RECONSIDERING CONSTITUTIONAL PROTECTION FOR HEALTH INFORMATION POLICY AND PRIVACY
Author: Alankrita Katiyar, III year of BBA.,LL.B(Hons) from University of Petroleum and Energy Studies(UPES), Dehradun.
In this pandemic situation of corona outbreak, various major like lockdown, testing, quarantine had been taken so that corona can be contaminated. Seeing the situation going out of flow, the Government had launched various health information policy so that the spread of corona can be stopped, but at the same time all these initiatives taken by government pose a threat to the personal data and privacy of citizens. It had been clearly understood by all of us that governments want to give utmost importance to the health of people as compared to privacy in this challenging time, but at the same time, the privacy of an individual cannot be compromised for so long. So the current situation is all about Health v Privacy which means that this pandemic situation has forced all of us to think whether we want Health over privacy or Privacy over health.
To get rid of this challenging situation is contact tracing. It can actively identify hotspots and can help in localized decision making without stressing more resources. According to a recent report by Access Now, public authorities are trying to adopt technological solutions in tracing a novel coronavirus in the following ways:
A. Collection, use and dissemination of people’s personal health records and related information;
B. Tracking of location data; and
C. Public-private partnerships towards building apps, websites and platforms to combat COVID-19.
Arogya Setu app is launched which enables your location so that whenever you come in contact with people infected with corona, you will be informed. It helps to identify positive corona patients by enabling your GPS and Bluetooth. For this they take personal information of an individual and people also use it because the government is promoting this so that people can use it. But imagine if certain information taken here is misused in the future, then what will be the stand of government. Arogya Setu application is clearly inconsistent with privacy-first efforts which are being considered by technologists and governments
Here, it becomes important to cite the Hon’ble Supreme Court’s judgement in KS Puttaswamy and Anr v Union of India. In this it was recognized the right to privacy as a part of the right to life and personal liberty protected under Article 21 of the India Constitution that the Supreme Court had decided the question incorrectly
in Kharak Singh v. State of UP that informational privacy was a part of this right to privacy. In past cases, privacy was used to protect specific interests, such as privacy from police visits at night in the Kharak Singh case or privacy from telephone tapping in PUCL v. Union of India. The Supreme Court’s judgment in Puttaswamy instead conceptualized privacy as a right worth protecting in itself. This case had made us think that privacy cannot be violated at any cost, and the data and information of a person is very personal and cannot be accessed at any cost.
Since this right to privacy has been originated out of the right to life, therefore it has scope and limitations similar to the right to life. Given that by the virtue of the 44th Constitutional Amendment Act, 1978 , the right to life can never be suspended even in the cases of national emergency, the right to privacy always enjoys this immunity. However, in these troubled times, when there is no proclamation of national emergency or any Emergency, and there is fear and a nationwide lockdown due to the outbreak of Coronavirus, the question arises whether the right to privacy can be suspended or undermined, and if so, can it still be limited in the interest of the general public? It also deems consideration as to what kind of limitations would be constitutionally permissible, especially when the right to privacy has acquired the status of a fundamental right. And this is the major concern as privacy is violated a number of times under the name of health.
In the case of Mr. X v. Hospital Z, the Court held in this case that patients had the right to confidentiality and privacy as regards their personal details.
The Internet Freedom Foundation (IFF) filed a representation with multiple authorities against the Ministry of Health and Family Welfare; and the Ministry of Housing and Urban Affairs, on the illegality of quarantine lists prepared and posted by the government on websites. IFF represented that they lead to discrimination, social destructions, denial of access to essential items, eviction from rented accommodations and cause harmful impacts on the concerned person and their friends and family.
Authorities have also used indelible ink to stamp people who have been ordered to quarantine themselves. Doing this can again push India to its past when HIV patients were seen as bad omen for society and can ruin an infected person's life.
At many states and cities, posters have been glued outside the homes of suspects mentioning their names, quarantine period and the number of people in the family who were told to remain in isolation. The posters start with ‘COVID-19: Do not visit. 'Home under quarantine’, and it is undersigned by the magistrate of the respective districts under which the suspects belong. Karnataka Government’s launched Quarantine Watch app. People under quarantine in Karnataka are required to download the application and share hourly photos. If person sends a wrong photo, then person can be transferred to a mass quarantine center, which is a very wrong thing to do. It violated all the privacy of a person. The same type of app Go Buddy is also launched by the Tamilnadu Government which allows you to access your GPS location. It has to be noted here that these people have just been quarantined and have not been tested positive.
In Kerala, authorities have reportedly used a combination of call records, phone location data and surveillance camera footage to check if people have been in contact with infected persons. Therefore, it had also noted that government is publishing a list of corona patient with their information on websites as well as in posters that they put outside patients house. It can be seen as a measure to be aware about public health, but if in the future if anybody misuse this information, then the government can be held responsible and due to such information a patient and person can be ill-treated also.
On 5 January, there occurred an instance on a technology portal when details of COVID-19 test results of tens of thousands of patients were leaked on the net through various multiple Delhi Government domains. Individual reports of lab tests were also accessible. But then too, no media follow-up happened on this significant issue.
What happened by accident in Delhi is very much similar to what Karnataka did during the pandemic: With the objective of supporting contact-tracing, the government went on publishing the addresses of those who had tested positive for COVID-19 in the state. The question of whether the right to privacy can be suspended during a pandemic, and how the duty of patient confidentiality is handled by their guardians of data during a pandemic was discussed in the media.
The National Digital Health Mission (NDHM) has a huge vision of leveraging technology to improve health. According to Prime Minister Modi’s Independence Day Address in August 2020, the Mission had an objective to link every diagnostic test, every illness episode, and every prescription by doctors to an individual voluntary health ID, access to which will be controlled by the patients. With the history of the patient and treatment details which is available at your fingertips, it is expected that the quality of care will improve tremendously.
The Ministry of Health and Family Welfare has mentioned that NDHM will liberate Indians from the challenges of finding appropriate doctors, seeking appointments, paying consultation fees, making several rounds of hospital visits for prescription sheets, etc. Currently it is tested across Union Territories; individual patients, doctors and healthcare providers who are expected to voluntarily register to be part of this centralized repository, the success of which will entirely depend heavily on people's trust in the integrity of the systems.
However, this dream of better-quality healthcare turns into a nightmare when every test, the details of every illness and every prescription which is linked to a single health ID is leaked to be available to anybody with access to the internet due to the failure of the system. A system failure which results in privacy breaches in the public sector often happens due to the lack of resources or trained personnel, but such type of leaks is by no means limited to the public sector.
In accordance with Article 45 of International Human Rights (IHR) states that States can disclose as well as process personal data which are essential for purpose related to assessing and managing of public health by following appropriate laws and safeguards. Under Section 3(e) of DISHA, digital health data does not include taking of personal identification details, but it can take personal identification number as defined in section 3(k) of DISHA, so that data which if sent to a private entity remains anonymously. Unless different stakeholders across the public as well as private sector start taking patient privacy seriously and improve patient confidence, NDHM may prove to be a damp squib, despite its spectacular promise. In this pandemic situation, state from its end is fulfilling basic needs of every citizens under Part III of the Indian constitution. But the state and center both should coordinate with each other effectively to prioritize the citizen rights in such a way so that this condition does not last for long. Hence, changes in the Health information Policy have to be made so as to ensure the safety of people in the future, which will improve the medical infrastructure and policies of the country. To ensure the public health of citizens, state should take precautionary measures related to health surveillance such that individual privacy is not hampered.