Article Text

Download PDFPDF

Rebooting consent in the digital age: a governance framework for health data exchange
  1. Nivedita Saksena1,
  2. Rahul Matthan2,
  3. Anant Bhan3,
  4. Satchit Balsari1,4
  1. 1Harvard TH Chan School of Public Health, FXB Center for Health and Human Rights, Boston, Massachusetts, USA
  2. 2Takshashila Institution, Bengaluru, India
  3. 3Centre for Ethics, Yenepoya (Deemed to be University), Mangalore, Karnataka, India
  4. 4Department of Emergency Medicine, Harvard Medical School / Beth Israel Deaconess Medical Center, Boston, Massachusetts, USA
  1. Correspondence to Dr Satchit Balsari; balsari{at}


In August 2020, India announced its vision for the National Digital Health Mission (NDHM), a federated national digital health exchange where digitised data generated by healthcare providers will be exported via application programme interfaces to the patient’s electronic personal health record. The NDHM architecture is initially expected to be a claims platform for the national health insurance programme ‘Ayushman Bharat’ that serves 500 million people. Such large-scale digitisation and mobility of health data will have significant ramifications on care delivery, population health planning, as well as on the rights and privacy of individuals. Traditional mechanisms that seek to protect individual autonomy through patient consent will be inadequate in a digitised ecosystem where processed data can travel near instantaneously across various nodes in the system and be combined, aggregated, or even re-identified.

In this paper we explore the limitations of ‘informed’ consent that is sought either when data are collected or when they are ported across the system. We examine the merits and limitations of proposed alternatives like the fiduciary framework that imposes accountability on those that use the data; privacy by design principles that rely on technological safeguards against abuse; or regulations. Our recommendations combine complementary approaches in light of the evolving jurisprudence in India and provide a generalisable framework for health data exchange that balances individual rights with advances in data science.

  • health policy
  • public health

Data availability statement

All data relevant to the study are included in the article.

This is an open access article distributed in accordance with the Creative Commons Attribution Non Commercial (CC BY-NC 4.0) license, which permits others to distribute, remix, adapt, build upon this work non-commercially, and license their derivative works on different terms, provided the original work is properly cited, appropriate credit is given, any changes made indicated, and the use is non-commercial. See:

Statistics from

Request Permissions

If you wish to reuse any or all of this article please use the link below which will take you to the Copyright Clearance Center’s RightsLink service. You will be able to get a quick price and instant permission to reuse the content in many different ways.

Data availability statement

All data relevant to the study are included in the article.

View Full Text


  • Handling editor Soumitra S Bhuyan

  • Twitter @NiveditaSaksena, @Satchit_Balsari

  • Contributors NS and SB conceptualised and wrote the first draft of the manuscript. RM and AB revised it critically for important intellectual content. All authors agreed with the conclusions of this article. The corresponding author attests that all listed authors meet authorship criteria and that no others meeting the criteria have been omitted.

  • Funding The authors have not declared a specific grant for this research from any funding agency in the public, commercial or not-for-profit sectors.

  • Competing interests All authors have completed the ICMJE uniform disclosure form at; NS and SB report grants from Tata Trusts and Dell Giving outside the submitted work.

  • Provenance and peer review Not commissioned; externally peer reviewed.