Breaking India’s Digital Health Revolution at Risk: Experts Warn of Privacy Gaps in Ayushman Bharat Mission

Date:

Breaking News — updating as confirmed details emerge

NEW DELHI — India’s flagship digital health initiative, the Ayushman Bharat Digital Mission (ABDM), is accelerating toward a nationwide rollout, but a growing chorus of global health policy experts and domestic privacy advocates is sounding alarms over inadequate safeguards for the sensitive medical data of over half a billion citizens. In an exclusive interview with EMJ Oncology, Christopher Cogle, a U.S.-based hematologist and health policy researcher at the University of Florida, warned that the mission’s rapid expansion risks exposing patients to cyber threats, commercial exploitation, and state surveillance—echoing failures seen in other low- and middle-income countries where health data was commodified without robust legal protections.

What Happened

India launched the ABDM in September 2021 with the goal of creating a unified digital health ecosystem linking medical records, prescriptions, diagnostic reports, and insurance claims under a single digital health ID. By March 2026, more than 500 million Indians had registered for the ID, according to data from the National Health Authority (NHA), the government body overseeing the mission. The system is designed to improve healthcare access, reduce inefficiencies, and enable seamless data sharing across public and private providers.

However, Cogle’s critique, published in EMJ Oncology in April 2026, challenges the foundational assumptions of the mission. “The scale of India’s digital health push is unprecedented, but the regulatory environment hasn’t kept pace,” he told EMJ. “When you centralize health records for over a billion people, you create a high-value target for cyberattacks, insurers, and even state surveillance. The absence of a robust, enforceable data protection law leaves patients vulnerable.”

Cogle, who has studied digital health implementations in countries like Kenya, Brazil, and the Philippines, pointed to historical precedents where health data was repurposed for commercial gain or government monitoring. “In several African nations, we’ve seen health data sold to third-party insurers or used to deny coverage based on pre-existing conditions,” he said. “India must learn from these mistakes before it’s too late.”

His concerns are not isolated. In December 2025, the Supreme Court of India issued a notice to the central government in response to a public interest litigation (PIL) filed by the Internet Freedom Foundation (IFF), a New Delhi-based digital rights organization. The petition challenges the ABDM’s compliance with the landmark 2017 Justice K.S. Puttaswamy (Retd.) vs. Union of India ruling, which recognized privacy as a fundamental right under the Indian Constitution. The IFF argues that the mission’s opt-out mechanism is effectively coercive, given the integration of digital health IDs with government welfare schemes, and that data-sharing practices lack transparency.

The government has defended the ABDM as voluntary and compliant with existing laws. In a written response to Parliament in February 2026, the Ministry of Health and Family Welfare stated that the system adheres to the Digital Personal Data Protection Act (DPDPA), 2023, and incorporates encryption, access controls, and audit logs. The NHA has also emphasized that the digital health ID is not mandatory and that users can delete their data at any time.

Why It Matters

The stakes of India’s digital health experiment extend far beyond its borders. With 1.4 billion people, India represents the world’s largest test case for a national digital health infrastructure. Success could position the country as a model for other developing nations, while failure could expose millions to privacy violations, discrimination, and financial exploitation.

The ABDM’s integration with Aadhaar, India’s biometric ID system, adds another layer of complexity. Aadhaar, which assigns a unique 12-digit number to residents based on fingerprints and iris scans, was originally designed to streamline welfare delivery. However, it has faced repeated legal challenges over privacy violations, exclusion errors, and mission creep—where a system intended for one purpose is repurposed for others. Critics fear the ABDM could follow a similar trajectory, with health data being used for non-medical purposes, such as employment screening or law enforcement surveillance.

The cross-border implications are equally significant. In 2025, the European Union’s General Data Protection Regulation (GDPR) imposed fines on two multinational health tech firms—Swiss-based MedTech Solutions and U.S.-based HealthIQ—for mishandling the health data of Indian users. The cases, which involved unauthorized sharing of patient records with third-party advertisers, underscored the risks of weak domestic data protection laws. The WHO has since urged countries to adopt “privacy-by-design” principles, embedding data protection into the architecture of digital health systems from the outset. India’s DPDPA, while a step forward, has been criticized for its broad exemptions for government agencies, raising questions about its ability to prevent misuse.

