National Digital Health Blueprint

Ministry of Health & Family Welfare

Government of India
April 2019
 Preface
The National Health Policy 2017 (NHP 2017) envisages the goal of attainment
of the highest level of health and well-being for ALL at ALL ages, through
increasing access, improving quality and lowering the cost of healthcare
delivery. The key principles of NHP 17 include universality, citizen-centricity,
quality of care and accountability for performance. The policy lays significant
emphasis on leveraging digital technologies for enhancing the efficiency and
effectiveness of delivery of all the healthcare services. While recognizing the
deficiencies that exist in the current health care systems the policy
recommends a paradigm shift from the existing silos systems to a holistic and
comprehensive health eco-system, founded on the latest digital architectures
and technologies.

While the efforts in deploying technology for healthcare have been

continuous and widespread, the benefits have been highly localized and
fragmented. The citizen cannot access his health records speedily nor store
them conveniently. In the absence of an integrated system, the service
providers undertake diagnostic tests afresh and create isolated medical
records enhancing the burden on the citizen significantly. Health service
providers in the public and private sectors do not have an aggregated and
complete view of the data for providing efficient health services to the
citizens. Governments, Central and State alike, do not have reliable and
complete data for policy analysis and evidence-based interventions.

The need of the hour is to elevate the existing systems from providing
disparate electronic services to integrated digital services. We need to clearly
adopt the principles of Enterprise Architecture, if we must leverage the digital
technologies to achieve the vision of NHP 2017. While setting specific goals for
the health sector in alignment with SDG’s to be achieved over the next 5 years
in vital areas such as life expectancy, IMR, MMR, TFR, immunization,
malnutrition and disease control, the NHP 2017 has also prescribed such
specific goals for adoption of digital technologies. These include creation of
district-level electronic databases, establishing registries for all diseases of
public importance and most significantly, ‘establishing Federated National
Health Information Architecture, to roll-out and link systems across public and
private health providers at State and National levels consistent with Metadata
and Data Standards (MDDS) & Electronic Health Record (EHR)’. The policy also
envisages leveraging ‘the potential of digital health for 2-way systemic
linkages between primary, secondary and tertiary care to ensure continuity of
care’.

Against the above background, the Committee constituted by the Health

Ministry to create an implementation framework for the National Health Stack
(NHS) proposed by NITI Aayog, has come up with the National Digital Health
Blueprint, after surveying the global best practices in adoption of digital
technologies holistically. The blueprint is not merely an ‘architectural
document’. It has specific details of the building blocks required to fulfil the
vision of NHP 2017 as also the institutional mechanism and an Action Plan for
realizing Digital Health in a comprehensive and holistic manner. The key
features of the blueprint include a Federated Architecture, a set of
architectural principles, a 5-layered system of architectural building blocks,
Unique Health Id (UHID), privacy and consent management, national
portability, EHR, applicable standards and regulations, health analytics and
above all, multiple access channels like call centre, Digital Health India portal
and MyHealth App.

The mandate of the National Digital Health Mission recommended in this

report is a balanced combination of designing, developing and realizing
certain pure-play Technology Building Blocks and the essential Domain
(Health) Building Blocks.

The National Digital Health Blueprint keeps the overall vision of NHP 2017 in
perspective and recommends a pragmatic agenda to start with, adopting the
principle of ‘Think Big, Start Small, Scale Fast’. It forms the foundation on
which the edifice of an entire National Digital Health Eco-system can be built
in a phased manner.

I wish to acknowledge the contribution made by all the members of the

Committee and several other experts who have enriched the discussions.

J Satyanarayana
Chairman of the Committee
 Table of Contents

EXECUTIVE SUMMARY…………… PAGE 1

CHAPTER 1………………………….PAGE 5
CONTEXT & SCOPE OF NATIONAL
DIGITAL HEALTH BLUEPRINT

CHAPTER 2…………………………PAGE 13
IDENTIFICATION & DEFINITION OF
BUILDING BLOCKS

CHAPTER 3…………………………PAGE 27
STANDARDS & REGULATIONS

CHAPTER 4…………………………PAGE 35
INSTITUTIONAL FRAMEWORK

CHAPTER 5…………………………PAGE 43
NATIONAL DIGITAL HEALTH
MISSION ACTION PLAN
 Abbreviations
ASHA Accredited Social Health Activist
BIS Bureau of Indian Standards
CBHI Central Bureau of Health Intelligence
CHI Centre for Health Informatics
EHR Electronic Health Record
FHIR Fast Healthcare Interoperability Resources
GSTN Goods and Services Tax Network
HIE Health Information Exchange
HL7 Health Level-7
HMIS Health Management Information System
ICD International Classification of Diseases
ICMR Indian Council of Medical Research
ICT Information and communications technology
IDSP Integrated Disease Surveillance Programme
InDEA India Enterprise Architecture
IRDA Insurance Regulatory and Development Authority
LOINC Logical Observation Identifiers Names and Codes
MCH Maternal & Child Health
MDDS Meta Data & Data Standards
NCDC National Centre for Disease Control
NDHB National Digital Health Blueprint
NDHE National Digital Health Ecosystem
NDHM National Digital Health Mission
NHA National Health Agency
NHP National Health Portal
NHRR National Health Resource Repository
NHS National health Stack
NIC National Informatics Centre
NIHFW National Institute of Health & Family Welfare
NIN National Identification Number
NPCB National Programme for Control of Blindness
NPCI National Payments Corporation of India
NSDL National Securities Depository Limited
PHI Patient Health Identifier
PHR Personal Health Record
PMJAY Pradhan Mantri Jan Arogya Yojana
SDG Sustainable Development Goals
SNOMED CT Systematized Nomenclature of Medicine-Clinical Terms
UHID Unique Health Identifier
UIDAI Unique Identification Authority of India
 Executive Summary
The National Health Policy 2017 had defined the vision of ‘health and wellbeing for
all at all ages’. Continuum of Care is a concept strongly advocated by the Policy.
These lofty ideals are sought to be achieved by refactoring the existing schemes
and introducing several new schemes including some digital initiatives. Citizen-
centricity, quality of care, better access, universal health coverage, and
inclusiveness are some of the key principles on which the Policy is founded. All
these aspirations can be realized principally by leveraging the power of the digital
technologies. In the context of India, with its size and diversity, this mammoth task
requires that a holistic, comprehensive and interoperable digital architecture is
crafted and adopted by all the stakeholders. In the absence of such architecture,
the use of technology in the health sector continues to grow in an uneven manner
and in silos.

Eco-System, not System!

In the above context, the Committee constituted by the Ministry of Health and
Family Welfare recognized the need for creating a framework for the evolution of
a National Digital Health Eco-system (NDHE) – an Eco-system and NOT a System!
The result is the National Digital Health Blueprint (NDHB), which is more than an
architectural document, as it provides specific guidance on its implementation as
well. NDHB recognizes the need to establish a specialized organization, called
National Digital Health Mission (NDHM) that can drive the implementation of the
Blueprint, and promote and facilitate the evolution of NDHE.

The Blueprint keeps the overall vision of NHP 2017 in perspective and
recommends a pragmatic agenda to start with, adopting the principle of ‘Think
Big, Start Small, Scale Fast’. To this end, it has been designed as a layered
framework, with the Vision and a set of Principles at the core, surrounded by the
other layers relating to Digital Health Infrastructure, Digital Health Data Hubs,
Building Blocks, Standards & Regulations, and an Institutional Framework for its
implementation. The document also contains a high-level Action Plan.

The Objectives of NDHB are aligned to the Vision of NHP2017 and the SDG’s
relating to the health sector. These include:

a. Establishing and managing the core digital health data and the
infrastructure required for its seamless exchange;
b. Promoting the adoption of open standards by all the actors in the National
Digital Health Eco-system, for developing several digital health systems that
span across the sector from wellness to disease management;
Page | 1
 c. Creating a system of Personal Health Records, based on international
standards, and easily accessible to the citizens and to the service providers,
based on citizen-consent;
d. Following the best principles of cooperative federalism while working with
the States and Union Territories for the realization of the Vision;
e. Promoting Health Data Analytics and Medical Research;
f. Enhancing the efficiency and effectiveness of Governance at all levels;
g. Ensuring Quality of Healthcare.
h. Leveraging the Information Systems already existing in the health sector.

NDHB Principles
An eco-system cannot be built – it must evolve. Given this, a set of Principles - rather
than specifications - have been recommended to enable the evolution of the NDHE.
The key principles of the Blueprint include, from the domain perspective, Universal
Health Coverage, Inclusiveness, Security and Privacy by Design, Education and
Empowerment of the citizens, and from the technology perspective, Building Blocks,
Interoperability, a set of Registries as Single Sources of Truth, Open Standards, Open
APIs and above all, a minimalistic approach.

Building Blocks of NDHB

In the context of the evolution of a digital eco-system, as is the case of NDHE,
building blocks are reusable frameworks or artefacts that most stakeholder groups
need to rely upon for designing, developing and delivering their services. The
Blueprint identifies the Minimum Viable Set of Building Blocks required for the
NDHE to evolve and describes their capabilities at a high-level. It is for the NDHM, as
an organization, to arrange for the design, development and establishment of the
Building Blocks. Conformance to the NDHB Principles on the one side and to the
NDHB Standards & Regulations on the other side, are critical for an efficient design
and development of the Building Blocks.

Building Blocks constitute the core of NDHB.

While the Blueprint has identified 23 Building Blocks, a few of the critical capabilities
of NDHE, addressed by appropriate combinations of the Building Blocks, are
explained briefly along with a schematic of the Blueprint.as:

1. Identification: Unique identification of Persons, Facilities, Diseases and

Devices is a key requirement and challenge as well in NDHE. The Blueprint
handles this requirement through 2 Building Blocks, namely, Personal Health
Identifier (PHI), and Health Master Directories & Registries. The uniqueness
in identification of Persons (citizens) required as an essential attribute of PHI
is sought to be achieved through a combination of Aadhaar-based

Page | 2
 Identification/ Authentication for schemes notified under Section 7 of the
Aadhaar Act, and through other specified types of identifiers in respect of the
rest. However, the Committee recommends that the design of the PHI may
be finalized by the MoHFW, in consultation with MeitY and UIDAI duly
taking into consideration the regulatory, technological and operational
aspects. PHI in tandem with Health Locker will facilitate the creation and
maintenance of Personal Health Records.

2. Citizen to be in Control: The need for maintaining the confidentiality, security

and privacy of the health records cannot be over-emphasized. These
regulatory requirements are built into the design of NDHE a priori, rather
than being retrofitted. The Blueprint achieves these complex and mandatory
requirements through a combination of a few Building Blocks, namely,
Consent Manager, Anonymizer and Privacy Operations Centre. Besides
these Building Blocks, application-specific features and relevant International
standards defined in the Blueprint fortify the privacy regime.

3. Service Access/ Delivery: Omni-channel access/ delivery are an important

capability required in NDHE. This is achieved by a combination of Web (India
Health Portal), Mobile (MyHealth App) and Call Centres besides Social
Media Platforms. The Command, Control and Communication Centre enable
real-time monitoring and real-time interventions needed in the NDHE. Given
the significant spread of smartphones and the prospects of its further
growth, The Blueprint emphasizes the ‘Mobile First’ principle for majority of
stakeholder-facing services.

4. Interoperability: The most important contribution of the Blueprint is its

advocacy of Interoperability, which is a pre-requisite for development of
integrated digital health services and continuum of care but also for the
autonomous development of innovative value-added services by
entrepreneurs. Two Building Blocks, namely, the Health Information
Exchange and the National Health Informatics Standards enable and
promote the interoperability of various building blocks.

