NHS Open House Discussion #4: Doctor Registry, Enrollment APIs And PHR

On 13th June, iSPIRT hosted the fourth open house discussion on the National Health Stack (NHS). For anybody unfamiliar with the NHS, here are some introductory blog posts and videos.

In the session, our volunteer Vikram Srinivasan deep dived into the Enrollment APIs of the electronic doctor registry. These APIs are called when a new doctor is being added to the registry, or when a doctor’s information is being uploaded. 

Vikram also spoke about the attestation APIs, which come into play when an attesting institution (such as a state medical council, medical college, or hospital) confirms some data about a doctor. This is crucially important for building trust in the registry and preventing the proliferation of false profiles. With the release of these enrolment and attestation APIs, all the APIs pertaining to the electronic doctor registry are now available here.

After Vikram’s presentation, he and our other volunteer Siddharth Shetty answered some technical questions submitted by the community. Here are some of the questions they fielded:

  • Doctors have multiple identities (from different medical councils), how are these unique IDs handled by the electronic registry?
  • Can anybody access the doctor information in the registry, including phone numbers and photographs of doctors?
  • Who can healthcare companies partner with in the Health Stack Ecosystem?
  • How does the federated network architecture of the PHR system deal with downtimes, incorrect data, and other failure? Is this architecture scalable for a system with 1000s of participants?

As always, these were great questions. You can watch Sid and Vikram answer these questions and walk through their presentations below. Please keep the questions coming by sending them in through this form: https://bit.ly/NHS-QAForm.

If you would like to get involved with Health Stack, we encourage you to watch the recordings of the previous Health Stack open house discussions before reaching out.

Furthermore, if you are interested in the Health Stack and wish to build on top of it or contribute to the working groups being formed, you should reach out to [email protected]

Please note: The fifth open house on PHR Implementation was previously planned for 27th June. This has been postponed to 11:30 am on 4th July due to unavoidable circumstances.

To confirm your participation, continue to register on this form.

NHS Open House on PHR & Doctor Registry #3: Summary And Next Steps

On 6th June, we marked the third open house discussion of the National Health Stack (NHS). At the beginning of the session, iSPIRT volunteer Sharad Sharma offered a brief recap of the NHS and painted a roadmap for future developments in this initiative (including timelines, agendas, and future open house sessions). Sharad also discussed the content of the most recent open house session, in which Kiran Anandampillai explained the concept of the electronic registry system. After reiterating the vision for the NHS and the registry system, Sharad passed the floor to iSPIRT volunteer Vikram Srinivasan to dive into the registry APIs.

As a refresher, the electronic registry system is a mechanism for managing master data about different entities in the healthcare ecosystem. In today’ session, Vikram focused on the doctor registry. As the name suggests, the doctor registry will contain information about the doctors licensed to practice in India.

The doctor registry has the following design principles:

  1. Self maintainability: Doctors should be able to enrol themselves and update their own data
  1. Non-repudiable: The data in the registry should be digitally signed by a relevant attester (such as a State Medical Council) so that it can independently be verified by anybody
  1. Layered access: There should be a clear demarcation between public and private data in the registry, with only consent-based access to private data (eg. a doctor’s name and registration status should be public, but mobile number and photo should be private)
  1. Extensible schema: The data in the public registries should be as minimal as possible, allowing private players to build their own extensions around the core schema
  1. Open APIs: The data in the registries should be available via open APIs 
  1. Incentive aligned: The registry must enable convenient use cases so that doctors have an incentive to keep it up to date (eg. doctors can use their registry profile to electronically sign prescriptions, insurance claims etc. or doctors can use their registry profile to streamline and digitize the process of renewing their medical licenses)

After discussing the design principles behind the registry, Vikram dived straight into the details of the doctor registry APIs, which can be broken into the following categories:

  1. Enrollment APIs: These APIs allow doctors to enrol in the registry and update their data
  1. Consented APIs: These APIs allow a doctor to authenticate themselves, share their data/profile, and electronically sign documents
  1. Search APIs: These APIs are used to access the registry to query a doctor’s public data or search for any other publicly available information 

After covering these topics at a high level, Vikram released the API specifications for the Consented APIs and the Search APIs. The Swagger documentation for the same can be found here. The enrollment APIs will be released during next week’s open house session.

Upon completing his walkthrough of the doctor registry APIs, Vikram handed the floor over to our volunteer Siddharth Shetty. In the beginning of his segment, Siddharth answered the community’s technical questions around the NHS. Here are the questions he answered:

  • Is it mandatory to use the Open Source Project Eka codebase that has been published for the Consent Manager, API Bridge, and Gateway? 
  • In case of the Schema Standardization, during the 1st schema-less phase, are HIPs allowed to share data formats like JPEG, PDFs etc? 
  • Can the consent manager give the health locker (as an HIU) a standing consent to keep pulling the user’s information from various HIPs on an ongoing basis i.e. bypass the consent manager for future requests
  • Can the API bridges be configured such that instead of just sending the links to the information based on a request from an HIU (health locker in this case), the information can be sent such that it can be copied into the health locker?
  • Will the consent artifacts be encrypted between parties using any asymmetric key mechanism which will be valid between the services?
  • Is there any defined/recommended timeout for the data transmission from HIU – Bridge – CM- HIP and then HIU – HIP?

