was looking for some light reading when I came upon this book in the library. It talks of the dangers to privacy and identity theft in the 21st person. The title says "The death of privacy in the 21st century". The title is completely misleading. It focuses completely on America, so it should have been named appropriately. It talks of metal detectors at schools and federal buildings. People in India would have a tough time believing that recorded telemarketing calls have been banned in the US. In India, of course we continue to receive telemarketing calls, recorded or otherwise, despite the presence of the "Do Not Call" registry.
Most of the chapters begin with fictional scenarios and fictional technology. He clearly marks them out as fictional and then goes on to issue warnings based on those fictional scenarios. It makes for rather good reading at some points and is an interesting view of how the health industry deals with patient information in the U.S. The health insurance industry tracks information from various care providers in order to calculate insurance premiums. Apparently hospitals in the US freely share patient information with various health insurance companies, very similar to the way Indian banks share information with other banks using the CIBIL.
Reading the book brings into sharp focus the lack of systems in India. The SSN system has been in use in the US for many decades. It provides a unique number to each American citizen and is used by various systems to track people for various systems. However, that system has flaws because there is no national databank. The government and its agencies keep track of people using systems that do not really talk to each other. The book talks about a US govt. plan to build a national database in 1965 ultimately got shelved because of privacy concerns. So instead of tracking data in one place, various businesses track it in many places, sometimes very inaccurately.
Since learning from others is much cheaper than learning from experience, there are profound implications for India’s UID scheme. Not only is the UID or the AADHAR number system necessary for targeting government subsidies and policies, it is actually necessary for ensuring that private businesses have a government approved and regulated repository to refer to. If no central repository is created, the private firms will end up creating discrete private databases which may contain inaccurate information. With the government controlled database, access policies would be regulated and companies would face scrutiny about the kind of access that they request. It would not be too difficult to correct any inaccurate information as well.
The UID is just the first step; a national health database
would be created once the UID is in place. This will ensure that everybody’s health records are all stored at one location and can be easily accessed by doctors, hospitals and the health-insurance companies. Fundamentally, it would be a health record from the cradle to the grave. So the health insurance companies would be able to decide on what premiums to charge without expensive medical tests.
Of course, the leakage of this medical record information would have a very serious impact. You really would not want your employer to know what diseases your parents have/had. Employers would be tempted to discriminate on the basis of your medical records. I mean, if an employee has a pre-disposition to high blood pressure, would the employer really want to know about it? If they did, would they really feel comfortable putting the employee in high stress situations? What if the employee has a heart attack on the job? Would the employee’s family claim that the employer put his life in danger, knowing full well that the job was a risk to his health?
Today, employers do not have complete medical records of their employees. Even if a national health database becomes a reality, would employers want to get access to this information?
Of course, health insurance companies would be able to raise group rates in a much more open manner. They would be able to tell the employer, "Look, employees number 107841 and 102020 are the ones on the extreme edges of the bell curve. Fire them, and your group insurance rates will be much lower". As the IT systems get more and more integrated in India, the above scenario would occur at some time. It is bound to occur; it is the logical end point. It does not require a central database; smaller in-company databases can talk to each other and bring about the above scenario.
With a centralized database, citizens would probably know what information is there about them in the database and be able to correct it, if necessary. With private databases, the companies would be under no pressure to correct the information.
by Simson Garfinkel ISBN-13: 978-0-596-00105-6 published on December 4, 2000.CDAC press release about the national health database. The UIDAI project.