A significant effort requiring high-level expertise is involved in the preparation of the

detailed designs for 17 of the 23 Building Blocks (excluding the building block of
Standards [already specified in The Blueprint] and those relating to the Application
Layer). A high-level approach for the same has been included in Chapter 2.

Page | 3
National Digital Health Blueprint (NDHB) Applications & Digital
Services
The Application Layer of the Blueprint is merely a placeholder in so far as it identifies
the thematic areas for development and deployment of applications but refrains
from listing them. Such an approach has been adopted not only because of the large
number and variety, but also because the applications must evolve in an innovative
way that cannot be defined upfront. It is necessary here to underline the importance
of leveraging some applications in the health sector that have evolved and matured
over the last few years. Taking the legacy applications on board to the NDHE requires
that each application is rigorously assessed w.r.t it’s conformance to the standards,
using a set of criteria like that defined by the Digital Service Standard.

The value of the Blueprint can be realized mainly in terms of the impact the Digital
Health Services make on the various stakeholder groups. The Blueprint provides an
illustrative, but by no means exhaustive list of Digital Health Services, to indicate the
nature of qualitative difference its implementation can make. Needless to say that
the portfolio of services must be validated and updated through a series of
consultations with the stakeholder groups.

Standards
National Health Informatics Standards form the cornerstones of the foundation of
NDHB. The health sector must adopt the international standards in a large number
of areas. However, The Blueprint has adopted a pragmatic approach and
recommended only the minimum viable set of standards, to make it easier for the
eco-system players to adopt the same. FHIR Release 4 (in a highly condensed form),
SNOMED CT and LOINC are among the standards recommended.

Institutional Framework
A Blueprint is only as good as its implementation. An appropriate Implementation
Framework is suggested in Chapter 4. A new entity, National Digital Health Mission
(NDHM), is recommended to be established as a purely government organization
with complete functional autonomy adopting some features of some of the existing
National Information Utilities like UIDAI and GSTN. The role and functions of NDHM
and an appropriate organizational structure have been recommended. A high-level
Action Plan has been recommended in Chapter 5 that can guide the implementation
of NDHB.

Page | 4
 VISION
To create a National Digital Health Eco-system that supports Universal
Health Coverage in an efficient, accessible, inclusive, affordable, timely
and safe manner, through provision of a wide-range of data, information
and infrastructure services, duly leveraging open, interoperable,
standards-based digital systems, and ensuring the security, confidentiality
and privacy of health-related personal information.”
 CHAPTER 1
CONTEXT & SCOPE OF
NATIONAL DIGITAL HEALTH BLUEPRINT
1.1 The Context
Healthcare has always been central to all development efforts be it a national or
global agenda. Government of India envisages as its goal the attainment of the
highest possible level of health and well-being for all at all ages and intends to
provide universal access to good quality health care services without anyone having
to face financial hardship as is enunciated in National Health Policy, 2017. The most
promising approach adopted by National Health Policy towards this goal is extensive
deployment of Digital Tools/Technology to enhance health system performance.
Government is committed to Universal Health Coverage for all citizens; to make
healthcare affordable, accessible, and equitable, and Digital Health technology has a
huge potential for supporting Universal Health Coverage (UHC).

Ministry of Health and Family Welfare (MoHFW) has prioritized the utilization of
Digital Health to ensure effective “service delivery” and "citizen empowerment" so
as to bring significant improvements in the public healthcare delivery.

To improve efficiency in healthcare delivery, extend healthcare to rural areas and

provide better quality services at low cost, certain eHealth initiatives using ICT
(Information and Communication Technologies) were undertaken by MOHFW across
the country with the following objectives:

 To ensure availability of services on wider scale

 To address the human resource gap by efficient & optimum utilization of the
human resources existing in the health sector
 To provide healthcare services in remote & inaccessible areas through
telemedicine
 To Improve patient safety by access to medical records and help reduce
healthcare cost
 To monitor geographically dispersed tasks for meaningful field level
interactions through effective use of MIS
 To help in evidence based planning and decision making, and
 To improve efficiency in imparting training and in capacity building
A few of the ongoing initiatives in Digital Health being implemented by MoHFW
include Reproductive Child Healthcare (RCH), Integrated Disease Surveillance
Program (IDSP), eHospital, e-Shushrut, Electronic Vaccine Intelligence Network
(eVIN), National Health Portal (NHP), National Identification Number (NIN), Online
Registration System (ORS), Mera Aspatal (Patient Feedback System) and National
Medical College Network (NMCN). These initiatives are operational at a substantially
mature level and are already generating enormous amount of data in the health
5|Page
sector. Since health is a State subject, States are supported under National Health
Mission (NHM) for services like Telemedicine, Tele-Radiology, Tele-Oncology, Tele-
Ophthalmology and Hospital Information System (HIS).

The Government of India approved the National Health Policy 2017 (NHP 2017) with
the vision of providing Universal Health Care. As a sequel to the NHP 2017, , the
Union Budget for the fiscal year 2018–19 announced the Ayushman Bharat Yojana, a
program designed to address health holistically through a two-pronged approach

 To set up 1.5 Lakh Health and Wellness Centres for comprehensive primary
healthcare, offering preventive and promotive healthcare accessible to all,
and

 A flagship scheme Pradhan Mantri-Jan Arogya Yojna (PMJAY) to provide

healthcare cover to over 10 Crore poor and vulnerable families up to Rs 5
Lakh per family per year for secondary and tertiary care requiring
hospitalization.

Through Ayushman Bharat, the Government of India has taken steps to lay the
foundation of a 21st Century Health System. It is expected that the provision of
services through public and private sector under Ayushman Bharat will generate
enormous amounts of health data, mostly in the digital space. To ensure that we can
leverage the cutting-edge digital technologies, it is crucial to focus on creating an
appropriate architecture and data structures which are both pan-India. With the
current system of fragmented data capture by multiple stakeholders without any
standardization, there is a serious risk of compartmentalization of Digital Health
assets.

The aforesaid challenge also presents us with an opportunity to build a state-of-the-

art National Digital Health Eco-system (NDHE) that can enable us to leapfrog many
of the traps that bedevil health information systems even in developed economies.

Towards this end, NITI Aayog had proposed a conceptual framework for creation of a
National Health Stack - a set of core building blocks to be “built as a common public
good” that helps avoid duplication of efforts and achieve convergence among the IT
systems of the diverse stake holders such as the Governments, the Payers, the
Providers and the Citizens. Even at the conceptualization stage, it was recognized
that the issue of data safety, privacy and confidentiality will be critical for the success
of the NHS and consequently, the need has arisen for a mechanism to incorporate
these elements ab-initio into the architecture.

The Ministry of Health & Family Welfare constituted a Committee chaired by

Shri J. Satyanarayana, the then Chairman, Unique Identification Authority of India
(UIDAI) to create an implementation framework for the proposed National Health
Stack. The composition of the Committee is shown in Annexure I.

6|Page
 Given the vastness of the Health Domain and the complexities involved in designing
architecture for National Digital Health Eco-system, the Committee constituted 4
Sub-Groups to deal with 4 distinct aspects of the mandate of the Committee. These
relate to

i. Scope of NDHB, Overarching Principles and Target Digital Services

ii. Building Blocks of NDHB, including Universal Health Id
iii. Standards and Regulations, and
iv. Institutional Framework

The composition of the Sub-Groups and Terms of Reference are given in Annexure II.

Based on the efforts of the 4 Sub-Groups, the Committee prepared the National
Digital Health Blueprint (NDHB) as a document that would act as an authoritative
reference in guiding all future efforts for creation of NDHE. It is envisaged that the
Blueprint will shape the path for a digitally inclusive healthcare system to be
established in our country. The nomenclature of “National Digital Health Blueprint”
is considered more appropriate as the document is a balanced combination of
Architectural Principles, Building Blocks and an Implementation Framework as well,
which together, provide an immediate setting for action in multiple dimensions and
at multiple levels.

1.2 Vision of National Digital Health Blueprint (NDHB)

To complement the overall vision of Government to create an enabling digital health
ecosystem and prioritization of Digital Health by Government as enunciated in the
national level programs, the following Vision Statement is recommended to be
adopted for National Digital Health Blueprint:

“To create a National Digital Health Eco-system that supports Universal Health Coverage
in an efficient, accessible, inclusive, affordable, timely and safe manner, through
provision of a wide-range of data, information and infrastructure services, duly
leveraging open, interoperable, standards-based digital systems, and ensuring the
security, confidentiality and privacy of health-related personal information.”

The Vision of NDHM encapsulates the goals of NHP 2017 and aims to leapfrog to the
digital age by providing a wide range of digital health services.

1.3 Objectives of National Digital Health Blueprint (NDHB)

The following specific objectives need to be achieved if the Vision of NDHM is to be
realized:

a. To establish state-of-the-art digital health systems, for managing the core

digital health data, and the infrastructure required for its seamless exchange;

7|Page
 b. To establish National and Regional Registries to create Single Source of Truth
in respect of Clinical Establishments, Healthcare Professionals, Health
Workers and Pharmacies;
c. To enforce adoption of open standards by all the actors in the National Digital
Health Eco-system;
d. To create a system of Personal Health Records, based on international
standards, easily accessible to the citizens and to the healthcare
professionals and services providers, based on citizen-consent;
e. To promote development of enterprise-class health application systems with
a special focus on addressing the Sustainable Development Goals related to
the health sector;
f. To adopt the best principles of cooperative federalism while working with the
States and Union Territories for the realization of the Vision;
g. To ensure that the healthcare institutions and professionals in the private
sector participate actively in the building of the NDHE, through a combination
of prescription and incentivization;
h. To ensure National Portability in the provision of health services;
i. To promote the use of Clinical Decision Support (CDS) Systems by health
professionals and practitioners;
j. To promote a better management of the health sector leveraging Health Data
Analytics and Medical Research;
k. To provide for enhancing the efficiency and effectiveness of Governance at all
levels through digital tools in the area of Performance Management.
l. To support effective steps being taken for ensuring Quality of Healthcare.
m. To leverage the Information Systems existing in the health sector, by ensuring
that they conform to the defined standards and integrate with the proposed
NDHE.

1.4 Overview of National Digital Health Blueprint

The National Digital Health Eco-system is large, complex, heterogeneous, sensitive
and critical at the same time. Evolution of such an eco-system can and should
happen by a combination of two distinct approaches, namely, establishment/
creation of Core Information Systems on a minimalist basis, and promotion of a set
of Principles and Standards by all the eco-system players. The Blueprint adopts this
twin approach precisely.

8|Page
The NDHB has been conceptualized as a layered structure depicted in Figure 1.1 and
described later.

a. At the core of the Blueprint are its Vision and a set of Principles that should
guide all the eco-system players. While the Vision has already been stated in
Section 1.2 and supplemented by the objectives in Section 1.3, the Blueprint
Principles are enumerated in the following Section.

Figure 1.1 Layered approach to conceptualizing the blueprint

b. The Building Blocks are defined in Chapter 2. While the Core Building Blocks
will be established centrally by NDHB, the remaining would have to be
created in an interoperable manner by the eco-system players.
c. Chapter 3 defines the minimum set of Standards to be adopted by all the
eco-system players. It also touches upon the Regulations to be enforced in
the health domain.
d. The applications and services layers are substantially in the realm of the
Providers of Healthcare Services, Wellness Services and Support Services.
However, it shall be the endeavor of the NDHB to design, develop and put in
place certain Core and Reusable Applications and Services, which are
commonly used across the country and across the health domain.
e. Chapter 4 recommends an Institutional Framework appropriate for
facilitating the establishment of the National Digital Health Eco-system in
terms of all the components.
f. Chapter 5 provides a high-level Action Plan that envisages implementing the
NDHB in 3 phases.
g. It may be noted that each of the layers has components that fall under both
the areas, namely Health Domain and Pure-play Technology.
9|Page
1.5 Core Principles of National Digital Health Blueprint
As alluded to earlier, an eco-system cannot be built, nor can it evolve on a
prescriptive approach. Hence the Blueprint proposes to be evolved on the basis of a
set of commonly believed Principles, which again, pertain to the Business (i.e the
Health Domain) and to Technology. The Governments, Central and State, must play
the role of facilitators, enablers and advocates of these Principles to speed up the
evolution of the National Digital Health Eco-system.