These were all great questions, and hopefully Siddharth’s answers helped clarify any doubts. If anybody wishes to ask any other questions around the NHS, please send them in to [email protected] with the subject line “NHS Questions”. Siddharth will continue answering the community’s technical questions during next week’s session (business-related questions will be answered in subsequent sessions).

To close off the open house discussion, Siddharth laid out the different working groups in the NHS ecosystem. Since the NHS is an open, public ecosystem, it is crucial for industry players and interested citizens to contribute to its development and pitch in with their feedback, knowledge, and engagement. Here are the working groups that are currently being formed:

  1. Technical Architecture Group: Responsible for working on open technical problems such as circuit breaker flows and time-out mechanisms. Also responsible for extensions and changes to the tech architecture
  1. Data Dictionary Group: This working group deals with moving away from the current schema-less architecture towards a standardized data vocabulary (leveraging existing medical schema projects and also coming up with new ideas relevant to the Indian context)
  1. Pilot Group: This group is comprised of people who have already started building on the NHS components (or would like to start building on the components). 
  1. Ecosystem Incentives Group: This group is looking at the incentive structures that power the NHS ecosystem (monetary and otherwise)

Any readers who are interested in learning more or joining these working groups are invited to reach out to [email protected]. A complete recording of the 6th June’s open house discussion can be found below

During next week’s session, we will be covering the Personal Health Records system (PHR), particularly as it relates to hospitals, and we will also be diving deeper into the Doctor Registry Enrollment APIs.

Readers are advised that next week’s NHS open house discussion will take place from 11:30 am – 12:30 pm on Saturday, June 13th.

The registration form for next week’s session can be found here

iSPIRT Open House Sessions on NHS: Summary & Next Steps

Yesterday afternoon, we hosted our first Open House Session in partnership with Swasth Alliance on the National Health Stack (NHS). For those unfamiliar with this infrastructure, it is helpful to picture the NHS as a multi-layer cake designed to elevate the capacity of the Indian healthcare ecosystem.

At the base layer is a set of generic building blocks. These building blocks, which include bank accounts, digital identities, and mobile numbers, form the basic rails needed to identify, transact with, and communicate with individuals and businesses. Many components of IndiaStack – such as eSign and DigiLocker – leverage and augment these building blocks. 

The next layer of the NHS is the ‘plumbing layer’. This layer contains fundamental pillars needed to enable simple, intelligent, and secure healthcare solutions. The three main pillars of the NHS plumbing layer are electronic registries, a personal health record framework, and a claims engine. A brief summary of these pillars is provided below:

  1. Electronic Registries: these registries  allow for efficient discovery and authentication of doctors, hospitals, and other healthcare providers
  2. Personal Health Records System (PHR): a system that allows individuals to enjoy a longitudinal view of all their healthcare data and exercise granular control over how this data is stored and accessed
  3. Claims Engine: a software engine that reduces the cost of processing insurance claims, enabling insurers to cover more kinds of healthcare procedures, such as preventive checkups, walk-in consultations, and other low-cost but high-value procedures that are currently excluded from Indian insurance policies

The third layer of the NHS is an augmentation layer which is intended to utilize the three pillars of the NHS to bring greater efficiency to the Indian healthcare ecosystem. The doctor: patient ratio in this country is relatively low, and cannot be changed overnight.

Having said that, increasing the efficiency of each doctor would have a similar effect to increasing this doctor: patient ratio. The augmentation layer of the NHS is designed to drive up doctor efficiency through the use of technology. Examples of this kind of technology could include a matching engine to pair patients with the most relevant doctor, or a system to help doctors securely and remotely monitor the bio-markers of their patients. Unlike the plumbing layer, the augmentation layer of the NHS is not close to completion, but we do envisage the augmentation layer playing an important role in the ascent of Indian healthcare quality. Both the plumbing layer and the augmentation layer are designed as open, standardized interfaces. These layers serve as digital public infrastructure accessible to public and private entities wishing to build atop them.

That brings us to the fourth and final layer of the NHS: the application layer. This layer comprises all the government and private sector applications that aim to serve the diverse needs of Indian patients. The first three layers of the NHS exist so that the innovators and change-makers of the fourth layer are optimally empowered to organize, access, and process the data that they need to deliver the best service to their users.

National Health Stack Overview

The first session on the NHS followed this schedule and published the entire webinar on our official Youtube channel:

  •  An introduction to iSPIRT and our values
  • An overview of the NHS
  • A deep-dive into and demonstration of the PHR pillar of the plumbing layer
  • A question-answer session with the audience

The objective of the session was to drive awareness of the NHS components, objectives, timelines, and design philosophies. We want participants from all walks of healthcare to be engaged with the NHS and take part in building it.

