Friday, July 30, 2021

What must your Data Backup Strategy include?

Information is of critical importance to healthcare organizations. With the increase in pace of digitization in healthcare, the volume of health data is increasing exponentially. with all digital data, the need to protect medical records against loss or corruption becomes even more critical.

Protecting electronic medical records and other forms of digital medical data is essential.
A robust data backup strategy can help you do just that

In todays times, Healthcare data backup and data recovery are critical components of every health IT infrastructure.

Hospitals cannot be careless about data backup. Their data is crucial for providing dependable care for patients.

Our Data Management team at Plus91 has put together this short set of pointers for you to get a gist of what a good data backup strategy should contain.

Onsite Backups:

When a server crashes or fails, it is helpful to have data backups on hand for easy restoration. Onsite backups are often faster to restore than cloud backups and almost always faster than offsite tape backups.

Offsite Backups: 

Onsite backups are valuable, but they cannot be counted on alone. Should something disastrous happen to the data center, it could also damage any backups you have in the building. For that reason, it is always wise to have copies of your backups offsite where they can be accessed manually or through the cloud. 

A Backup Schedule: 

Backups are not a one time activity. The data in your systems must be regularly and consistently backed up. For this it is effective to setup a clear defined schedule which is known by everyone within the IT team.

Backup Verification and Testing: 

Due to software and system glitches, a scheduled backup may fail sometimes. To ensure that everything is working smoothly, Backups need to be tested regularly. Also, the IT staff must be trained on how to access and restore their data backups as quickly as possible.

Organized Storage System:  

The storage repository/driver for backups must be well organized. backup files must be labelled appropriately. If the labeling system is clear and organized, the backups will be useful when needed faster. An IT  team shouldn't have to commit extra time digging through box after box of tape (or randomly labelled backup files on a drive) looking for a specific backup from a specific date several years ago.


Sunday, May 9, 2021

Benefits of signing up with NDHM for a Doctor

The National Digital Health Mission (NDHM) has been busy signing up doctors into the Digi-Doctor portal in 6 union territories and is being met with a mixed response. The Digi-Doctor Portal will act as a registry for the doctors and provide services to them and their patients. The services will be provided on the backbone of digital data portability initially related to patient demographic information and clinical data but later to expand to claims, prescriptions, and more. 

While voluntary, the government is urging doctors to sign-up. Before we do list the benefits of the NDHM framework for doctors it would be good to list the reasons the doctors may not want to sign-up as per a few snippets floating online. 
Three stand-out reasons put forth are:

  • Doctors in general, will not be comfortable sharing their treatments and protocols with others, either for reasons of knowledge protection but more importantly due to opening themselves to malpractice suits.

  • Some doctors who indulge in the same may feel their referral system under duress as NDHM ensures Diagnostic reporting is done a minimum number of times due to data being shared easily under consent.

  • Lastly, there is some talk of having a standardized price list (already attempted under the Clinical Establishment Act) having to be shared as part of the NDHM sign-up, which may affect what the doctors charge for their services. While this standardization attempt is still speculation in terms of how it will be attempted or what it entails, this particular point will affect all doctors and hospitals irrespective of them being signed up or not and hence becomes moot.

Now to another important factor. All good doctors believe in the Hippocratic oath. It is seen so vividly in their fight against the COVID-19 waves, going out of their way to help their patients, sometimes at the cost of their own lives. Assuming that NDHM is securely and constructively implemented as envisioned, their belief in their oath should be enough of a reason to sign-up. Because simply put, having clear historical medical data of a patient and access to the latest reports helps them and the next doctor (when they contribute) make better decisions and hence helps their patient. That should be enough. 

But if it's not enough, here are a set of clear benefits for the doctors. Note: Many of these benefits are dependent on the doctors signing up, providing growth via a feedback loop for an even bigger benefit as the network size increases.