While identifying and defining the principles, the following core requirements and
architectural priorities have been kept in view:
a. Unique and Reliable Identification of persons, relations, professionals,
providers, facilities, and payers across the whole eco-system.
b. Trustworthiness of the information created by the entities in the eco-system
c. Capability for creation of a longitudinal health record for every individual
from information held in diverse systems
d. Managing the consents for collection and/or use of personal/ health data, to
ensure privacy and confidentiality.
e. Adopting and aligning with IndEA principles, given the enterprise nature of
NDHE.
The Principles of NDHB are stated and briefly explained Table 1.1 and as a bird-eye
view in Figure 1.2.

Business Principles (Health Domain Principles)

NDHB will be wellness-centric and wellness-driven.
Special focus will be laid on the building blocks and applications relating to Health
Education, awareness, screening, early detection and AYUSH. Wellness centres and mobile
screening teams will be strengthened through access to real-time Personal Health Records.
Citizens will be encouraged to follow a well-designed referral system
NDHB shall educate and empower citizens to avail a wide range of health and wellness
services
Mass awareness and education will be promoted through use of appropriate a
MEDucation Platform and a portfolio of Health Apps targeting citizens of different age-
groups and access to toll-free medical advice. Personalization and localization will facilitate
higher uptake of the education and awareness services.

NDHB systems shall be designed to be inclusive.

Specialized systems will be designed to reach out to the “unconnected”, digitally illiterate,
remote, hilly and tribal areas. Telemedicine will focus on reaching out to such groups to
provide them with services of experts.
NDHB shall ensure security and privacy by design.
A National Policy on Security of Health Systems and Privacy of Personal Health Records will
be developed. All the building blocks that require handling personal health records will be
designed to comply with such policy ab-initio
10 | P a g e
 NDHB shall be designed to measure performance and display accountability of all
providers of service.
Real-time monitoring of the Service Levels and health sector KPIs will be the key driver to
measure and publish performance of all health institutions and professionals. Real-time
dashboards, data analytics and visualization tools will support the Performance
Management.
NDHB shall have a national footprint and shall enable seamless portability across the
country.
Personal Health Identifier with its supporting blocks, including adoption of Health
Information Standards will play a pivotal role in the national portability. A system of
incentives will be put in place for early adoption.
The eco-system of NDHB shall be built basing on the principle, “Think Big, Start Small,
Scale Fast”
While the “Big Picture” of NDHB will be comprehensive containing all the Building Blocks
required to fulfil the Vision, NDHB will adopt a combination of strategies like taking a
minimalistic approach for designing each Block, prioritizing and sequencing of the
development/ launch of the building blocks, and designing a technology architecture that
can scale horizontally and vertically.
Technology Principles
NDHB shall be developed adopting India Enterprise Architecture Framework (IndEA)
The artefacts prescribed by the IndEA Standard will be prioritized and sequenced. The
design of the building blocks of NDHB will adopt and conform to IndEA by default. Other
national and international standards will be adopted in areas not covered by IndEA.
NDHB may, when appropriate, adopt the Agile IndEA Framework, which combines the
Vision of IndEA with the Speed of Agile methodologies of development.
All the building blocks and components of NDHB shall conform to open standards, be
interoperable and based on Open Source Software products and open source
development.
The policy of MeitY, GoI on Open Standards and Open Source Software shall be adopted in
designing of the building blocks of the Blueprint and in all procurements relating to its
implementation. Interoperability will be inherent to all the building blocks.
Federated Architecture shall be adopted in all aspects of NDHB.
Only the identified Core Building Blocks will be developed and maintained centrally. All
other building blocks shall be designed to be operated in a federated model that factors
regional, state-level and institution-level platforms and systems to function independently
but in an interoperable manner.
NDHB shall be an Open API-based Ecosystem
All the building Blocks will be architected adopting the Open API Policy notified by MeitY,
GOI. Security and Privacy will be built into the design and development of the APIs, which
should be audited for security and privacy before deployment.
All major legacy systems shall be assessed for conformance to NDHB principles and
leveraged to the extent feasible.

11 | P a g e
 Compliance of legacy systems to the Blueprint principles and IndEA Principles will be
assessed through an appropriately designed Assessment Tool. Only those legacy systems
that cross the bar will be allowed to operate within the eco-system.
All the components, building blocks, registries and artefacts of NDHB shall be designed
adopting a minimalistic approach.
Easy, early and collective adoption of the Blueprint by majority shall be critical to its
success. Hence every component of the Blueprint shall be designed to be minimalistic.
All the registries and other master databases of NDHB shall be built as Single Source of
Truth on different aspects and backed by strong data governance.
Rigid validations shall be applied to all mandatory ‘fields’, clear ownership and
responsibilities shall be defined for all core databases and strong, dedicated data
governance structures shall be established at the State and Central levels.
Table 1.1 Principles of NDHB

Figure 1.2 Bird’s eye view of the NDHB Principles

12 | P a g e
 CHAPTER 2
IDENTIFICATION & DEFINITION OF
BUILDING BLOCKS
2.1 Introduction
Digital technologies are playing a pervasive role in the delivery of Healthcare today.
The National Digital Health Blueprint (NDHB) provides an approach to establish
foundational IT components that will enable the Health ecosystem to streamline
information flows across players in the ecosystem while keeping citizens, their
privacy and confidentiality of data at the forefront. A good design can help
accelerate the adoption and improve delivery of health services across both the
public and private sectors. NDHB identifies key building blocks by looking at the
most common requirements of the overall health ecosystem.

To establish a comprehensive National Digital Health Blueprint (NDHB), it is pertinent

to identify the key actors in healthcare systems, which are given below:
 Person – Patient, Family Member, Beneficiary
 Care Professional – Doctors, Nurses, Lab Technicians, ASHA workers etc.
 Care Provider – Hospital, Clinic, Diagnostic Centre
 Payer – Insurer, Health Plan, Charity
 Governing Bodies – Ministry, Professional bodies, Regulator
 Research Bodies – Researcher, Statistician, Analyst
 Pharmaceuticals – Drug, Device Manufacturers and Supply Chain players

2.2 Identifying the Building Blocks

In architectural parlance, a building block is a package of functionality defined to
meet business needs. Building blocks have to interoperate with other building
blocks. A good choice of building blocks can lead to improvements in legacy system
integration, interoperability, and flexibility in the creation of new systems and
applications. Wherever interoperability is required, it is important that the interfaces
to a building block are published and reasonably stable. A building block is
intentionally designed to be cross-functional allowing its generic functionality to be
applied to different contexts. Each Building Block must have the following
characteristics:
 Provide a standalone, useful, reusable and implementable capability in the
health domain
 Cross-functional across the value chain by design
 Applicable to multiple use cases in healthcare
 Interoperable with other building blocks
 Use shared digital infrastructure (to the extent feasible)
 Standards-based and
 Designed for scale

13 | P a g e
Each Building Block must have a clear “Business Owner” and “Technology Owner”.
The business owner is responsible for defining the rules and policies essential to
effectively manage the building block. The technology owner would be responsible
for managing the business requirements and technical implementation of these
requirements efficiently.

Building Blocks once identified shall be implemented using workflow-based modules

and must interface with other building blocks using open APIs. The Building Block of
Personal Health Identifier (PHI) will be centre-piece for integration with all the other
components of health ecosystem and for maintaining the Personal Health Record
(PHR).

Identification of new blocks is an ongoing activity and more blocks would come up
over time.

2.3 National Digital Health Blueprint (NDHB)

Based on the study of the existing health systems, discussions with stakeholders and
analysis, the following key Building Blocks have been identified across 5+2 layered
architecture:

Figure 2.1 National Digital Health Blueprint (NDHB)

14 | P a g e
 i. Infrastructure (Layer-1)
Privacy by design being a key principle of the National Digital Health Blueprint, an
Infrastructure layer needs to be established for management of the key data
services in a compliant manner. The objective of the Infrastructure layer is to
ensure that health data and it’s traversal is always secure and adheres to all
privacy requirements. The Government Community Cloud infrastructure as
defined by MeitY should be adopted for implementation of building blocks in
Layer 2 and Layer 3. A hybrid cloud environment is recommended for other
layers.

Secure Health Networks

Blueprint should be built to work on public networks by default. Wherever access to sensitive
or aggregated data is involved, secure connectivity like MPLS or VPN may be used. For specific
applications like Tele-health, Tele-radiology that require strong data links to systems like PACS
low latency, high bandwidth network systems may be specially designed

Health-Cloud (H-Cloud)

The Health-Cloud builds on the MeitY initiative of Government Community Cloud (GCC) with
stronger security and privacy policies and infrastructure. Key data hub management services
of the Blueprint must be deployed on the H-Cloud.

Security and Privacy Operations Centre (SOC)

All events on the Health-Cloud and the Health Network need to be under 24x7 security
surveillance ensuring every data byte is highly secure. This is achieved through a Security
Operations Centre (SOC). The Committee recommends the establishment of a dedicated
Privacy Operations Centre (POC) to help drive compliance on the privacy requirements,
adherence to which is a must in the health sector. The POC will monitor all access to
private data, review consent artefacts, audit services for privacy compliance,
evangelize the privacy principles on which the Blueprint is being built and bring trust
and strategic control in the usage of health data in the ecosystem.

ii. Data Hubs (Layer-2)

Data Hubs provide the fundamental building blocks that manage the key entities
and standardized master data required for any health ecosystem transaction.
This layer also identifies the minimum and critical transactional data blocks
required for successful implementation of the other building blocks.

a) Personal Health Identifier (PHI): It is important to standardize how a person is

identified at any point providing healthcare. This is the only way to ensure
medical records created for the person can be issued to the correct individual or
obtain consented access. As part of the issue of the PHI, the system must collect
15 | P a g e
 Demographic and Location information, Family / Relationship information and
contact details. Ability to update contact information easily is the key as India has
a large churn in mobile numbers. The relevant FHIR specification for persons
MUST be followed.

b) Personal Health Record (PHR) generates and aggregates health records for a
person and puts the information in the control of the person to share it with
consent. While there are several approaches to implementing a PHR system,
keeping in line with the principles of NDHB, a federated system with multiple
market players working on a national interoperable standard for sharing of
health data is preferred. Health care providers are expected to identify the
individual (through PHI) and insert a medical record into the person’s PHR after
providing care. The content in the PHR will need to allow for evolution, from
basic content with very little metadata to a strongly structured content that
meets the standards specified in Chapter 3. In addition, the PHR shall capture the
data relating to ONLY the significant medical and health episodes and events of
types to be identified and notified. This requirement addresses the issues like
data overload, ‘Physician Fatigue’, and important health data getting buried
under inconsequential data and thereby getting missed out. Annexure V points
out the mistakes to be avoided in designing PHR/ EHR. The design of the
DigiLocker system, which has multiple issuers and users who can exchange data
with consent and strong non-repudiation methods, should be adopted with
appropriate modifications and enhancements for implementing the PHR

c) Health Master Directories hold the master data of various entities, which will
play a key role in the health ecosystem. Directories must be built with strong
ownership and governance mechanism and must adhere to the principle of being
the “single source of truth”. Directories must be designed to be easily accessed
and used from multiple users of the NDHB. Directories related to professionals
must enable Identity and Access Management (IAM) for health applications that
adopt the Blueprint. Health Applications must be able to verify a doctor using the
registry and allow them to access their health application and to add / view
records for which they are specifically authorized.