In keeping with this objective, we will be hosting weekly open house sessions to keep diving deeper into the National Health Stack. The next such event will take place on Saturday (30th May) at 11:30 am. The focus of this second session will be on another pillar of the plumbing layer – the electronic registry system. More specifically, the session will focus upon the doctor registry. 

Readers who wish to learn more about the NHS are encouraged to share this post and sign up now for the session below or click here.

Readers may also submit questions about the NHS to [email protected] We shall do our best to answer these questions during next Saturday’s open house discussion. 

About the Author: The post is co-authored by our volunteers Aaryaman Vir, Siddharth Shetty and Karthik K S.

Further Reading

iSPIRT Open House Discussion on National Health Stack [Virtual]

The National Health Stack is a set of foundational building blocks that will be built as shared digital infrastructure, usable by both public sector and private sector players. 

Healthcare delivery in India faces multiple challenges today. The doctor-patient ratio in the country is extremely poor, a problem that is exacerbated by the uneven distribution of doctors in certain states and districts. Insurance penetration in India remains low, leading to out-of-pocket expenses of over 80% (something that is being addressed by the Ayushman Bharat program). Additionally, the current view on healthcare amongst citizens as well as policymakers is largely around curative care.

Preventive care, which is equally important for the health of individuals, is generally overlooked. The leapfrog we envision is that of public, precision healthcare. This means that not only would every citizen have access to affordable healthcare, but the care delivered would be holistic (as opposed to symptomatic) and preventive (and not just curative) in nature. This will require a complete redesign of operations, regulations, and incentives – a transformation that, we believe, can be enabled by the Health Stack.

iSPIRT Foundation in partnership with Swasth Alliance is hosting an Open House Discussion on the following building blocks of the Health Stack

  • Doctor Registry
    • The ability for doctors to digitally authenticate themselves and share their electronic credentials with a third-party application such as a telehealth provider
  • Personal Health Record (PHR) System
    • The ability for every Indian to be empowered with control over their health data such that they can share it with trustworthy clinical providers to access a digital service
  • Open Health Services Network 
    • A unified health services network that comprises of a common set of protocols and APIs to allow health services to be delivered seamlessly across any set of health applications, doctors, and providers. 

The virtual session will be from 11:30 AM to 1:00 PM on Saturday 23rd May.

To confirm your participation and receive the virtual link, please click here.

Recommended Reading 

What lies beyond the horizon: Digital Sky & the future of drones in India

Drones have been around for a long time, going back as far as World War II. For most of their history, they were considered part of the military arsenal and developed and deployed almost exclusively by the military.

However, the past decade has seen a tremendous amount of research and development in the area of using drones for civilian purposes. This has led industry experts to predict that drones will be disrupting some of the mainstay industries of the global economy such as logistics, transportation, mining, construction and agriculture to name a few. Analysts estimate a $100 billion market opportunity for drones in the coming few years  [1]. In spite of the overwhelming evidence in favour of the value created by drones, it has taken quite a few years for the drone industry to take off in a commercial sense globally.

The main reason for this has been the regulatory challenges around what is allowed to fly in the air and where is it allowed to fly. A common theme around the world is the unconventional challenges that old governmental structures have to face as they try to understand and regulate new technologies. Hence the default approach so far for governments has been reactionary caution as they try to control what are, essentially, flying robots in the sky.

However, with electronic costs coming down, the hardware becoming more accessible and the software interpreting data becomes more powerful a number of humanitarian, civilian and industrial application have emerged and as governments across the world are realizing the potential of drones, we are starting to see the first version of regulations being drafted and adopted across the globe.[2]

Closer home India has a relatively adverse approach to drones or more lackadaisical rather. [3]

But as India continues to drive to become a more technology-oriented economy the role of drones in the worlds fastest growing economy and the potential benefits it can bring are hard to ignore.[4]

However, India’s approach to drone regulations cannot be that of other major economies that have the luxury of friendly neighbours and a large network of monitoring apparatus, India has had to take an approach that has to be novel and robust. Something that balances the security landscape while also being designed to allow maximum utilization of the potential that drones offer. Out of this need to both regulate secure how and where a drone can fly and keep multi-ministerial stakeholder interests accounted for was born the Digital Sky, India’s foundational framework for all things drones.

What is the Digital Sky and how does it work?

What the Digital Sky accomplishes beautifully is to fill the institutional void that needs to be collectively fulfilled by so many institutions and make it easier for the industry and consumers to interface with the government legally through one platform. Permission to fly drone no longer requires a 90-day intimation with an arbitrary number of NOCs to be approved by umpteen number of ministerial bodies at the central and federal level. The industry and the public now know one place to interact with in order to register their drone, get recognised as a certified operator and apply for permissions and all concerned government agencies ensure their overarching interests do not interfere with the large-scale adoption of drones.  