Some of the Administrative benefits are:

  • License Renewal: What is promised a simplified license registration, license renewal, and NOC (No Objection Certificate) issuance when moving from one state to another now that there will be a single national registry as opposed to multiple councils and requirements they come with. With the process now online and digital with Digi-Doctor being integrated with various council systems, the pain many doctors feel today in renewing their license will be greatly reduced.
  • A barrier for quacks: The registration process and then subsequent listing in the authorized registry will weed out the quacks that cause harm not only to patients but also to the reputation of doctors in general. These quacks also cause a decrease in revenue, as patients flock to these places which offer cheaper services. But only if doctors do register in numbers, can the registry be effective in weeding them out.
  • CME Credit tracking: A new system will also be introduced to track CME (Continued medical education) credits effectively online to ensure Doctors are aware of where they stand and do not need to jump through hoops to get their credits counted.
  • Faster Insurance approvals: Getting Insurance for the clinic or hospital owned by the doctor or the doctor’s malpractice indemnity will become much easier and faster once a doctor is verified in the authenticated registry. 

The Patient and Work-related benefits are:

  • Access to Patient History: The main benefit of this whole exercise. Access to an accurate and complete history of the patient. As more doctors and organizations sign-up, a more complete picture of a patient’s medical history will form up. Access to this history will ensure better care for the patient through better decision making, lesser errors (e.g. medication adverse events) than what occurs today due to partial knowledge, and quicker response times due to having data readily available. Providing better continuity of care is a key benefit each doctor must consider.
  • Tele-Consultations: Accessibility and authorizations to conduct teleconsultations plan to be brought under the ambit of NDHM. NDHM registered Doctors will be showcased on various government portals and registries as providers of teleconsultations. 
  • Access to Global Standards: As a part of the digital framework Doctors will get access to various standards and protocols along with disease and drug registries.
  • Access to Government Programs and Studies: Verified doctors will be considered for or apply for various government grants or be part of government health programs, research studies, etc. 

The Business-related benefits are:

  • Online Presence: Greater discoverability of verified doctor profiles with their professional work history/journey instilling higher trust amongst patients on a national platform. They can share this profile link on social media or on other sites to increase their patient flow. Doctors will also be given recognition on the portal by the NHA based on various parameters, including the number of medical records contributed increasing their profile further.
  • Access to Additional services: The NHA (National health authority) is planning to roll out additional services or allow 3rd party secure vendors to roll out services for doctors registered on the Digi-Doctor platform. Almost like a private marketplace for Doctors. 
  • Storage of records: Using the Digi-doctor platform Doctor may get access to secured digital storage which can be used to store digital copies of their licenses, degree, and other critical credentials. Digitally verified versions of these documents will be considered legal to share.
  • Patient insurance claims: The flow of payments between Insurance ←→ Hospital ←→ Doctor will speed up considerably, once we experience quicker claim turnaround times when the e-claim process is in place. This will reduce cash flow problems which several doctors do face from time to time due to delays in claim processing. 

There is apprehension amongst the Doctor community as there is with any Government registration process on whether it will infringe on their rights or bring in regulation that is detrimental to their wellbeing or livelihoods. 

The NHA for its part has started outreach programs at least in union territories so far to allay these fears. Their framework and plans so far speak of the good intentions of the ministry of health and family welfare (MOHFW). 

The question remains, will all these benefits outweigh the few niggling doubts in the minds of our current day superheroes.



This article is authored by Aditya Patkar, CEO at Plus91

Tuesday, May 4, 2021

Can we figure out who might become a superspreader?

SARS-CoV2 has a feature that is common with SARS-Cov and MERS. 

The majority of people who catch this bug don’t infect anyone else. Most of the transmission is done by a small number of people, potentially fewer than 20% of those who become infected. These people, who inadvertently are responsible for spreading the virus are termed "Super Spreaders"

Now a lot of epidemiologists don’t like the term "Super spreader". They prefer to talk about super spreading events. But, this is something who knows a bit about epi's will accept - they talk in terms of events more than people. In any case, the fact remains, a minority of people are responsible for a majority of cases.