Health Registries: Table 2.1 shows the key directories to be established in the
first phase of the NDHB

Facilities The Facility Directory will consist of one record and a unique
Directory identifier for each Health facility in the country – Hospitals, Clinics,
Diagnostic centres, Pharmacies etc.
Doctors The Doctor directory will consist of one record for each doctor who
Directory has registered with the medical council after completion of their

16 | P a g e
 education. The directory must be designed to be kept up-to-date as
doctors gain skills via fellowships and map them to the facilities
they are associated with.
Nurses & The Nurses directory will essentially include the medical support
Paramedical staff including Nurses, ANMs etc. and will also consist of one record
Directory for each paramedical staff that is awarded a certification by the
Paramedical board, Ophthalmic Technicians, Operation Theatre
technicians, etc.
Health This directory will consist of Health Workers like ASHA who act as
Workers the extended work force enabling door to door healthcare related
Directory services
Allied This directory contains the other key roles in the healthcare
Professionals industry including Masters in Hospital Administration, Health IT,
Directory Disease Coders, Pradhan Mantri Arogya Mitras, etc.

Health Registries
Disease Contains one record for each incidence of the disease in the
Registry population. The National Cancer Registry is an example. Disease
registries must be established for all non-communicable diseases
(NCDs) especially those being covered by the NCD Screening
programme of MoHFW
Blood / Contains PHI for people wanting to be blood / organ donors or
Organ Donor recipients in waiting. There are several registry initiatives in this
Registries area. The Government must seek to establish National registries
that are trusted and have wide participation.

Table 2.1 Key directories in the first phase of the NDHB

Health Masters/ Health Data Dictionary: There are several master data
requirements in healthcare including names of drugs, diseases, lab tests, procedures,
etc. The Content and Interoperability section in Chapter 3 outlines the various
standards / code sets to be adopted. The Blueprint must enable easy access to
developers to incorporate Master Data into their applications.

iii. Technology Building Blocks (Layer-3)

Operationalization of the Master Data directories provides standardized operating

data for any health transaction to happen via the Blueprint. For the Blueprint to meet
its key objectives, it defines six key building blocks for data and access management;
that need to adhere to by all implementation agencies to align their existing

17 | P a g e
applications to generate or access health related information. These are described in
Table 2.2.

Anonymizer The Anonymizer takes data from the Health Locker and/or other
health data sets, removes all personally identifiable information to
protect privacy and provides the anonymized data to the seeker.
Tools available can anonymize both structured and un-structured
data. At the same time, Anonymizer enables the Government or
authorized agencies may need to access the health records of the
citizens especially in some identified cases like monitoring of
notified diseases etc., to take effective decisions to promote
wellness in the country and to ensure that healthcare is provided
in a timely fashion, as needed.
There are 2 levels of delinking the personally identifiable
information from the related health record(s), namely, De-
Identification and Anonymization. De-identification process is
reversible, whereby re-identification by the competent authority is
possible after the processing of de-identified data has been
completed by the processing agency. Anonymization, on the other
hand, is a one-way process, whereby the data once anonymized,
cannot be related to any person subsequently. It is necessary to
identify the use cases where each of these 2 processes has to be
used, depending upon the degree of privacy required in each use
case.

Though combined as a single Building Block, Anonymizer shall have

all the capabilities required, namely, Anonymization, De-
Identification and Re-Identification besides encryption and
decryption as needed.

Consent Health records are personal for an individual and every access to
Manager each record requires explicit consent of the individual. The
electronic consent framework specifications notified by MeitY
should be used to develop the information sharing processes
within the Blueprint. The goal of the Consent Management
Framework and the Consent Manager should be to ensure that the
citizen/ patient as the Data Principal, is in complete control of what
data is collected, and how/with whom it is shared and for what
purpose, and how it is processed. The Framework should apply not
only to the data collected at each touch pint and each encounter
but to the data relating to the entire Personal Health Record, both
longitudinal (over a period of time) and vertical (relating to an

18 | P a g e
 episode).
Health The Health Locker is a standards-based interoperability
Locker specification that can be implemented by multiple players to
enable the creation of a Personal Health Record ecosystem. When
a medical record needs to be issued, only a reference link is shared
with the locker ecosystem. Small clinics / hospitals are expected to
subscribe to the authorized repository providers who can integrate
with the Health Locker to be able to participate in this ecosystem.
The health locker enables creation of a longitudinal health record
from the various links it stores and provide the PHR to the
providers who need the same. The PHR is created only on consent
from the user. The design will need to factor uptime / network,
storage and security considerations.
Health All actors in the health ecosystem would in some way or the other
Information be generating or accessing health information, using one or more
Exchange access applications. The exchange of information needs to be
enabled as real-time data exchange by implementation of Open
APIs and other data exchange mechanisms. From a flow
perspective each access application to submit or retrieve/ access
any information from/ via the Blueprint, needs to be registered
with the Health Information Exchange (HIE), which would be
responsible for authentication and authorization of all data
exchange requests and, if authorized, then for routing the request
to the providing applications. The design of this component should
support implementation of multi-channel solutions by participating
applications, to ensure cross channel capabilities and a seamless
user experience and for enabling an open market ecosystem to
come up.

Health This building block has the objective of providing Decision Support
Analytics to the stakeholders on a wide variety of Themes, by analysing the
aggregated datasets to be accessed from the providers. The
Blueprint design must ensure that analytics data is created /
collected at source when the medical record is being prepared to
be issued to the PHR. Analytics data can be aggregated using either
a subscription model or a push model where the data is sent
mandatorily to one or more government-controlled analytics
systems. Policies for access to the aggregated health data need to
be setup.
While the Building Block of Health Analytics can have very large
scope in terms the number and nature of Themes for analysis, the

19 | P a g e
 following initial set of themes is recommended with the
corresponding benefits, as shown below

Theme Decision Support Goal(s)

(Illustrative)
Quality of Care  Quality of Infrastructure
 Quality of treatment
 Effectiveness of follow up
 Hospital-acquired Infections
Quality of Data  Accuracy of Data
 Completeness of Data
 Appropriateness of Data
 Conformance to Standards
Wellness  Need for Screening
 Early Detection
 Preventive Interventions
Public Health  Targeted Interventions in NCD’s
 Identification of endemic areas
 Identification of endemic groups
 Disease Surveillance
Fraud Detection  Fraud Classification
 Fraud Detection
 Fraud Prevention through systemic improvements
Policy  Policy Formulation Support
GIS/Visualiza This building block provides GIS / Visualization services that can be
tion used by the application layer to answer queries like – Which is the
nearest hospital with this specialty? Or plotting of disease
incidence in a geographic area etc. The building block must take
data sets from the health analytics system and produce outputs
that can be consumed by the application layers. The GIS services
will help in regional planning and monitoring of health services.

Table 2.2 Technology building blocks

iv. Application Building Blocks (Layer-4)

The three layers described earlier (Layers 1-3) are expected to provide open APIs
that can be used by a wide variety of applications across the health sector – both
by public and private providers. Applications across Emergency care, Healthcare,
Wellness, Medical Education and Public Health are expected to benefit from the
National Digital Health Blueprint.
Several existing applications need to be modified to comply with the National
Digital Health Blueprint. These include:

20 | P a g e
 Government Managed Health Applications

e.g.: Reproductive and Child Health (RCH), NIKSHAY (Online TB Patients monitoring
application), e-Raktkosh, Health Management Information System (HMIS), National
Programme for Control of Blindness (NPCB), Ayushman Bharat, Hospital Information
System (HIS), Integrated Disease Surveillance Program (IDSP) etc. Telemedicine should
be given a high priority given the low Doctor-Population ratio, especially in the rural

Private Sector Health Applications

e.g.: Hospital Management System applications, claims applications etc. being currently
used by service providers. Open Source Products may be promoted for the sharing of
real-time patient data among the members of the medical/ surgical/ nursing teams,
especially to ensure timely interventions in tertiary care.
Given that the eco-system should be designed to move from Healthcare to

Wellness, specialized applications shall be developed in the areas of Screening

(especially of Students and Women), early detection and referrals.
New applications in the healthcare ecosystem will benefit from adoption of the
Blueprint as it will speed up development and ensure interoperability at a national
level.
v. Access & Delivery (Layer-5)
Since, Healthcare and Wellness related services primarily contact driven; in addition
to the blocks requiring specific IT intervention the Blueprint also identifies the varied
access and service delivery points that need to be the physical/ virtual points of
access for the actors of the ecosystem. These are shown in Table 2.3.

Call Centre(s) Provide telephonic support to all actors of the ecosystem,

principally the citizens.
India Health A multi-lingual national portal enabling access to digital health
Portal services and data

Social Media For emergency management, health awareness / education and

community-based services like Blood/ Organ Donations.

MyHealth A wide range of Apps can be built by open market, including Start-
Apps ups and existing Health IT companies of all scales besides
Government organizations. The end user thus has the choice of
selecting the app that suits their needs best.

Table 2.3 Access & service delivery points

21 | P a g e
 Given the prospects of a near universal coverage of all families in the country with
Smart Phones, all the digital services are to be designed to be delivered through
Smart Phones adopting the Mobile First Principle.

The Smart Phones should the preferred medium / channel for dissemination of
appropriate content, information, alerts and updates to the large force of health
workers, predominantly, the ASHA workers, given that a significant thrust has to be
given to the MCH and NCD programs and related field activities.

Smart Phones can also be the preferred channel for online education of citizens and
the field force.

Specific efforts shall be made to launch voice-based services using appropriate tools
customized to work in spoken Indian Languages, in collaboration with the OEMs.

In addition to the above 5 horizontal layers, the Blueprint also identifies the
following two vertical layers cutting across all the horizontal layers:

vi. National Health Standards (Vertical Layer -1)

Governance, Strategic Control, Data Security, Privacy and Compliance to Standards
would be one of the key verticals that cut across all building blocks of the Blueprint.
Chapter 3 specifies the various standards to be adopted in these areas.

vii. Command, Control and Communication Centre (Vertical Layer -2)

The goal of the Integrated Command, Control and Communication Centre (CCCC) is
to provide a single point contact in to manage public health emergencies. The CCCC
consists of a response team and also has the ability to constantly monitor disease
surveillance and outbreak response. The large amounts of health data coming into
the NDHB should be used to monitor for various diseases working closely with the
existing programs of MoHFW and the States. The CCCC consuming information from
all other components (internal as well as external), will run analytics on that
information and generate alerts and visualizations as required. It shall also deploy
Artificial Intelligence and Machine learning technologies.

2.4 Structure of Disease Registries for NCD

Registries can provide health care professionals and researchers with first-hand
information about people with certain diseases, both individually and as a group,
and over time, to increase our understanding of that disease. Broadly disease
registries are based on information gathered in Screening and in the Hospitals.

Screening based registries are concerned with recording information about diseases
for population at large for different age groups based on well-defined parameters

22 | P a g e
and invoke referrals. Hospital based registries are concerned with recording of
information on the patients seen in a particular hospital.

National Cancer Registry being maintained by ICMR and the other Disease Registries
currently maintained in India are not interoperable and not integrated with Hospital
Management Information System (HMIS). Disease registries need to be standardized
following the National Digital Health Blueprint to make them integrated and
interoperable. Table 2.4 depicts generic structure of recommended registries.