There are crucial components required for the Digital Sky concept to work, the most central being that drone operators should not be able to fly drones if they are not approved by the government. To accomplish this the Drone 1.0 regulations revolve around the concept of No-Permission-No-Takeoff (NPNT).

Our maven Tanuj Bhojwani explaining NPNT at the DigitalSky RoundTable on 4 Dec 2018 in Bengaluru

What this implies is that unless a drone has got valid permission for a particular flight through tamper-proof digitally signed permission tokens, it will not be able to take off. The Digital Sky is the platform to automate the processing of these permission tokens as they flow in from different parts of the country without overwhelming the authorities through a flight information management system (one of only three countries to build this nationally after China and the USA). In order for this vision to come true, there will be an enormous change in the way drones are manufactured and operated. Entire new industry verticals around getting existing drones compliant, developing interfaces that interact with the Digital Sky platform and making applications for India’s needs will develop. Hence this begs the question.

How are the current state of the industry are changing with 1.0 regulations

Until the introduction of the regulations companies especially in the UAV operations were doing non-restricted work and end up becoming the jack-of-all-trades. Companies in the manufacturing domain were unclear of who is their target customer and what they needed to build. All the companies in this domain were working with no clarity on the safety and permissions.

With the introduction of the Drone Policy 1.0, there is a buzz which has been created and efforts are being made to understand the regulations by all the entities who are set to gain from it. They understand that there will be a new aspect that needs to cater to i.e. the sense of accountability.

For manufacturer’s The NP-NT mandate will be the most immediate requirement, the most common route to implement the mandate will be through changes to existing firmware architecture. The changes themselves are being driven by open source initiatives with various operators, system integrators and manufacturers contributing to the shift to NP-NT for all major drone platforms in the country. The Digital Sky has inadvertently catalysed the first industry-wide initiative to bring together all members of the ecosystem. Other requirements such as ETA bring in much-needed standardisation in the hardware space, this allows benchmarking of products, easier availability of information about the standards to look out for end users.

For operators, a massive increase in the volume of business is expected as they can now focus on getting certified drones into the air, and not so much on getting approvals. The Digital Sky brings in much-needed certainty and predictability into an industry that will be focused on balancing demand and supply of drone-related operations in a market that has a huge need for drones and their data but limited expertise to acquire and process it. This also puts onus an industry to become security and privacy conscious and insurance agencies will play an important role in this regard. It will also immensely help in changing the thought process of the companies providing services and their customers. Customers will start understanding that they also need to have a defined plan, process and execution instead of a haphazard existing process of execution.

How industry/playground will change over the coming years?

With the introduction on the regulations and a platform like Digital sky enabling the ease of doing business for the companies who are serious stakeholders in this domain, there is no limit to what developments will occur in the coming years. It opens up possibilities for utilization of Drone and its related technologies in Agriculture, Medical, Energy and Infrastructure and transportation.

The existing players will become more mature and more focused. They will understand that with regulations in place a more focused approach is the key to scale. They will look at opportunities to compete with the global market also as the solutions that are developed around the Drone Regulations 1.0 and 2.0 will be key factors that contribute to the Indian ecosystem to becoming a global standard to test, adapt and innovate drone applications and management.

What are the opportunities? What does that mean for the current and new players?

UAV/ Drones as a business was a far-fetched thought for many entrepreneurs and has been a struggling industry in the past in India. Going forward it is guaranteed that it will be one of the biggest markets in the world for UAV as a business. What the regulations and Digital Sky platform will enable is a new levelled playground ground for the UAV companies to initiate good scalable business models both existing and the ones entering new to the sector.

The existing companies with the right resources can now plan to scale their operations and also have the added advantage of doing work for the private sector in India. Due to the restrictive method of operations adapted previously the solutions to private agencies was unavailable. Now going forward the companies will shift their focus from being a B2G entity to a B2B entity. Many new businesses for UAV air traffic management, surveillance, AI and ML-based UAV solutions and deliveries will emerge out of India with technology specific to India.

If you want to join our future roundtable sessions on Digital Sky and more, please register your interest here.

The blog is co-authored by Anurag A Joshi from INDrone Aero systems, Abhiroop Bhatnagar from Algopixel Technologies and Gokul Kumaravelu from Skylark Drones

Why the SC ruling on ‘Private Players’ use of Aadhaar doesn’t say what you think it does

On behalf of iSPIRT, Sanjay Jain recently published an opinion piece regarding the recent supreme court judgement on the validity of Aadhaar. In there, we stated that section 57 had been struck down, but that should still allow some usage of Aadhaar by the private sector. iSPIRT received feedback that this reading may have been incorrect and that private sector usage would not be allowed, even on a voluntary basis. So, we dug deeper, and analyzed the judgement once again, this time trying to disprove Sanjay’s earlier statement. So, here is an update:

Section 57 of the Aadhaar act has NOT been struck down!