In 2020, Dillon C. Adam, a visiting research fellow at the University of Hong Kong and Ben Cowling, a professor of infectious diseases epidemiology at the same university, co-wrote an opinion piece in the New York Times on the phenomenon, arguing that if authorities focused on preventing the types of activities that allow super spreading to occur — crowded events, sharing close spaces with others — more onerous measures wouldn’t be needed. Now Prof. Cowling wonders if there is a way to figure out the types of people who are more likely to be super spreaders.

It’s the question that weighs on Vineet Menachery’s , a coronavirus expert at the University of Texas Medical Branch, mind, too. “If we can decipher what makes a person a super spreader, it can change the dynamics of outbreaks and how we deal with them, now and in the future,”

What makes a few feel this could lead to a wild goose chase is that there aren’t obvious clues to pursue.

We know the virus that comes from super spreaders is not different in terms of its genetic sequence. We know there is no link with disease severity. And , there is no evidence for age, sex, or co-morbidity in the spread.

But - and this is a good but, these clues are not obvious yet. I believe that last set of lines should end with the words "so far". We have barely studied the data from the pandemic so far. Patterns and clues of some kind will emerge.

Also, these are not the only markers or clinical demographics so to speak.


Just Stop the Superspreading

COVID-19, SARS and MERS: are they closely related?

Hong Kong Quarantines a Few to Spare the Many. The Few Aren’t Happy.

How SARS-CoV-2 first adapted in humans 

Clues to COVID-19 coronavirus's vulnerability emerge from an antibody against SARS

Monday, May 3, 2021

An overview of NDHM's Technology

National Health Authority (NHA) has been working on a new-age ecosystem for healthcare data for India, one which allows seamless availability and interoperability of Personal Health Records to authorized people, they started designing the new ecosystem network such that data is available always to the patient all the time. Further, patients can choose to share their data with their health care providers securely.

Since the implementation was envisioned to be in a mission mode, the initiative was named, and is currently referred to as the National Digital Health Mission (NDHM). 

NDHM Architecture

NDHM is employing a federated architecture for its ecosystem. That means that management and data access occurs in a federated manner where different entities or systems will manage the health data.
There is no central data storage controlling and storing data.

Using the Federated Health Records Framework (FHR), patients can access and view their health records, and provide consent to any HIPs and HIUs to access their data.

To ensure smooth consented data sharing and time-bound data access, it is necessary to make the data traceable and auditable. Therefore the FHR Framework architecture leverages MeitY's Data Empowerment and Protection Architecture (DEPA) electronic consent framework, which is already being used in the financial sector.

Here are some interesting technical features of the NDHM ecosystem

FHIR for all Medical Data

One of the prevalent problems in the healthcare software landscape is that software providers have their own proprietary data structures and way of dealing with medical data. Despite having various standards available in the industry, very few providers use them correctly. This affects interoperability between systems. That is why it was required that all the systems on the ecosystem use the same standards for medical data so that data is interoperable. This is why the FHIR(Fast Healthcare Interoperability Resources) Specification was chosen as the data exchange format.

Asynchronous APIs

All the APIs(Application Programming Interfaces) of NDHM are asynchronous APIs. That means that you do not get the response of your requests synchronously but the response is sent back to your endpoints as a callback once your request is processed. This is a pretty standard technique in large distributed systems, and its use is expected and welcomed.  As things start moving forwards, more providers will join and the number of transactions will grow exponentially. This model allows them to scale the network easily as we move forward.

It is also important to know that plenty of interactions happen between Health Information providers (HIPs) and each HIP software may handle requests differently. So making the API calls asynchronous, helps manage the variable serving capabilities of different HIP software graciously.

Patient Privacy & Security Features of NDHM

Privacy of the Patient Data is crucial and a lot of people are not comfortable with sharing their personal health data on central servers, especially sharing them with the government without their consent. The model that was adapted for this handles this concern very well. 

