach;
6. NDHM shall support national portability for healthcare services;
7. Privacy of personal and health data, and consent-based access of EHRs will be the inviolable norm that shall be complied by all systems and stakeholders;
8. NDHM will be aligned to the SDG's related to health;
9. NDHM will enable evidence-based interventions in the area of public health;
10. Above all, the analytical capabilities of NDHM will support data-driven decision making and policy analysis.

NDHM Action Plan

Methods & Instruments recommended by NDHB

Adoption of methods established in the health and IT domains would enable a systematic implementation of the blueprint. The following methods have been recommended by NDHB:

1. Federated architecture
2. Unique Health Id (UHID)
3. Electronic Health Records (EHR)
4. Metadata & Data Standards (MDDS)
5. Health informatics standards
6. Registries for NCDs
7. Directories of providers, professionals and para-medicals
8. Legislation and regulations on data management, with focus on privacy and security
9. Data analytics

Parallel streams of activities need to be initiated on all the above items.

NDHM Action Plan

Suggested 5-Year Action Plan

The essence of an action plan is the list of actions or deliverables, the timelines and responsibilities for the same. The Action Plan turns the Blueprint into an actionable document through these deliverables. A list of 'deliverables' is given in the Table 5.1, in the form of an indicative 5-year action plan. The following explanatory notes enable a correct appreciation of the action plan

1. Specific and granular responsibilities can be firmed up after an organizational structure is put in place by the Ministry. As alluded to in Chapter 4, some of the early deliverables need to be worked upon by an 'interim organization', so as not to delay the implementation phase.
2. The NDHB contains several other components, which have not been included in the NDHM action plan, as the responsibility for the same rests on the State Governments, health service providers, or the IT Industry.
3. While some of the deliverables listed below fall within the direct responsibility of NDHM, others require only facilitator/ enabling action by the NDHM with implementation responsibilities lying with the other entities.

Year 1 (Planning & stabilizing NDHM)	Year 2 (Pre-requisite infrastructure)	Year 3 (Execution)	Year 4 (Analytics & Innovation)	Year 5 (Sustenance & Research)
Approval of National Digital Health Mission (NDHM) and its operationalization. Design and development of federated enterprise architecture, adopting Agile IndEA Framework. Design of core building blocks of NDHB (to be identified) and defining their standard interfaces Assessment of legacy systems for conformity with NDHB. Design and notification of NDHM Security & Privacy Policies Design and development of consent management framework	Designing and establishing Unique Health Identifier(UHID), directories of health professionals & health institutions Design and implement federated health cloud & secure network infrastructure. Enhancing of legacy systems to conform to NDHB Principles, and interoperable Implementation of a plan for adoption of health informatics standards including Electronic Health Record (EHR) for citizen with family folders Design and notification of NDHM Security & Privacy Policies Design and development of consent management framework	Establishing Health Information Exchange (HIE) Design, develop and launch Common Applications Establish health app store Design and implement capacity building plan Establish the repository of standards, API’s, metadata and data dictionaries	Implementation of artificial intelligence enabled clinical decision support systems Designing and developing health analytics platform Design and develop anonymization methodology for health data analytics Establish Security and Privacy Operations Centre (SOC), Network Operations Centre (NOC) and Privacy Operations Centre (POC) Design and notification of Framework for value-added services	Ensuring continuum of care Continued Research Sustenance of operations

Table 5.1 Suggested Acton Plan for NDHM

Annexure

Annexure I

Composition of the Committee on NHS

The Ministry of Health & Family Welfare, through its Office Memorandum T-21 016178/2018 eHealth dated 12th November 2018, constituted a Committee on NHS, with the following composition:

Annexure

Annexure II

Composition & ToRs of the Sub-Groups formed by the Committee

Annexure

Annexure III

Comparative analysis of 4 Initiatives on facility registries

Annexure

Annexure IV

Comparative analysis of 3 archetypes for UHID

Annexure

Annexure V

Mistakes to be avoided in designing EHR

Annexure

Annexure VI

Status of 8 existing IT-driven organizations

Annexure

Annexure VII

Illustrative list of digital services to be provided by NDHM

Annexure

Annexure VIII

Indicative set of principles of governance of federated architecture

1. Federated Architecture (FA) operates collaboratively where governance is divided between a central authority and constituent units, balancing organizational autonomy with enterprise
2. The Central Authority's architecture can focus on the dynamics of economies of scale, standards, interoperability and the common requirements, while the constituent units' (States and Facilities) architectures have the flexibility to pursue autonomous strategies and independent processes
3. Participating members can jointly agree upon the common goals and governance of the federation which is expressed by the policies governing the roles and responsibilities of membership, resource discovery, and resource access
4. There is an administration role whereby federation membership, resource discovery, and resource access can be granted or revoked according to governance policy
5. States and facilities can participate in a federation by selectively making some of their resources discoverable and accessible by other federation members
6. While the purpose of a federation is to collaborate and share resources, resource owners retain ultimate control over their own resources
7. The design of all the systems in the federation shall conform to the prevalent laws and regulations relating to security, privacy and data-sharing