Given the length of the judgement, our first reading – much like everyone else’s was driven by the judge’s statement and confirmed by quickly parsing the lengthy judgement. But in this careful reanalysis, we reread the majority judgement at leisure and drilled down into the language of the operative parts around Section 57. Where ambiguities still remain, we relied on the discussions leading up to the operative conclusions. Further, to recheck our conclusions, we look at some of the other operative clauses not related to Section 57. We tested our inference against everything else that has been said and we looked for inconsistencies in our reasoning.

Having done this, we are confident in our assertion that the judges did not mean to completely blockade the use of Aadhaar by private parties, but merely enforce better guardrails for the protection of user privacy. Let’s begin!

Revisiting Section 57

Here is the original text of section 57 of the Aadhaar Act

Nothing contained in this Act shall prevent the use of Aadhaar number for establishing the identity of an individual for any purpose a purpose backed by law, whether by the State or any body corporate or person, pursuant to any law, for the time being in force, or any contract to this effect:

Provided that the use of Aadhaar number under this section shall be subject to the procedure and obligations under section 8 and Chapter VI.

Now, let us simply read through the operating part of the order with reference to Section 57, ie. on page 560. This is a part of paragraph 447 (4) (h). The judges broke this into 3 sections, and mandated changes:

  1. ‘for any purpose’ to be read down to a purpose backed by law.
  2. ‘any contract’ is not permissible.
  3. ‘any body corporate or person’ – this part is struck down.

Applying these changes to the section, we get:

Nothing contained in this Act shall prevent the use of Aadhaar number for establishing the identity of an individual for any purpose a purpose backed by law, whether by the State or any body corporate or person, pursuant to any law, for the time being in force, or any contract to this effect:

Provided that the use of Aadhaar number under this section shall be subject to the procedure and obligations under section 8 and Chapter VI.

Cleaning this up, we get:

Nothing contained in this Act shall prevent the use of Aadhaar number for establishing the identity of an individual pursuant to any law, for the time being in force:

Provided that the use of Aadhaar number under this section shall be subject to the procedure and obligations under section 8 and Chapter VI.

It is our opinion that this judgement does not completely invalidate the use of Aadhaar by private players, but rather, specifically strikes down the use for “any purpose [..] by any body corporate or person [..] (under force of) any contract”. That is, it requires the use of Aadhaar be purpose-limited, legally-backed (to give user rights & protections over their data) and privacy-protecting.

As an exercise, we took the most conservative interpretation – “all private use is struck down in any form whatsoever” – and reread the entire judgement to look for clues that support this conservative view.

Instead, we found that such an extreme view is inconsistent with multiple other statements made by the judges. As an example, earlier discussions of Section 57 in the order (paragraphs 355 to 367). The conclusion there – paragraph 367 states:

The respondents may be right in their explanation that it is only an enabling provision which entitles Aadhaar number holder to take the help of Aadhaar for the purpose of establishing his/her identity. If such a person voluntary wants to offer Aadhaar card as a proof of his/her identity, there may not be a problem.

Some pointed out that this is simply a discussion and not an operative clause of the judgement. But even in the operative clauses where the linking of Aadhaar numbers with bank accounts and telecom companies is discussed, no reference was made to Section 57 and the use of Aadhaar by private banks and telcos.

The court could have simply struck down the linking specifically because most banks and telcos are private companies. Instead, they applied their mind to the orders which directed the linking as mandatory. This further points to the idea that the court does not rule out the use of Aadhaar by private players, it simply provides stricter specifications on when and how to use it.

What private players should do today

In our previous post, we had advised private companies to relook at their use of Aadhaar, and ensure that they provide choice to all users, so that they can use an appropriate identity, and also build in better exception handling procedures for all kinds of failures (including biometric failures).

Now, in addition to our previous advice, we would like to expand the advice to ask that each company look at how their specific use case draws from the respective acts, rules, regulations and procedural guidelines to ensure that these meet the tests used by this judgement. That is, they contain adequate justification and sufficient protections for the privacy of their users.

For instance, banks have been using Aadhaar eKyc to open a bank account, Aadhaar authentication to allow operation of the bank accounts, and using the Aadhaar number as a payment address to receive DBT benefits. Each of these will have to be looked at how they derive from the RBI Act and the regulations that enable these use cases.

These reviews will benefit from the following paragraphs in the judgement.

The judgement confirmed that the data collected by Aadhaar is minimal and is required to establish one’s identity.

Paragraph 193 (and repeated in other paras):

Demographic information, both mandatory and optional, and photographs does not raise a reasonable expectation of privacy under Article 21 unless under special circumstances such as juveniles in conflict of law or a rape victim’s identity. Today, all global ID cards contain photographs for identification alongwith address, date of birth, gender etc. The demographic information is readily provided by individuals globally for disclosing identity while relating with others and while seeking benefits whether provided by government or by private entities, be it registration for citizenship, elections, passports, marriage or enrolment in educational institutions …

The judgement has a lot to say in terms of what the privacy tests should be, but we would like to highlight two of those paragraphs here.