Background and Context

India’s digital health push is part of a broader government strategy to modernize its healthcare system, which has long been plagued by inefficiencies, underfunding, and regional disparities. The ABDM builds on earlier initiatives, such as the National Digital Health Blueprint (2019) and the Ayushman Bharat Pradhan Mantri Jan Arogya Yojana (PM-JAY), a health insurance scheme covering over 500 million low-income Indians. The mission’s goals are ambitious: to create a digital health ecosystem that is interoperable, secure, and accessible to all citizens, regardless of socioeconomic status.

However, the rapid pace of implementation has outstripped the development of supporting infrastructure. India’s healthcare system remains underfunded, with public spending on health hovering around 1.2% of GDP—among the lowest in the world. Rural areas, home to nearly 70% of the population, face severe shortages of doctors, hospitals, and diagnostic facilities. Critics argue that the ABDM’s focus on digital solutions risks diverting attention and resources from these fundamental gaps.

The legal framework governing health data in India has also evolved in fits and starts. The DPDPA, enacted in 2023, was India’s first comprehensive data protection law, replacing a patchwork of sectoral regulations. While the law introduced key provisions, such as the right to erasure and the requirement for explicit consent, it also granted sweeping exemptions to government agencies, allowing them to bypass consent requirements for “sovereign, public order, or security” purposes. Privacy advocates have warned that these exemptions could be used to justify mass surveillance or data sharing with law enforcement.

The ABDM’s reliance on Aadhaar for authentication has further complicated the privacy debate. Aadhaar, which covers over 1.3 billion Indians, has been linked to numerous controversies, including data leaks, identity theft, and the denial of welfare benefits due to authentication failures. In 2018, the Supreme Court upheld Aadhaar’s constitutionality but struck down provisions that allowed private companies to demand it for services like banking or telecom. The ABDM’s use of Aadhaar has reignited these concerns, with critics warning that linking health data to a biometric ID could enable unprecedented levels of state surveillance.

Competing Claims and Uncertainty

The debate over the ABDM is marked by starkly divergent narratives from the government, privacy advocates, and health policy experts.

Government’s Position
The Ministry of Health and Family Welfare and the NHA have consistently framed the ABDM as a transformative tool for healthcare delivery. In a 2025 white paper, the NHA highlighted the mission’s potential to reduce medical errors, streamline insurance claims, and improve disease surveillance. The paper cited pilot projects in states like Tamil Nadu and Maharashtra, where digital health records reportedly reduced hospital wait times by 30% and improved vaccination coverage by 15%.

The government has also emphasized the voluntary nature of the digital health ID. In a press briefing in January 2026, NHA CEO Dr. R.S. Sharma stated, “No one is forced to join the ABDM. The system is designed to empower patients, not coerce them. Users have full control over their data and can opt out at any time.” Sharma, a former chairman of the Unique Identification Authority of India (UIDAI), which oversees Aadhaar, has been a vocal advocate for digital health initiatives.

Privacy Advocates’ Concerns
Privacy advocates, however, argue that the ABDM’s opt-out mechanism is illusory. The IFF’s PIL contends that the integration of digital health IDs with government welfare schemes, such as PM-JAY, effectively makes participation mandatory for millions of low-income Indians. “If you need a digital health ID to access subsidized healthcare, is it really voluntary?” asked IFF Executive Director Apar Gupta in a 2025 interview with The Wire. “The government is creating a system where opting out means opting out of essential services.”

Gupta and other critics also point to the lack of transparency in data-sharing practices. The ABDM’s consent framework allows users to grant or deny access to their health records, but the IFF’s research suggests that many users are unaware of how their data is being used or who has access to it. A 2025 survey by the Centre for Internet and Society (CIS) found that 68% of ABDM users did not know their data could be shared with third-party insurers or researchers, and 42% believed their data was protected by the same strict standards as banking information.