Type refers to type of registry viz. Screening or Hospital based

Purpose refers to the purpose of maintaining the registry
Size refers to the number and complexity of data points, the frequency of
data collection, and the enrolment of investigators and patients
Person includes all parameters given under Person Health Identifier (PHI)
Identifier
Family includes detailed information about family members from PHI
Identifier
Locational includes location to which patient belongs, facility where person has
Parameters been screened and/or referred to
Screening include the disease specific parameters to be recorded
Parameters
References/Poi defines the pointers to diagnosis, referrals, treatment, education,
nters adherence to using Personal health Record (PHR)

Table 2.4 Generic structure of registries

2.5 Harmonizing Current Facility Registry Initiatives

There is a strong need to uniquely identify health facilities and ensure that any
health data is correctly tagged with the facility id to ensure traceability,
accountability and reliability of the health information. The Government needs to
create a strong facility registry for use by several actors in the ecosystem.

After a comparative analysis of the ongoing initiatives for creation of facility

registries (details in Annexure III), the Committee recommends the following.

Recommendations:

a. National Health Resources Repository (NHRR) complimented with National

Identification Number (NIN) shall be utilized as the main facility registry
b. Incentive driven governance mechanisms need to be designed to ensure
facility registry is kept updated and made available for integration with
Health Systems

23 | P a g e
 c. The format of the Facility Identifier being used by NHRR may be reviewed and
enhanced considering the need for it to interoperate with other identifiers
like NIN and ROHINI.
d. The format and structure of the identifier should be designed such that it
does not allow deciphering of any information offline.

2.6 Approach to Personal Health Identifier (PHI)

In the health domain, the need for Personal Health Identifier (PHI) has been
recognized for the purposes of uniquely identifying persons, authenticating them
and threading their medical records across multiple systems and stakeholders.

PHI contains demographic details like Name, Father's / Mother’s/ Spouse’s Name,
Date of Birth/Age, Gender, Mobile Number, Authentication Route, Email Address,
Location, Family ID and Photograph, in line with the Person Resource defined by
FHIR (please refer to Chapter 3 for relevant details of FHIR).

In India, Aadhaar provides for uniquely identifying and authenticating a citizen,

amongst a very large population set of more than 134 crore people. Aadhaar has
achieved the same by collecting, verifying demographic details of residents and de-
duplicating using the biometric details of the residents. Aadhaar offers various
authentication methods such as demographic, mobile OTP based, biometric as well
as offline signed XML packet based.

Uniqueness is a key attribute of PHI, and the algorithm that issues a PHI must try to
return the same identifier for the individual in all scenarios. While Aadhaar assures
uniqueness of identity and provides an online mechanism for authentication, it
cannot be used in every health context as per the applicable Regulations. The design
of PHI, therefore, must allow multiple identifiers (chosen from the specified types of
identifiers) for designing the structure and processes relating to PHI.

Considering the regulatory, technological and operational implications, the

Committee suggests the following preliminary and tentative mechanism for
identification and authentication of persons in the health ecosystem:

Health Programs Aadhaar eKYC / Virtual Aadhaar Id KYC / offline Aadhaar

notified by the xml KYC / Scanning Aadhaar QR Code /Any other
MoHFW under Section specified type of ID
7 of the Aadhaar Act
All other Programs Scanning Aadhaar QR Code/ offline Aadhaar xml KYC/
Any other specified ID

24 | P a g e
However, the Committee recommends that the design of the PHI may be finalized
by the MoHFW, in consultation with MeitY and UIDAI duly taking into
consideration the regulatory, technological and operational aspects.

As an identity system, PHI can opt for one of the three system archetypes –
centralized, federated and decentralized. A comparative analysis of the three
archetypes is shown Annexure IV. It is recommended that the centralized approach
is adopted for the following benefits:

 It is easier for a single organization to provide and manage identifiers across

the country maintaining uniqueness.
 When supported with adequate institutional mechanisms and checks, it
evokes higher trust and authenticity.

25 | P a g e
26 | P a g e
 CONSENT

PATIENT SAFETY
& QUALITY OF CONTENT &
SERVICES INTEROPERABILITY

PRIVACY &
SECURITY
 CHAPTER 3
STANDARDS & REGULATIONS
3.1 Objectives of Standards and Regulations
The National Digital Health Blueprint envisages the evolution of an entire eco-system
in the health sector to provide a wide range of services to the stakeholders in a
digitally-enabled manner. Creation of such an eco-system, in a heterogeneous and
multi-level environment that obtains in India, can happen only through a multi-
pronged approach by the efforts of a large number of actors acting in sync. The
Building Blocks of NDHB defined in Chapter 2 need to work in unison in an
interoperable manner if all the digital services have to be realized for the benefit of
all the stakeholders, especially the citizens. Such a seamless and boundary less
interoperability is possible ONLY IF all the building blocks and the digital systems are
built using the defined standards.

The objective of this Chapter is to define the standards required for ensuring
interoperability within the National Digital Health Eco-system. Adoption and
implementation of standards in the health domain is a relatively slow process, as
observed from the experiences of some of the countries that embarked on the same.
Given this, it is proposed to recommend a set of Minimum Viable Standards in the
initial stages.

Given the sensitivity of personal and health-related data, appropriate

recommendations are made in respect of the Regulations to be complied with by the
actors in the digital health eco-system.

3.2 Framework & Scope of Standards

The Scope of National Digital Health initiative, the digital services envisaged by it, the
guiding principles and the Building Blocks required to create the eco-system have
been identified and defined in the earlier Chapters. The Scope of the Standards is
defined keeping the foregoing in view.

Table 3.1 depicts the areas chosen to define the Standards for the NDHB.

Consent The consent from patient need to be covered from two

aspects – consent for data capture and consent for data use.
Content Standards related to exchange of healthcare data.
&Interoperability
Privacy & Security Standards related to data privacy (through access control)
and Security of data at-rest and at-motion. Also, aspects
such as data immutability and non-repudiation with audit
trail.

27 | P a g e
Patient Safety & Data Standards related to ensuring patient safety while collecting
Quality data and quality of data captured.

Table 3.1 Areas chosen to define Standards for NDHB

Appropriate recommendations are also made on the aspects relating to adoption

and implementation of the Standards.

RECOMMENDED STANDARDS

3.3 Standard for Consent Management

The consent of the citizen plays a major role in ensuring that collection of data is
done in a manner consistent with legal rights of the patient. It is also important to
ensure that once collected, the data captured is used and disclosed (in an
identifiable or anonymized shape) in a manner appropriate in law and preserving the
citizen-directed constraints. Towards these the standard shown in Table 3.2 is
recommended for designing systems and workflows required for Consent
Management:

Purpose Recommended Standard

Consent Management ISO/TS 17975:2015 Health Informatics - Principles and
data requirements for consent in the Collection, Use
or Disclosure of personal health information
Consent Framework Electronic Consent Framework (Technology
Specifications v1.1) with its subsequent revision(s)
published by MeitY, GoI.
Table 3.2 Recommended standards for Consent Management

The above standard should be implemented in a way consistent with the applicable
laws such as Information Technology Act 2000 (and its amendments), various
directions and rules of Medical Council of India and State Medical Councils regarding
patient consent and protecting patient privacy.

3.4 Standards for Content & Interoperability

Data content plays a major role in availability of appropriate medical information to
be used in healthcare, policy formulation and health analytics. The National Digital
Health Eco-system (NDHE) seeks to link/consolidate the health records generated in
various national programs of the Central and State Governments, besides the
records generated by the private hospitals, labs and other service providers. The
interoperability standards should support the major clinical artefacts used globally.
The standards should additionally support extensions to it for any national needs
such as country specific clinical data elements, fields, records and value sets.

28 | P a g e
Interoperability in the context of digital health, is of two types, namely, Technical
Interoperability and Semantic & Syntactic Interoperability. This section defines the
minimum requirements of interoperability of both the types.

a. Technical Interoperability
Technical Interoperability is substantially defined in IndEA. Hence its requirements
are mentioned briefly here.
 The Interoperability Standards defined by IndEA Framework shall be
adopted by all systems comprising the NDHE. This should be preferably be
a mandatory requirement for registration of the entities involved.
 NDHE seeks to connect varied systems developed in different technologies
and on different platforms. The standards should therefore support
integration of all such systems. This reduces complexity and change
management of all the implementers.
 The standards should be agnostic to the underlying infrastructure relating
to compute, storage and networking. Implementers should be able to
incorporate the standard on top of their existing solutions.
 The Blueprint recommends a Federated Architecture for collecting and
storing of health information. While certain core datasets like the various
Registries, would be managed centrally, bulk of the information relating to
citizen/ patient health records would be maintained and managed in a
distributed model, at regional centres or at the sites of the Service
Providers. The Central Repository of NDHB shall support only records
conforming to standardized formats of content.

b. Semantic & Syntactic Interoperability (Content)

Apart from technical interoperability required for seamless exchange of clinical
records, semantic interoperability standards shall be adopted for health-related
terminology and formats.
The Fast Healthcare Interoperability Resources (FHIR) R4 Specification is the latest
Standard for exchanging healthcare information electronically. It is built upon the
HL7 series of Standards and is considerably rationalized and simplified. Adoption of
FHIR ensures that the electronic health records are available, discoverable,
understandable, and also structured and standardized to support automated
Clinical Decision Support (CDS).
The building blocks of FHIR are Resources. FHIR specification defines a set of 13
modules with 143 resources, and the infrastructure for handling the resources.
The following recommendations are made in respect of adoption of semantic
interoperability.
 FHIR Release 4 should be adopted with any future errata(s) for all health-
related information sharing/ exchange.

29 | P a g e
  For quick implementation a small but necessary set of health record
artefacts shall be taken up first.
 Other artifacts may be taken up in phased manner to ensure early roll-out,
easy adherence by implementers (source of data/record), and to enable
spreading of the associated costs over a period of time.

A set of 8 essential and minimum class of health record artefacts SHOULD be

notified for data capture in NDHB. The list of health record artefacts prioritized and
mapped to the suggested corresponding FHIR resources is shown in Table 3.3.
Depending on health record artefact requirement, other relevant FHIR Resources
(not explicitly mentioned here) may also be used.
Sr. Information Record Corresponding Resources in FHIR
No. Purpose Category FHIR Resource

1 Patient Demographics Administration Patient

Care Provider Details Practitioner
Person
2 History, Problem & Summary Family Member History
Diagnosis Condition
Clinical Impression
3 Vitals, Results, Assessments Diagnostic Observation
(incl. Pregnancy, Death), Diagnostic Report
Wellness parameters
4 Adverse Event, Alert Summary Adverse Event
Allergy Intolerance
5 Medication / Wellness Medications Medication Request
Lifestyle / Diet / Vision Immunization
Care Nutrition Order
Vision Prescription
Care Plan
Goal

6 Procedure Care Procedure

Procedure Request
7 Admission / Discharge / Administration Appointment
Transfer / Referral Encounter
Episode of Care
Referral Request
8 Insurance Financial Eligibility Request
Eligibility Response
Claim Claim Response
Table 3.3 Health record artifacts mapped to FHIR resources
30 | P a g e
c. Content & Interoperability Standards
Apart from standards for content, it is necessary to define the standards required in
the major areas of healthcare, namely, diagnostic content, terminology and codes for
statistics and laboratory tests. These Standards are specified in Table 3.4.