Paragraph 260:

Before we proceed to analyse the respective submissions, it has also to be kept in mind that all matters pertaining to an individual do not qualify as being an inherent part of right to privacy. Only those matters over which there would be a reasonable expectation of privacy are protected by Article 21…

Paragraph 289:

‘Reasonable Expectation’ involves two aspects. First, the individual or individuals claiming a right to privacy must establish that their claim involves a concern about some harm likely to be inflicted upon them on account of the alleged act. This concern ‘should be real and not imaginary or speculative’. Secondly, ‘the concern should not be flimsy or trivial’. It should be a reasonable concern…

Hence, the privacy risk in these use cases must be evaluated in terms of the data in the use case itself, as well as in relation to biometrics, and the Aadhaar number in the context of the user’s expectations, and real risks. Businesses must evaluate their products, and services – particularly those which use Aadhaar for privacy risks. It is helpful that the UIDAI has provided multiple means of mitigating risks, in the form of Registered Devices, Virtual Ids, Tokenization, QR Codes on eAadhaar, etc. which must be used for this purpose.

What private players should do tomorrow

In the future, the data protection bill will require a data protection impact assessment before deploying large scale systems. It is useful for businesses to bring in privacy and data protection assessments early in their development processes since it will help them better protect their users, and reduce potential liability.

This is a useful model, and we would hope that, in light of the Supreme Court judgement, the Government will introduce a similar privacy impact review, and provide a mechanism to regulate the use of Aadhaar for those use cases, where there are adequate controls to protect the privacy of the users and to prevent privacy harms. Use cases, and an audit/enforcement mechanism matter more than whether the entity is the state, a public sector organization, or a private sector organization.

Note: This is in continuation of Sanjay Jain’s previous op-ed in the Economic Times which is available here and same version on the iSPIRT blog here.

The writer is currently Partner, Bharat Innovation Fund, and Chief Innovation Officer at the Centre for Innovation, Incubation and Entrepreneurship, IIM Ahmedabad. As a volunteer at iSPIRT, he helped define many of the APIs of the India Stack.  He was the Chief Product Manager of UIDAI till 2012

(Disclaimer: This is not legal advice)

What it’ll take to make ‘Smart Cities’ ‘smart’ in the truest spirit

What the BJP is touting proudly as its Smart City development of hundred shortlisted cities across the country, the Congress had initiated during its rule by the name Urban Clusters. The ultimate objective was to judiciously use technology for intelligent planning and efficient running of urban centers in India.

This subject has been discussed by various eminent people in the field ranging from town planners to architects to civic authorities. Most are of the view that injecting technology in a contrived manner was not desirable and the need was for sustainable cities rather than ‘smart’ one’s, where the approach is more outcome based. Infrastructure by itself is of little value unless it is complemented by systems, which are efficient. The approach has to be holistic and should be in tandem with other related programs such as AMRUT and Swacch Bharat.

All such mega ventures with huge capital outlays come with their own set of impediments. To begin with, there are three bureaucratic layers to contend with, the Central Government, that holds the purse strings, the State Government where the Chief Minister could be the gateway to fund distribution and the Civic body where the implementation will be finally done. As things stand today, the CM of the state will be the overriding authority in decision making, but then political equations and differences could at times influence decisions. Also, politicians have short tenures, whereas planning and execution could be a slow laborious process.

For most major cities in the world, the city mayor is a powerful and influential authority as far as the planning and systems are concerned. Some of them have managed their cities so well that they have gone on to become national leaders. In India, mayors are but figure heads with minimal powers, at least as far spending is concerned. Should we then think of a separate body or authority to decide on city matters, especially for the metro cities of India? For instance, like the NCR region around Delhi, can we have a State Capital Authority for all the capital cities of our states?

Then, there is the tricky issue of procurement and purchase. With the proposed top down approach where the Centre releases the funds, this issue could hit road blocks. Who would decide on what and from where to procure the material? For instance, if a city needs 100 CCTV cameras for security, does one go for wired ones to stay within budget or go for wireless ones? Should purchases be made from local sources?

It will become desirable to make it a more democratized process with active citizen participation, where smart cities are run BY the citizens rather than FOR them. More involvement of citizens in varying degrees at the various stages of decision making would become a norm for the future. For this to happen, data which is under layers of bureaucratic stops is freed for the general public. The use of active API’s as envisaged by iSpirt could be put to good use. For specific problems of certain spots within a large city, accessing such data could enable residents to come up with solutions. The India Stack is a good example to follow for smart cities.