Let's see how this is handled to ensure patient privacy is ensured,  and it's the patient who owns the data.

HIPs can only create data if authorized by the Patient:

HIPs cannot create any data against a Health ID without first being authorized by the Patient. HIP obtains an Auth Code from NDHM Gateway by one of the following authorization methods:

  • Demographics Verification - Patient Demographics data supplied by HIP matches the Demographics data registered with the Health ID
  • Mobile OTP - Patient shares OTP sent to registered mobile number with the given health ID
  • Aadhar OTP - Patients shares OTP sent to the mobile number registered to Aadhar No associated with the given health ID
  • QR Code Share - Patient has the option to share their health ID by scanning the QR code available to the registration desk and the given HIP receives Patient Information and the Auth Code.
This ensures that no health data against a patient Health ID is being created without the patient’s approval.

An HIU(Health Information User) can only get past health records of other HIPs if consented by Patient

Other HIU's do not get a Patient’s past health records generated by other HIPs without the patient’s consent. If an HIU wishes to receive the past records, HIU needs to generate a Consent request with the following information:
  • Types of Health Data (OPConsultation, Prescriptions, Diagnostics Records, Discharge Summary & Immunization)
  • The purpose for Requesting Data
  • The date range of the data required
  • Consent Expiry - On consent expiry, this health data get destroyed from HIU’s system
As soon as this request is generated, the patient is notified about this consent request and he can review the request in the PHR app. The patient will be able to see all the data requested by HIU as mentioned above. Not only can the patient review the data but the patient also has the option to modify the request data( e.g. change consent expiry or type of data he/she wish to share or even change the date range of health records requested). This data is only shared with the HIU if the patient approves the consent request. If he denies the request, HIU does not receive this data.

Not only can patients review these things, but the patient can also decide to prematurely revoke access to any HIU‘s approved requests. If a patient decides to revoke access, the corresponding data will get destroyed from HIU’s system.

This mechanism ensures that patients always have control over their data.

Peer to Peer Data Transfer Between HIP & HIU

As mentioned earlier, a lot of patients are uncomfortable about their private health records being available to and accessed by the government. To avoid this altogether, NDHM never handles the data themselves. The NDHM Gateway only coordinates the connections between HIP and HIU. The actual data transfers happen between HIP & HIU directly and it is effected using a peer-to-peer connection. It does not pass through NDHM, and so there is no way NDHM can access the data.

Data exchange between the HIP & the HIU also happens using encrypted medical records above the standard TLS connection. This adds an additional layer of encryption for medical data.

The ECDH (Elliptic-curve Diffie–Hellman) key agreement protocol is used for this. The HIP & the HIU generate their own pair of public-private keys using curve25519 elliptic curve. This curve provides 128 bits of security for the data being encrypted.

The HIP will use its own private key and the HIU’s public key to compute a session key and encrypt the content using an AES GCM cipher. The HIU can use their private key and the HIP’s public key and compute the session key to decrypt the data. So even if the encrypted data is leaked, no one except these two parties can encrypt/decrypt the data.

Final Thoughts

The NDHM is a wonderful initiative by the government to streamline the healthcare landscape in India today. At this time, all the health data is available as silos within different solutions and systems. It is very difficult, if not impossible, to make the data interoperable between systems. Consequently, it is difficult for patients to access the data across these silos and manage it properly within a system of theirs choice. This project has the ability to revolutionize the industry. This could be the UPI of Healthcare.

It is one thing to have a concept and another thing to implement and execute it. So far NDHM seems to be going in the right direction.  And there is hope that it will continue to do so. 
Technology is being given equal importance to gain the trust of all players involved in this industry.

Privacy and Security have been a prime priority in the project as you can see from the above article, this is an oft-ignored aspect in old projects. Hope it continues to stay this way.


This blog post has been co-authored by Kishan Gor , Aditya Patkar and Nrip Nihalani