Purpose Recommended Standard

Structured Clinical FHIR Release 4 (subject to section 3.4.2)
Information Exchange (with any future errata(s))
Still Images / Documents Still Image: JPEG
Audio / Video Document/ Scan: PDF A-2
Audio: MP3 / OGG
Video: MP4 / MOV
(embedded as Binary Content in relevant FHIR
resource)
Diagnostic Images DICOM PS3.0-2015c
(Radiology including CT, (embedded as Binary Content in relevant FHIR
MRI, PET, Nuclear resource)
Medicine / US /
Pathology), Waveforms
(e.g. ECG)
Terminology/ Vocabulary SNOMED CT
(for all clinical terminology requirements in health
records)
Coding System WHO ICD-10
(for statistical classification of diseases and related
health problems)
LOINC
(for observation, measurement, test-panels, test items
and units)

Table 3.4 Content & Interoperability Standards

3.5 Standards for Privacy & Security

Preservation of privacy of patient’s healthcare is an important consideration that
needs to be incorporated in the overall design and implementation of the Blueprint.
The standards and various operational requirements for privacy and data security,
are specified in Table 3.5.
Purpose Recommended Standards
Security Digital Certificate, TLS / SSL, SHA-256, AES-256
Access Control ISO 22600:2014 Health informatics - Privilege Management and
Access Control (Part 1 through 3)
Table 3.5 Privacy & Security Standards
31 | P a g e
In addition, it is important to ensure that data is reliable and verifiable. Provisions
and guidelines related to the following should be incorporated in operational aspects
of the Blueprint:
Immutability Record once created cannot be deleted or modified without
following due process
Versioning Any record created may be ‘amended’ with new version number of
same records with any changes (previous records to be marked
inactive) with only highest version considered active.
Non-Repudiation All created records must be traceable to its creator unambiguously.
Audit Log All creation, amendments, access of records should be audit logged in
manner that it is verifiable and reliable
Patient Control: Patient should be able to access/view own health records anytime,
and control access by others.

In regards of above, provisions, guidelines, standards prescribed in EHR Standards

for India 2016 should be incorporated.

3.6 Standards for Patient Safety & Data Quality

Quality in Health Care Services and Safety of Electrical-Medical equipment are of
utmost importance in NDH. The following recommendations are made in this regard.
 Electrical-Medical Equipment used in the NDHE should be safe to patient
and to the para-medical personnel against safety hazards like Electric
shock, Harmful Radiation, Excessive Temperature, Implosion, Mechanical
instability and Fire. Bureau of Indian Standard has published 38 standards
in this area. These standards are either an adoption or technical equivalent
of the related IEC standard. The work on some additional standards is
ongoing in IEC/TC 62. At present, the certification against these safety
standards is not mandatory in India. Keeping importance of safety of such
equipment, safety certification of the equipment may be made
mandatory for participation in NDHE.

3.7 Cost consideration of Standards

Most of proposed standards except FHIR are already part of EHR Standards for India
2016 notification. All proposed standards are open specifications from respective
Standards Bodies and are internationally supported. The ISO/BIS standards are
readily available. Use of SNOMED CT is free as India is already a member country.

The cost of implementation of standards will be spread on two sides; Repositories

must support all the proposed standards, and source repositories will have to
implement the content interoperability, terminology/codes, and transmission
standards.

As noted above, acquisition of standards is mostly free/cheap due to standards being

open or available through ISO / BIS, and as India is a member of standards body. The
32 | P a g e
implementation can be facilitated by a standards support agency to be created by
MoH&FW and MeitY. The actual cost of implementation (development &
deployment) in existing application will be minimal considering that most of the
standards are already notified by MoH&FW, and vendors are in process of
incorporating them into their healthcare applications.

3.8 Enablers of NDHB

Other than standards, various architectural, design and operational
recommendations are shown in Table 3.6 to ensure cohesiveness of the Blueprint:

MDDS & EHR Meta Data and Data Standards solve the problems of common
Standards for data dictionary at the semantic level. The EHR Standards for India
India 2016 2016 is overarching set of recommendations for creating,
interoperating and using health record systems within an
enterprise and external ecosystem at various levels. Inter-
operability at the technical level would require specific integration
solutions. Inter-operability at the institutional level would require
a dialogue between public health organizations, to understand
information needs, as well as barriers to better quality and use of
information. Solving the semantic and technical barriers brings
inter-operability much closer.

Hub & Spoke As there are glaring incongruities between health systems at
Model various levels of governance and delivery, the Hub and Spoke
Model may play a vital role in designing the components of NDHB,
especially referring to the Health Data Storage and Operations
management. The clinical establishments particularly in rural
areas where sufficient Infrastructure (Servers, storage and
bandwidth) is lacking, face a problem. In such cases, Health Data
may be stored in a bigger facility equipped with necessary
infrastructure. In this model, all the smaller clinical establishments
will act as a Spoke and the location where this data is stored will
act as a Hub. In such a model, Hubs will also act as Spokes for
larger Hubs maintained at State, Regional or National level .
eSign eSign is an online electronic signature service which can be
integrated with service delivery applications via an API to enable
the user to digitally sign a document. Considering the
requirements of health data like non-repudiation and trusted
access / transfer for various medical workflows such as advices or
referrals NDHB can leverage the eSign services in a cost-effective
manner.
Table 3.6 Architectural, design and operational recommendations
33 | P a g e
3.9 Recommended further work on Standards
While an attempt has been made in this Chapter to deal with the core and minimal
standards required in the initial phases of implementing the Blueprint, further work
of creating appropriate policies is needed in the following areas:
 Structure of Core Health Records for AYUSH and Wellness related
information and Indexes to be maintained centrally.
 Policy for digitization of legacy or non-standardized (free-text/paper) health
record.
 Policy for storing heavy records (PET/MRI/CT)
 Policy for making the PHR System citizen-controlled.
 Policy for emergency access to the records
 Policy for use of records for research (anonymization & De-identification) and
analytics
 Policy for record retention and archival
 National Safety Certification Infrastructure for Electrical-Medical Equipment.

34 | P a g e
Governance
Implementation
 CHAPTER 4
INSTITUTIONAL FRAMEWORK
4.1 Back ground
An ambitious initiative like NDHB can materialize only if the right institutional
framework is put in place. The following factors are to be considered in suggesting
the right Organizational Structure:

● Evaluation of capabilities of existing organizations handling large scale Health

IT systems to be considered as potential candidates for implementing the
Blueprint
● Identification of the gaps between the existing capabilities in the identified
organizations and that required for the Blueprint and analysing whether such
an organization could be re-organized and strengthened to carry out the task.
● Whether we would require an entirely new organizational entity to drive this
initiative.
● Learning from International Experiences of creating similar institutions
● Designing a Governance and Operational structure that could accommodate
the concerns of a wide variety of stake holders and yet be operationally
nimble enough to adapt to a complex business environment and ever-
changing technological ecosystem.

An evaluation was done of the existing organizations such as CHI and CBHI housed
within the Ministry of Health and Family Welfare, Government of India, and handling
health data. A comparative analysis has also been done of all the national
organizations handling large data besides reviewing the international experience in
creating Electronic Health Record (EHR) structures specifically looking at the South
Korean model of EHR structure. It is observed that the establishment of any new
organization will need to possess, by design, attributes like

 financial independence,
 ability to get the right personnel and retain them,
 staying ahead of the technology curve ,
 speed and productivity in implementation,
 promoting ownership on the part of the user community within the new
structure and the institutions supporting them,
 cost and time effectiveness.

35 | P a g e
At the outset, it is proposed that the entity to be charged with the responsibility of
implementing NDHB be called ‘National Digital Health Mission’ (NDHM), to connote
the missionary approach required for its successful implementation.

In a nutshell, it is important to underscore that the success of NDHM is dependent

on its wide adoption by both Centre and State, public as well as private entities. Its
adoption rests heavily upon the clear definition of the role and responsibilities of
NDHM. To establish a clear mandate for the NDHM the following key components,
roles and responsibilities are envisaged:

The key components of the National Digital Health Mission are shown in Table 4.1

National Health to create a single source of truth for and manage master
Electronic health data of the nation;
Registries
A Federated to solve twin challenges of access to their own health data by
Personal Health patients and to healthcare service providers for treatment,
Records (PHR) and availability of health data for medical research - critical for
Framework advancing our understanding of human health;

A National Health to bring a holistic view combining information on multiple

Analytics Platform health initiatives and feed into smart policy making, for
instance, through improved predictive analytics;
Other Horizontal Including, and not restricted to, Unique Digital Health ID,
Components Health Data Dictionaries and Supply Chain Management for
Drugs, payment gateways. Shared across all health programs.

Table 4.1 Key components of NDHM

The role of the NDHM will be to provide information and data to different
components of the health eco-system to work together and also provide the
technological infrastructure for collection and storage of core/ master data through
the various registries.

The responsibilities of the NDHM will include:

 Providing the technology platform for collection of core health data from the
providers and patients
 Provide a platform for interoperability of health care data through a unique
identifier for the provider and patient across the health system
 improving the quality of health data collection, storage and dissemination for
purposes of research and policy decisions

36 | P a g e
  publishing national indicators for health, to measure quality of care and
progress against policy initiatives and SDG Goals
 Capacity building on health informatics, safety and security

4.2 Essential Elements of the National Digital Health Mission (NDHM)

The Institutional Framework of the NDHM will have to operate at two levels, namely
the Governance level and the Implementation level.

The Governance architecture of NDHM should comprise of the following elements

for it to be a successful enterprise.

● Clear and well-defined leadership structure with reasonable

autonomy
● Clear demarcation of roles and responsibilities
● Separation of policy, regulatory and operational functions
● Decentralized leadership and decision making
● Robust and transparent processes and systems

The implementation architecture of NDHM must incorporate key elements such as a

clear leadership structure, convergence between core ministries and departments,
citizen-centric approach and services, conductive policies, legal and regulatory
frameworks, appropriate technology architecture, information management and
security, infrastructure expansion, planning, monitoring and evaluation in a
comprehensive manner.

4.3 Global Experiences

Over the past two decades there have been several Digital Health initiatives that
were launched globally to improve the quality of health care and bring down the
healthcare costs. While some countries like the United States are ahead of the curve
in terms of the availability of Information and Communication Technology (ICT)
infrastructure, other countries are in the process of reforming their respective health
care sector and using IT as a key component of the process.

In England, the National Health Services-Digital (NHS Digital) is the national provider
of information, data and IT systems for commissioners, analysts and clinicians in
health and social care. It provides digital services for the NHS, including the
management of large health informatics programmes. They deliver national systems
through in-house teams, and by contracting private suppliers. These services include
managing patient data, the NHS Spine, which allows the secure sharing of
information between different parts of the NHS, and forms the basis of the
Electronic Prescription Service, Summary Care Record and Electronic Referral
Service.

37 | P a g e
In South Korea the Ministry of Health and Welfare (MOHW) created an organization
to maintain EHR. Several advisory committees were created for providing policy
directions and expert opinions. Two centres were created for carrying out system
development and the related researches: Implementation Center for Development
and Research, and Development Center for EHR. South Korea has been successful in
developing their digital health infrastructure due to reliable and cost-effective IT
platform, user-friendly application systems, standards, law, budgets, and strong
support from various stakeholder groups such as the Korean Medical Association and
citizens’ groups.
The experiences of NHS Digital in England and the South Korean Model are
particularly relevant for India and what we intend to achieve through the proposed
NDHM.

4.4 Indian Scenario: Comparative Analysis of existing Organizations

India has made remarkable progress in the Information & Communication
Technology (ICT) space over the past two decades. The IT revolution in India has also
had a positive impact on the public sector Governance Architecture in India which
led to some transformational initiatives like Unique Identification Number (UID-
Aadhaar) for almost all the residents of India, IT enabled platform for GST, IT systems
integration in banking sector and IT-enabled public service delivery.

While India has pockets of IT excellence within the Public Sector the application of IT
enabled systems has not been uniformly adopted across the entire Governance
System. The IT initiatives in the Health Sector in particular, have been fragmented
and compartmentalized hindering the realization of the full potential of ICT.