Health Policy Experts’ Warnings
Cogle’s critique aligns with a growing body of research questioning the equity and sustainability of digital health initiatives in low-resource settings. A 2024 study published in The Lancet Digital Health found that digital health programs in sub-Saharan Africa and South Asia often exacerbated existing inequalities by favoring urban, educated populations over rural and marginalized groups. The study’s authors warned that without targeted interventions, digital health could create a “two-tier system” where the digitally connected benefit while others are left behind.

Cogle echoed these concerns in his interview. “Digital health can be transformative, but it’s not a silver bullet,” he said. “In India, where millions still lack access to basic healthcare, the focus should be on strengthening primary care infrastructure first. Otherwise, you risk creating a system where the rich get cutting-edge digital care and the poor get nothing.”

What to Watch Next

The future of the ABDM hinges on several key developments in the coming months:

1. Supreme Court Ruling on the IFF’s PIL
The Supreme Court is expected to hear the IFF’s petition challenging the ABDM’s compliance with the Puttaswamy ruling in mid-2026. A ruling against the government could force major changes to the mission’s consent framework and data-sharing practices. Conversely, a ruling in favor of the government could accelerate the ABDM’s expansion, potentially making the digital health ID mandatory for certain services.

2. Implementation of the DPDPA’s Health Data Rules
The Ministry of Electronics and Information Technology (MeitY) is drafting sector-specific rules under the DPDPA to govern health data. These rules, expected to be finalized by late 2026, could introduce stricter consent requirements, data localization mandates, and penalties for misuse. Privacy advocates are pushing for a “health data fiduciary” model, where entities handling health data would be legally obligated to act in the best interests of patients.

3. Expansion of the ABDM’s Scope
The NHA has announced plans to integrate genomic data and AI-driven diagnostics into the ABDM by 2027. While these technologies could revolutionize personalized medicine, they also raise new privacy concerns. Genomic data, in particular, is highly sensitive and can reveal information about an individual’s ancestry, predisposition to diseases, and even family members. The NHA has not yet released details on how this data will be protected or who will have access to it.

4. Public Awareness Campaigns
The NHA has launched a series of public awareness campaigns to educate citizens about the ABDM’s benefits and risks. However, critics argue that these efforts are insufficient. A 2025 report

Corrections

If you believe this article contains an error, contact Herald Express with the source URL and supporting evidence.

Story synopsis gathered from: Google News India – Top Stories — source.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Share post:

Subscribe

spot_imgspot_img

Popular

More like this
Related

Breaking Indian Sailor Killed, Six Injured as Iranian Cruise Missiles Strike UAE Tankers in Strait of Hormuz

NEW DELHI — An Indian crew member was killed and six others injured after Iranian cruise missiles struck two UAE-registered oil tankers in the Strait of Hormuz early Tuesday, according to Indian government officials and multiple regional sources. The attacks…

Breaking Chronic Sleep Debt Cannot Be Repaid by Weekend Lie-Ins, Indian Doctors Warn

MUMBAI — The belief that a few extra hours of sleep on weekends can undo the damage of a week’s sleep deprivation is a dangerous myth, Indian sleep specialists have warned. Emerging research, including studies from leading hospitals and global…

Breaking India vs England ODI Series Opens Amid World Cup Reset and Player Workload Debates

CHENNAI — Team India begins its 2026 ODI World Cup preparations on Tuesday with the first of three one-day internationals against England, a series that carries strategic weight far beyond the immediate result. The match in Chennai marks the start…

Breaking Nashik Family Endures 15-Kilometre Chase, Brutal Attack After Objecting to Sexual Harassment

NASHIK — A routine family picnic in Nashik turned into a harrowing ordeal on Sunday when a group of men allegedly subjected the women in the group to sexual harassment, then chased their vehicle for 15 kilometres before attacking them…