All major towns have authorities assigned with the task of systematic planning and infrastructure layout with the of 1917 serving almost as a bible; a 100 year old but meticulous document. Cities today are in disarray because vested interests, together with the collusion of authorities at times, have got away with violations in spite of a firm legislation. Smart cities could help curb such acts to a great extent since all planning has to be based on metrics and accountability and as we move to a ‘presence-less approach’ with the use of technology, the roles of these vested interests could diminish greatly.

So yes, a lot is possible with the use of technology towards the making and running of our cities, but for that a lot needs to be done other than earmarking funds and selecting cities to me made ‘smart’. From the dissolving of ward boundaries to accessing of geospatial data to free use of active API’s smart city development needs a concerted effort from more than one source.

Guest Post by Ranga Raj, Thinxtream Technologies

India Stack takes the Digital India campaign to a whole new level

India is the third largest smartphone and mobile internet user market in the world with over 200 million internet users in 2013. The figures are expected to touch a staggering 500 million users by 2017, including 314 million mobile internet users according to a report by IAMAI and KPMG. Clearly, mobile phones are the ‘computing device of choice’ for the country. To keep up the momentum, the Government of India is keen on developing the digital infrastructure of the country under the Digital India program.

Digital India is a revolutionary program that will empower the masses and leapfrog India into the next generation of government services. Fortunately, the lower level of investment in earlier generation technology means India has skipped the legacy era and waited for the right technology to arrive at its doorstep. To kick-start and empower the Digital India program in a very democratized form and involve the great innovation talent of the nation, the Government of India has launched an open API policy. An open API, often referred to as a public API, is a publicly available Application Programming Interface (API) that provides programmers with programmatic access to a propriety software application. This set of open API is known as the India Stack and these would enable the ease in integration of mobile applications with the data securely stored and provided by the government to authenticated Apps.

India Stack is a complete set of API for developers and includes the Aadhaar for Authentication (Aadhaar already covers over 940 million people and will quickly cover the population of the entire nation), e-KYC documents (safe deposit locker for issue, storage and use of documents), e-Sign (digital signature acceptable under the laws), unified payment interface (for financial transactions) and privacy-protected data sharing within the stack of API. Together, the India Stack enables Apps that could open up many opportunities in financial services, healthcare and education sectors of the Indian economy. What this essentially means is that developers and tech startups can now build software and create businesses around the readily available infrastructure offered through India Stack, thus opening a huge potential to tap into the booming smartphone market in the country. Since the consumer market in India is very large, such startups could also hope for institutional funding and gain from the early mover advantage.

Through the digitized elements like e-KYC, e-Sign, digitized Aadhaar information and digital locker, the entire ecosystem has now become a presence less, paperless and cashless based system. A Digital Locker enables users to have all their legal documents in a digitized format that is stored online and can be accessed from any part of the country. The e-Sign makes it simple for people to sign deals, contracts and legal documents through their phones and the Unified Payment Interface lets people make payments with ease through their smartphones from anywhere.

India Stack makes a user base of over a billion people readily available through its API. This means that startups and tech companies can build over this to be able to integrate various functions for their businesses or for larger enterprises. Every bank or telecom operator scans through tons of paperwork every day to be able to verify customers and generate KYC documents. Now imagine the impact if this entire process could be digitized by building an application which would integrate India Stack and the user base of over a billion Indians!

With the technology, documentation and sample code available, entrepreneurs and startups can get started with innovating, prototyping as well as building India Stack enabled applications. The commercial applications are endless with multiple opportunities, as the large user base opened up by India Stack is nascent, solution-hungry and largely untouched by technology. Now even a local vegetable trader can take an intra-day loan almost instantly through his mobile phone and pay it back the very same or next day without even physically visiting the bank or wasting any time (time is money when earnings are proportional to time spent)! With their e-KYC documents and digital signatures, a loan can be processed almost instantly and the money transferred through the Unified Payment Interface. Long queues at banks, telecom offices and all other government and non-governmental processes should be the thing of the past, through proper integration of India Stack.

The nation is looking for “a transition from technology-poor to innovation-rich society” and entrepreneurs have a good role to play. The problems (read opportunities) in financial services, healthcare and education are all so large that only the right technology can cost-effectively solve them. Solving these scale problems would mean great business sense too.

iSPIRT, the non-profit software product industry think tank powered by industry veterans, has been actively involved in the development of India Stack and is helping entrepreneurs make the best use of business opportunities provided by India Stack, while building their startups. iSPIRT believes that India Stack creates a whole new generation of business opportunities around the mobile phone and early movers would have tremendous market advantages.

On a recent visit to India, Bill Gates commented on India Stack saying, “India is on the cusp of leapfrogging!” And it truly is; considering it is the only country in the world offering such an open and secure API, India is certainly looking at taking the Digital India campaign to a whole new level.

The future is here and now is the time to act.

 

Should experts be limited to an organization?

Expert01

 I am a great fan of analogy, and one of the things I have been pondering for past year or so is comparing our software industry with that of medical and film industry.

In this post, I plan to share some thoughts on how our software industry can consider the evolution of medical and film industry, and probably evolve in that direction.