To develop a robust Institutional Framework for the National Digital Health

Infrastructure it is imperative to understand and analyze the institutional framework
of existing organizations that have been successful in implementing IT-enabled
services for the citizens. A detailed analysis of 8 existing organizations implementing
IT enabled services (namely, NSDL, UIDAI, GSTN, NIHFW, NPCI, NIC, CHI and NHA)
(Annexure: V) has been done along 3 different dimensions, namely
a) Nature of legal entity, ownership, mandate and services provided
b) Suitability of the organization/ its Model w.r.t the needs of NDHM
c) Pros and Cons of choosing an existing institution Vs Creating a New
Institution.

Following the analysis of the organizations it is concluded that none of the

organizations in its current form can take on the responsibilities of such large-scale
implementation of the specialized task of realizing NDHM. However, it is instructive
to pick up some specific features of these organizations, which are relevant and
essentially required for implementation of NDHB.

38 | P a g e
4.5 Recommended Institutional Framework of NDHM
Given the federal nature of Indian government and the fact that (a) Health is a State
subject, and (b) it is necessary to incorporate private sector (both service providers
and insurance), it is felt that an Institutional Framework which is a hybrid of GSTN,
UIDAI and NPCI should be considered. The following factors weighed with the
Committee in this regard:
a. Study of international Institutional Frameworks is suggestive of separation of
regulatory and implementation bodies. While regulatory body takes care of
policy making and policy administration, the implementation body should stay
close to market for voluntary adoption; build best technical solutions and
processes around products (building blocks), with security and privacy being of
great importance.
b. The model Institution should have a legal backing with right level of focused
leadership, to allow the necessary independence for hiring the best technical
staff at market rates, manage human resources, access to enough funds and
ability to co-opt the private players.

Following the analysis of existing Indian organizations and reviewing the

international case studies, it is proposed that the National Digital Health Mission
should be set up as a new organization. The following further suggestions are made:
a. To avoid duplication of activities the existing organizations handling
electronic records and with similar functions should be subsumed in the
new organization.
b. It is essential that both the Central and State Governments be the joint
owners or stakeholders in this new organization.
c. A combination of the GSTN and UIDAI models of institutional structure is
suitable for National Digital Health Mission.
d. Given the sensitivity of health data involved, Government should have
complete ownership of the proposed institution with flexibility to attract
private sector talent at appropriate levels of implementation, with
adequate safeguards.
e. The Structure of the Organization should include two separate arms -
one for regulation and the other for operational management as shown
in Figure 4.1

39 | P a g e
 Governace Vision &
Type Services
Structure Mission
PHR
Vision : To be the
Governing Body at
best health care Registries
Apex level
network globally
Mission : To Health ID
Govt. owned
organization provide every
Indian with access Open API
Board of Directors to digital health
based model for services Data Management
regulations
Technical Architecture

Figure 4.1 Vision and Mission of NDHM Organization

4.6 Roles and Responsibilities within the Institutional Framework
The roles and responsibilities at various levels of NDHM are suggested in Table 4.2

Level Roles Responsibilities

Apex Level  Policy formulation and regulation  Provide policy
related to National Digital Health direction
Mission
 Supervising the function of the entire
National Digital Health Mission
 Providing guidance to the National
Digital Health Mission at the highest
level
Board of  Administrative leadership to the  Develop financing
Directors National Digital Health Mission mechanism for
 Develop policy direction for National sustainability of
Digital Health Mission National Digital
 Develop models for self-financing of Health Mission
National Digital Health Mission
CEO  Implement policies and decision  CEO to have overall
approved by the Board of Governors at execution
ground level responsibility of
 Identify models for funding Operation the National Digital
 Coordinate with MoHFW and the Health Blueprint
States/UTs  Ensure private
 Engage with private sector to ensure sector participation
their participation in the National in National Digital
Digital Health Mission Health Mission
 Resolve technical and operation issues
at ground level
 Policy administration

40 | P a g e
 Operations  Manage Day to Day Operation at the  Overseeing all the
ground level activities of
 Capacity building of Health Informatics operation including
 Ensure smooth implementation of implementation,
National Digital Health Infrastructure training, support
and modifications

Table 4.2 Roles and Responsibilities

The administration/implementation of the NDHM will rest on the CEO and will
involve coordinating with different ministries/departments of the Government of
India and State Governments. Hence it is proposed that the CEO should be of the
rank of either a Secretary or Additional Secretary to the Government of India. The
decision related to active engagement of private sector will be managed at the level
of CEO to ensure up to date technology up gradation and effective
administration/implementation of the National Digital Health Infrastructure.

4.7 Core Digital Services to be offered by National Digital Health

Mission
The value of a Mission such as NDHM will be realized through the services it offers to
the Stakeholders. NDHM will be shaped as the Technology Arm of the Health Sector
of India. As such the focus of NDHM shall be primarily on the Technical Services it
offers to the various organizations comprising the NDHE, in the public, private and
NGO Sectors. However, given the nature of NDHB, it is necessary for the Mission to
provide certain generic/ common services relating to the health domain, to avoid
duplicative efforts by multiple States/ organizations.

While an exhaustive list of the digital services to be offered by NDHM will call for a
stakeholder consultation and detailed deliberations, the Committee thought it fit to
provide an illustrative list of the Digital Services of NDHM. The list is shown in
Annexure VI.

4.8 Financing Model

National Digital Health Infrastructure is a public good. Its funding model must reflect
this. In the earlier years, it must have budgetary support from the Government of
India to get the National Digital Health Infrastructure built and operational.

A study was conducted to understand key cost components associated with the set
up and running of organizations such as GSTN, UIDAI, NHA etc. to assist in the
estimation of budgets required to support successful formation and running of the
National Digital Health Mission.
It was observed that Development cost (Capital cost), People and Property
(operating costs) formed the major cost components of such organizations. For the
NDHM to be successful it will be important to undertake outreach activities with
public and privates sector players. The NDHM will have to co-opt market players like
41 | P a g e
MedTech companies, NGOs, Foundations working in Health space as it builds the
public utilities in the form of Registries, PHR, Health ID and Health Information
Exchange etc. The outreach organization will have to have strong presence in all the
states to ensure adoption of public utilities both by the state govt. as well as the
Health ecosystem players.
If the new organization raises a part of its funding through a transaction fee, it
drives a service orientation within the organization. However, it must be done
without the risk of diluting the public good nature of the Institution. This can be
done by using the concept of toll pricing model where no profit-making is allowed.

4.9 Recommendation in summary

The suggested model for the Implementation of the National Digital Health Mission
(NDHM) is as shown in Table 4.3

Type A new organization with a Governing Council and Board of

Directors
Ownership Government Owned body

Services Health ID; PHR; Registries: Open API for insurance and Health
Fiduciary (AA model)
Vision and Vision: To be the best health care network in the world
Mission Mission: To provide every Indian with access to digital health
services

Table 4.3 Suggested model for NDHM

The recommendations are as follows:
1. NDHM should be a completely government owned body to ensure appropriate
control within Govt. (Centre and States) as well as independence to deliver
technology infrastructure within stipulated time frames and a business
development orientation to co-opt the private players in the health eco-system.
2. The Institutional structure must include an organization with two different arms
- one to handle the policy and regulations and the other for operations and
service delivery.
3. Focus on providing concrete value to all players in the health ecosystem (Centre
and State, private and public, service providers, insurance and citizens) through
reduction in transaction costs, availability of infrastructure as public good and
simple processes for easy adoption are more likely to bear desired results.
4. Setting up a new organization to implement the National Digital Health
Blueprint.

42 | P a g e
Timelines Deliverables Outcomes
 CHAPTER 5
NDHM ACTION PLAN
5.1 Purpose of NDHM Action Plan
Any blueprint is as good as the systematic way in which is planned and implemented.
Preparation of a high-level action plan is therefore considered to be an essential part
of the National Digital Health Blueprint. The action plan outlined in this Chapter
seeks to serve the following purposes:

a) The Action Plan enables crystallization and definition of the Scope and
Outcomes of the initiative and to identify the Methods to be deployed for
the implementation of the Blueprint;
b) It provides the approach to Prioritization of various activities required to fulfil
the vision and objectives of the initiatives;
c) It paves the way for the establishment of the Institutional Structure at the
earliest;
d) It identifies the Core Building Blocks of the Blueprint and guides the action to
put them in place in a logical sequence;
e) It forms the rallying post around which can be created a widespread
awareness of NDHB;
f) It speeds up the process of creation of the critical mass of capacities and
capabilities required for a smooth implementation of NDHB.
This Chapter outlines the approach to address the above purposes effectively.

5.2 Scope of NDHM

The NDHB described in the previous chapters indicates, at different places, the
contours of the Scope of work to be done if a digital health eco-system is to be
established in the country. It is necessary to identify, collate and analyze all these
work items to know the precise scope of NDHM. The following requirements culled
from the previous chapters help us define the Scope more precisely:

a) Health and Well-being for ALL;

b) Health and Well-being at ALL Ages;
c) Universal Health Coverage;
d) Citizen-centric Services;
e) Quality of Care;
f) Accountability for Performance;
g) Efficiency and Effectiveness in delivery of services;
h) Creation of a holistic and comprehensive health eco-system.
The Action Plan must be designed to ensure that the scope as above is well-served.

43 | P a g e
5.3 Expected Outcomes
It is essential that clear outcomes are laid down for a major initiative like the NDHM,
so that all the stakeholders can work towards achieving a common set of goals. The
outcomes listed here are again culled from the previous chapters and collated for a
holistic view. The various artefacts and deliverables of NDHM should be designed
and developed in such a manner as to enable us to move in the direction of the
outcomes.

a) All citizens should be able to access their Electronic Health Records in a

convenient manner, preferably within 5 clicks;
b) Citizens need to undergo any diagnostic test ONCE ONLY, during the course
of an episode, despite taking treatment from different health service
providers;
c) Citizens should get Integrated Health Services at a single point, though
multiple agencies/ departments/ services providers are involved;
d) NDHM shall assure Continuum of Care to the citizens, across primary,
secondary and tertiary care and across public and private service providers;
e) A framework for Unified Communication Centre will be prepared to facilitate
voice-based services and outreach;
f) NDHM shall support national portability for healthcare services;
g) Privacy of personal and health data, and consent-based access of EHRs will
be the inviolable norm that shall be complied by all systems and
stakeholders;
h) NDHM will be aligned to the SDG’s related to health;
i) NDHM will enable evidence-based interventions in the area of public health;
j) Above all, the analytical capabilities of NDHM will support data-driven
decision-making and policy analysis.

5.4 Methods & Instruments recommended by NDHB

Adoption of methods established in the health and IT domains would enable a
systematic implementation of the blueprint. The following methods have been
recommended by NDHB:

a) Federated Architecture
b) Universal Health Id (UHID)
c) Electronic Health Records (EHR)
d) Metadata & Data Standards (MDDS)
e) Health Informatics Standards
f) Registries for NCDs
g) Directories of Providers, Professionals and Para-medicals
h) Legislation and Regulations on Data Management, with focus on Privacy and
Security
i) Data Analytics
Parallel streams of activities need to be initiated on all the above items.
44 | P a g e
 5.5 ‘Deliverables’ and Timelines
The essence of an action plan is the list of actions or deliverables, and the timelines
and responsibilities for the same. The Action Plan turns the Blueprint into an
actionable document through these deliverables. A list of ‘deliverables’ is given in
the Table 5.1. The following explanatory notes enable a correct appreciation of the
Action Plan

a) The deliverables are classified into 3 categories, namely,

i. Physical Deliverables (9 items)
ii. Digital Deliverables and (15 items, with 8 sub-items)
iii. Artefact Deliverables. (12 items)

b) The deliverables in each category are again prioritized as Immediate (within 6

months), Short-term (within 1 year) and Medium-term (within 18 months).
c) Responsibilities are not spelt out. These can be firmed up largely after an
organizational structure is put in place by the Ministry. As alluded to in
Chapter 4, some of the early deliverables need to be worked upon by an
‘interim organization’, so as not to delay the implementation phase.
d) There are 15 Actionable Items in the immediate category, 12 in Short-term
and 9 in Medium-term – 36 items in all. It is critical to identify and position
appropriate resources to work on the various deliverables.

