ABHA Accounts: India’s Interoperable and Portable Health Data Management System

In the previous post, we dove into what a federated healthcare digital infrastructure looks like and what its components and building blocks are, under the Ayushman Bharat Digital Mission (ABDM). We further understood the role that Health Information Providers (HIPs), Health Information Users (HIUs) and Health Information Exchange – Consent Managers (HIE-CMs) play and how they interact with one another. In this post, we’ll explain how all of this has been operationalized by the introduction of Ayushman Bharat Health Accounts (ABHA). We’ll further cover its benefits and the accessibility it provides, how you can be a part of this ecosystem, and how its interoperability is put into practice across different platforms, public/private healthcare services, programs, etc.

 

 

Introduction of the Health ID through Ayushman Bharat Health Accounts (ABHA)

ABHA accounts create an authenticated unique health identity on which these consolidated and integrated health records would be maintained for each citizen on a common platform. Dependent on federated and decentralized structures, ABHA accounts are able to integrate patient data existing on different digital health systems and compile them into one user profile. This user profile would contain a variety of health data: 

All the fields of the information above can be accessed by patients through a whole gamut of Personal Health Records (PHR) applications or through public healthcare facilities/programmes/services. The ABHA account uses a unique 14-digit identification number generated through your Aadhar card or any other government ID, called the ABHA number. It’s safe to say that this mission has been widely adopted as 42.5 crore ABHA accounts have already been created as of July 2023. [1]

 

 

Uses and Benefits of ABHA Accounts

Eases Accessibility to Healthcare Services

An endless list of services is provided through a common portal to ABHA accountholders where all of the following medical services can be availed:

• Accessing all your digital health records
• Granting consent to share your medical information with HIUs
• Managing your consent management preferences and access controls
• Booking consultations/teleconsultations, including for specialized care
• Scheduling laboratory scans and pathology tests
• Booking hospital beds
• Paying medical bills and expenses in a cashless and seamless manner
• Raising and processing medical insurance claims, and linking them with the Pradhan Mantri-Jan Arogya Yojana (PM-JAY) scheme
• Uploading and authenticating medical records through Healthlocker
• Received diagnoses and prescriptions from healthcare facilities and professionals
• Locating and contacting nearby healthcare facilities
• Enquiring on availability of services, beds, doctors, etc. in healthcare facilities
• Registering for public mass healthcare schemes/programs, and so on.

 

Consolidates and Unifies Health Records Across all Public and Private Healthcare Providers to ensure Interoperability

Presently, patients’ medical records are maintained by healthcare facilities through their own registration/patient numbers. This leads to multiple user profiles since patients would be allotted different numbers across different healthcare facilities. The ABHA number acts as a common identifier of patient profiles across all stakeholders. Along with this, the ABDM structure ensures interoperability by adopting standardized data formats, coding systems and protocols. [2] Common data models are also employed to facilitate a consistent and meaningful exchange of health information. Standardizing medical records, within the Federated Health Records (FHR) framework, is what makes the system interoperable.

 

Ensures Portability of Medical Records and Information

ABHA accounts remove the need to carry physical medical documentation as they would have access to all records, including your past diagnosis, scans, reports, family medical history, etc. There also exists a voluntary facility to link previous health records to the ABHA number. This not only ensures that each consultation and diagnosis would be done with a complete understanding of the patient’s entire medical background, but also, eases the transfer and sharing of medical information between HIPs and HIUs. The mechanism of monitoring its portability focuses excessively on patient privacy since this transfer or sharing can be denied or conditioned by a patient, through the HIE-CM in a “patient or individual-centric manner”. [3]

 

Enhances the Framework on Patient-Privacy

Due to the program’s heavy reliance on consent-based data sharing, individual health data remains secure and is accessible only to authorized entities. Under the ABDM, a Draft Health Data Management Policy has been released, [4] that specifies the collection, storage, retention and transfer policies of health data. It is strongly centred around allowing the data principal to reclaim control and agency over their health data and retain autonomy over its collection, transfer, processing, etc. The Policy expressly denies any data fiduciary from collecting or processing the personal data of a data principal without the consent of a data principal. Further, data can only be shared with HIUs on the express consent of the principals, in compliance with the policy, and only for the specific purposes and duration as specified therein. 

 

Easy Opt-In and Opt-Out Facilities

An ABHA account provides easy and voluntary opt-in features, where creating an account is easy, safe, and paperless. In all registered healthcare facilities, patients can be assisted by health professionals to create an account for them, in case of low digital literacy or lack of access to a smartphone. The opt-out features are even simpler, which allow users to delete or de-activate their ABHA number, which would be reflected across the ABDM ecosystem. Further, uploading medical records or diagnoses on ABHA numbers post-registration is purely voluntary and patients can keep it confidential if they’d like. [5]

 

 

Process of Creation of ABHA Accounts & Numbers

ABHA numbers are generated voluntarily by the patient at no cost. The generation is processed through IT platforms that are integrated into the ABDM’s Sandbox environment and would be applicable across all government healthcare institutions and programs.