Timelines Physical Digital Deliverables Artefact Deliverables

Deliverables
Immediate 1. Design, Procure 1. Design and establish 1. Develop Federated
(0-6 months) H-Cloud Personal Health Enterprise
2. Establish Secure Identifier (PHI) Architecture, adopting
Health Network 2. Design and establish Agile IndEA Framework
for accessing Electronic Health Record 2. Develop approach to
Core and Critical (EHR) system working with
Health Data 3. Design and Develop Core States/UTs
3. Establish Health APIs 3. Develop approach to
Information 4. Design, develop and working with private
Exchange (HIE) establish Consent sector (health & IT
for Manager service providers)
interoperability 5. Establish MyHealth App 4. Assessment of Legacy
and integration. 6. Design, develop and Systems for
populate Health conformance to NDHB
Directories (Master data 5. Design Organization
of professionals, Structure for NDHM
institutions) 6. Design and implement
a Plan for Adoption of
Health Informatics
Standards, including a
system of incentives for
adoption.

45 | P a g e
 Timelines Physical Digital Deliverables Artefact Deliverables
Deliverables
Short-term 4. Establish SOC, 7. Establish National 7. Design and notify
(6-12 NOC and Privacy Health Portal NDHM Security Policy
Months) Operations 8. Design and establish 8. Design and notify
Centre (POC) Health Locker NDHM Privacy Policy
5. Establish special 9. Design and Develop 9. Design Performance
connectivity and Health Analytics system Management System
IT Infrastructure 10. Design and Develop and SLAs
for identified Anonymizer
Remote Areas. 11. Integrate PMJAY with
6. Establish NDHM
Telemedicine 12. Establish NCD Registries
Infrastructure
Medium 7. Establish GIS/ 13. Design, develop and 10. Design and implement
Term Visualization launch Common Capacity Building Plan
(12-18 Platform(s) Applications including 11. Design and implement
Months) 8. Establish Health  Hospital Info Sys Plan for Clinical Audit.
Call Centre(s)  Emergency Mgt Sys 12. Architecture for
9. Establish C4  E-Pharma Integration with CRS of
(Command,  Wellness Centres Registration of Births &
Control & Mgt Deaths
Communication  Ayush
Centre).  Screening
 MEDucation
 CDS(Clinical Decision
Support System)
14. Localization Tools
15. Design and Develop
Health Schemes Mgt
system(s)

Table 5.1 NDHM Action Plan for 2019-20

46 | P a g e
 Figure 5.1 Suggested Acton Plan for NDHM

47 | P a g e
 Annexure I

Composition of the Committee on NHS

The Ministry of Health & Family Welfare, through its Office Memorandum T-21 016178/2018 eHealth
dated 12th November 2018, constituted a Committee on NHS, with the following composition:

1. Shri J. Satyanarayana, (Former )Chairman, UIDAI & former Secretary, MeitY - Chairman
2. Shri Sanjeeva Kumar, Addl. Secretary, MoHFW - Member
3. Special Chief Secretary(Health), Government of Andhra Pradesh - Member
4. Additional Chief Secretary(Health), Government of Madhya Pradesh - Member
5. Mr. M. S. Rao, lAS, President & CEO, NeGD - Member
6. Shri Alok Kumar, Advisor(Health), NlTl Ayog - Member
7. Shri Lav Agarwal, Joint Secretary(eHealth), MoHFW - Member
8. Nominee of Secretary, MeitY - Member
9. Nominee of CEO, NHA, MoHFW - Member
10. Dr. Neeta Verma, DG, NIC - Member
11. Shri Gaur Sunder, Joint Director, CDAC, Pune -Member
12. Director(eHealth), MoHFW -Convener
13. Dr Pallab Saha, Chief Architect, The Open Group (Co-opted by the Chairman)
14. Dr Manoj Singh, Professor, AIIMS (Co-opted by the Chairman)

48 | P a g e
 Annexure II

Composition & ToRs of the Sub-Groups formed by the Committee

Sub-Groups Chairman Members Deliverables

Scope, Shri Lav 1. Dr. Sachin Mittal, 1. List domain areas of high
Principles & Agarwal, Director MoHFW priority and of high impact,
Services JS (eHealth)- 2. Sh. Ankit Tripathi, with a focus on Wellness;
MoHFW Addl. Director -CHI, 2. Revise objectives of NHS so as
3. Smt. Madhu Raikwar, to balance domain
Director, CBHI, requirements with technology
MoHFW interventions;

Building Dr. Neeta 1. Mr. Kiran 1. Identify and Define the Building
Blocks & Verma, DG, NIC Anandampillai, Blocks for Domain and IT;
UHID Representative- 2. Structure of registries for NCDs
PMJAY like Cancer, Diabetes etc. ;
2. Dr. Pallab Saha, The 3. Harmonization and
Open Group consolidation of Id’s – Unique
Health ID, NIN, NHRR;
4. Recommendation on the need
for another ID, like UHID

Standards & Mr. Jaideep 1. Mr. Gaur Sunder , 1. Minimum Standards required
Regulations Mishra JS, CDAC Pune for adoption of EHR in a phased
MeitY 2. Mr. Manoj Singh, manner, including standards
AIIMS relating to wellness;
2. Feasibility of defining Indian
standards in Health domain;

Institutional Shri Alok 1. Smt. Kavita Bhatia, 1. Reforms required in current

Framework Kumar , MeitY structures;
Advisor(Health) 2. Dr. Sachin Mittal, 2. Reforms required in current
NITI Aayog Director MoHFW major schemes;
3. Sh. Ankit Tripathi, 3. Institutional framework for the
Addl. Director -CHI, development and
MoHFW implementation of NHS.

49 | P a g e
 Annexure III

Comparative Analysis of 4 Initiatives on Facility Registries

NIN ROHINI NHRR PMJAY

Background Initiative by Insurers Initiative by Initiative to capture detailed
MoHFW to came MoHFW to use a info from secondary and
create a together to survey tertiary care hospitals for
registry of create this methodology to list empanelment
Hospitals in DB to every health facility
the country eliminate in the country
fake
hospitals in
insurance
claims
Process CHI IRDA CBHI NHA
Owner
Coverage 250 K public 15K private Public and Private 14K public and private
facilities from facilities facilities including facilities empanelled under
sub centres who are clinics, diagnostic PMJAY
upwards active in centers (Going on -
health Likely to be > 10
insurance lakhs)
Basic Info YES YES YES YES
Detailed NO NO YES YES
Info
Process to YES YES Under YES
Update Development
Incentive NO YES NO YES
for facilities
to
participate
Trusted Verified by Verified by Respondent based Verified by District
Data District Insurer / Administration
Administration TPA

50 | P a g e
 Annexure IV

Comparative Analysis of 3 Archetypes for PHI

Centralized Federated Decentralized
Definition A single Different stand- Multiple entities contribute to a
organization alone entities, decentralized digital identity;
establishes and each with its user controls sharing of identity
manages the own trust data
identifiers anchor,
establish trust-
based
interactions
with each other.
Level of Adoption Adoption Trust dependent on trust anchors
Adoption & dependent on dependent on and attestations
Trust value; trust establishing
dependent on trust
system owner relationship;
and identity trust dependent
proofing on identity
proofing
Strengths Can be built Users can access Increased user control and
with specific a wider range of reduced amount of information
purpose in services; collected and stored by
mind; potential efficiency for organizations
for organizations
organizational
vetting of
identity data
Challenges Generally low Generally low Governance model, acceptance
user control; user control; and participation is complex;
centralized risk high technical evolving landscape; complex
and liability; and legal liability
potential for complexity
abuse

51 | P a g e
 Annexure V

Mistakes to be avoided in Designing EHR

52 | P a g e
 Annexure VI

Status of 8 Existing IT-driven Organizations

Institution/ Type Ownership Services Mandate

Organization
NSDL For Profit Equity stake NSDL provides various
Organizati of multiple services in the capital To Serve the
on banks market like, clearing nation with
public and members, stock Technology,
private and exchanges, banks and Trust and Reach
National issuers of securities and ensure that
Stock every Indian
Exchange became a
prudent investor
UIDAI Statutory Ministry of Unique Identification To provide good
Electronics numbers (UID), governance,
and named as “Aadhaar”, efficient,
Information to all residents of transparent and
Technology India targeted delivery
(MeitY) of subsidies and
benefits to
residents of
India through
assigning of
unique identity
numbers
GSTN Not for The central The GST System To become a
Profit and state Project is a unique trusted National
Organizati government and complex IT Information
on s own 49% initiative that Utility (NIU)
equity and implements a uniform which provides
Balance tax regime across the reliable, efficient
51% equity country and robust IT
is with non- Backbone for the
Governmen smooth
t financial functioning of
institutions the Goods &
Services Tax
regime
NIHFW Autonomo Ministry of NIHFW is housing the The National
us Health and National Health Portal Health Portals
organizati Family mandate is
53 | P a g e
 Institution/ Type Ownership Services Mandate
Organization
on, under Welfare collecting,
the verifying and
Ministry of disseminating
Health and health and
Family health care
Welfare, delivery services
Governme related
nt of India information to
all citizens of
India
NPCI Not for Consortium Payment Gateway To touch every
Profit of 56 Banks Services Indian with one
Organizati public and or other
on private payment
services
NIC Associated Ministry of IT services to the Provide the
Office of Electronics Government of India. Technology
Ministry of and Some key services Backbone to all
Electronics Information managed by NIC for Govt.
and Technology the Ministry of Departments
Informatio Health and Family
n Welfare and CHI
Technolog include
y (MiETY) RCH, Mother Child
Tracking System
(MCTS), Online
Registration System
(ORS), Beneficiary
Identification system
(BIS) etc.
CHI Society Ministry of RCH/ NHM, Training To act as think
Health and Unit tank, catalyst &
Family HIV/ Surveillance innovator for
welfare Unit, Health Policy management of
Unit public health
Public Health and related
Education & Research health & family
Consortium (PHERC) welfare
programmes

54 | P a g e
 Institution/ Type Ownership Services Mandate
Organization
NHA Authority Chaired by Implementing To develop IT
Health Running of PMJAY components
Minister, important to
Has cross Health Sector
functional
team for
Health
Sector

55 | P a g e
 Annexure VII

Illustrative List of Digital Services to be provided by NDHM

S. No Name of the Digital Service provided

Citizen/Patient Services
1 Single, Secure Health Id to all citizens
2 Personal Health Record
3 Single (National) Health Portal
4 App Store
5 Specialized Services for Remote Areas/ Disadvantaged Groups
6 NDHM Call Centre
7 Digital Referrals & Consultations
8 Online Appointments
7 e-Prescription Service
8 Digital Child Health
9 National “Opt-out” (for privacy)
Services by / for Healthcare Providers/ Professionals
10 Summary Care Record
11 Open Platform to access Emergency Services
12 Technology for Practitioner (GP) Transformation
13 Digital Referrals, Case Transfers
14 Clinical Decision Support (CDS)
15 Digital Pharmacy & pharmacy Supply Chain
16 Hospital Digitization (HIS)
17 Digital Diagnostics
Technical Services
18 Architecture & Interoperability
19 Health Information Exchange
20 Standards
21 Health Network
22 Data & Cyber Security
23 Information Governance

56 | P a g e
57 | P a g e