 

The means specified by the National Health Authority for the creation of an ABHA number are:

 

• Self-registration

In order for a patient to register themself, they’d require a smartphone to download any Personal Health Record (PHR) application, that is compatible with the ABDM (such as Aarogya Setu, Driefcase, Ekacare, etc.), or register themself through the ABHA Number Portal. [6] The applications and portals auto-generate ABHA numbers and a user only needs to provide:

• Full name
• Year of birth
• Gender
• Mobile or Aadhar number

 

• Assisted Registration

This is applicable to members of disadvantaged communities, such as elderly persons, users with low literacy, persons without access to mobile phones, etc. HIPs can issue ABHA numbers by informing and educating such users about its uses and advantages and obtaining their clear consent. Non-mobile phone users, in this situation, would be provided a printed ABHA card. This can be done by the HIP either through the ABHA Number Portal or by integrating them with the ABHA Number Open APIs, on their own software. [7] In case healthcare providers already maintain existing health cards, then they are encouraged to integrate their internal software with the ABHA Number Open APIs to consolidate their data on the ABHA account.

 

 

Linking and De-Linking

Linking and authenticating one’s identity with an ABHA number is possible in the following ways:

1. Aadhar Card – Possible only after an Aadhar eKYC and biometric or OTP-based authentication. Healthcare providers are equipped with Aadhar-certified biometric devices to register the fingerprints or biometrics of users registering through assisted means. 
2. Other ID Documents – As per the ABDM’s Draft Health Data Management Policy, a PAN, Driving License (DL), Passport, or any other document as specified by the NHA can be used as a method of identity authentication. [8]

 

Patients can de-register themself by opting out of the ABDM ecosystem, due to privacy concerns. There are two ways to effectuate this: [9]

1. Deleting the ABHA number, permanently erasing their records off of the ABDM’s servers
2. Deactivating the ABHA number, temporarily removing their records, which can be retrieved at a later stage through reactivating the ABHA number

 

Any removal or deactivation of records must be reflected at the end of a HIP/HIU as well, who would be  notified by the HIE-CM. This would affect the health lockers as well, which would permanently or temporarily, as the case may be, disable login/authentication through an ABHA number. 

 

 

How can data from an ABHA account be accessed across different platforms, public/private healthcare facilities, programs, etc?

To ensure interoperability and portability of the database across the ABDM ecosystem, a unique QR code has been provided to ABHA account holders and healthcare providers. This QR code serves three purposes:

1. HIPs can scan the QR code on the patient’s PHR application to access their ABHA number and the details under their ABHA account, along with their medical history, scans and records. 
2. Patients with existing ABHA accounts can scan this code through their PHR applications to grant access to consent access by the HIP to their data.
3. Patients without existing ABHA accounts can scan this code to get registered under the ABDM ecosystem

 

As an alternative to the QR code, a patient without an existing ABHA account can get registered at any registered healthcare provider. However, in order to authenticate and verify their identity and biometrics, if needed, the following ways methods can be adopted:

1. Mobile OTP – an OTP is sent to the number linked with the ABHA number
2. Mobile Interactive Voice Responses (IVR) calls – a call would be received by the number linked with the ABHA number
3. Mobile PHR Application – push notifications would be sent on the PHR application with which a patient’s ABHA status and details have been linked
4. Aadhar OTP – an OTP is sent to the number linked with the Aadhar number
5. Aadhar Biometric – a biometric authentication would be performed by the healthcare provider, using either fingerprints or iris scanning.
   

 

 

Footnotes

[1] ABDM – Insights, National Health Authority, https://dashboard.abdm.gov.in/abdm/.

[2]  National Digital Health Blueprint, Ministry of Health & Family Welfare, https://main.mohfw.gov.in/sites/default/files/Final%20NDHB%20report_0.pdf.

[3]  Ayushman Bharat Digital Health Mission: Draft Health Data Management Policy, National Health Authority (Apr. 2022), https://abdm.gov.in:8081/uploads/Draft_HDM_Policy_April2022_e38c82eee5.pdf.

[4] Supra.

[5] ABHA Number Service, National Health Authority, Ministry of Health and Family Welfare, https://sandbox.abdm.gov.in/docs/healthid.

[6] Ayushman Bharat Digital Mission, National Health Authority (Feb. 26th, 2022), https://healthid.abdm.gov.in.

[7] Working with ABHA (Health ID) API – Milestone 1, National Health Authority (Mar. 2022), https://sandbox.abdm.gov.in/static/media/abha_api.92b70e4a.pdf.

[8] Clause 15, Ayushman Bharat Digital Health Mission: Draft Health Data Management Policy, National Health Authority (Apr. 2022), https://abdm.gov.in:8081/uploads/Draft_HDM_Policy_April2022_e38c82eee5.pdf.

[9] ABDM Sandbox: Opt Out of ABDM, National Health Authority, https://sandbox.abdm.gov.in/docs/opt_out_of_ndhm.