Expert0 Expert2

In Medical industry, the ecosystem contains Doctors, Surgeons, Physicians, Specialists, Hospitals, Clinics, Life Science companies, research labs and further other associated entities to serve the patients.

In film industry, the ecosystem is made up of producers, directors, actors, cameraman, music director, editor, choreographer, stunt master,other specialized technicians.

Similarly in our software industry, the ecosystem is made up of VCs, founders, techies, designers, product managers, and sales/marketing folks.

Specialization

Expert3

One of the striking aspects of the whole evolution is the Specialization part, where medical industry has evolved and recognized the need for deep specialization, and doctors and the ecosystem surrounding have focused on specialization. While you still see some general physicians, we all know who are in more demand – the specialist.

In the film industry, specialization has become very key. Whether you are a screen play writer of dramas, you are specializing in romantic comedies, you are an action director etc. Offcourse there are few folks who are versatile especially in acting, but every film needs a bunch of specialist.

Similarly in our industry, specialization has taken off and it’s a great sign of the industry maturing. We see specialists in design, Ux vs backend techies, architects, B2B vs B2C product managers, industry experts such banking, government, healthcare who bridge industry knowledge with technology, we see further more big data, cloud, database, IoT, mobile etc experts.

 

Should Specialist be limited to an organization or department?

With the above background, the key thought I had for writing this post is how our industry can evolve to leverage the specialist expertise, to go beyond just one organization.

Take the case of medical industry, an important attribute is that the specialist are usually not associated to one hospital but consult in multiple different places. There also exists several communities where specialist come together to discuss the challenges, problems, solutions and experiences in their area of specialization. We have seen several doctors consult with others to get second opinions. The ecosystem is well setup in such a way that its not just honorary service, but it’s a win win for everyone, and takes care of “what’s in it for me ?” very well

In case of film industry, most of the people work independently and come together for a specific film. Over the period of time, many work together in multiple such film projects over several years. There are specialist and actors (not the main heros) who work on multiple projects. Its left to the potential, interest and capability of individual on how much he or she can leverage their time, how they want to pace their career, and how they really are on the toes to differentiate or find their winning formula, as individual or as a team. One of the nice talk you should watch to understand it is when our versatile actor Kamal Hassan spoke at NASSCHOM event, sharing some of the interesting aspects of film industry.

The above 2 industry are a great example for us to consider as we evolve our industry. We have several experts and specialist out there in our industry, but their talents are often not leveraged to full potential for lack of the right setup – they are bound by their employment contracts, or merely don’t have avenues to share, engage, contribute and gain. Most of the folks in our industry land up into mundane jobs, standard career path, leading to becoming some people managers or stop reinventing ourselves.

The boundary laid out for experts is not just being able to do with multiple projects outside, but even within the company many of the experts do not have an opportunity to showcase their potential as they are bound by their departments and hierarchies.

Here are my thoughts on how our industry can evolve around better leveraging specialist:

  • Expert clubs that can bring together specialist by different areas of specialization e.g. by specific functional areas, deployment expertise, industry expertise, cultural expertise, skills – product management /design/architecture, GTM expertise etc.
  • Answering the ‘whats in it for me ?’ question – not to expect specialist to come and engage always for free
  • Employment contracts have clauses that allows experts to do other pursuits beyond their employment e.g. like a doctor who can consult beyond the hospital he is assigned to, experts should be able to consult for other products /projects
  • Creating an environment where its safe for experts to be sharing and working independently to take risks
  • Entrepreneurs to recognize the need for experts /specialization for rolling out products that excel, instead of relying on do it all jack of all – this will drive towards the products that excel
  • An environment or community that facilitates experts to be easily accessible and able to work on a product/project for a given time, including possibility for them to engage in multiple projects based on their appetite …think of the movie analogy here
  • Crowd sourcing for expert skills would be a great way to enable experts to be fully engaged, leverage potential and create more products
  • Mentor programs are a stepping stone in this direction for many experts, we see lot of mentor programs already run…but this needs to get to the next level where these experts contribute more rigorously

 

List of Experts that we would like to see in our product industry being part of expert club, not exhaustive:

  • Ux Designers – Interation /visual design
  • Mobile designers
  • Internet Security experts
  • Product Managers for B2C
  • Product Managers for B2B
  • Product marketers
  • Industry Specialist
  • SaaS Pricing experts
  • Growth Hacking experts
  • Technical writers /Product Documentation writers
  • Intellectual Property Experts
  • Social Media Marketers
  • Solution Architects
  • Performance Optimization Experts
  • Scalability Experts

What are your views on this… can our software industry switch gears to enable experts to contribute more…and get awesome products that excel  …working beyond organization boundaries like a doctor or cinema artiste ?

Software Patents: Evil, Necessary or an Evil Necessity? iSPIRT OEQ Hangout

iSPIRT organized a OEQ(Open Ecosystem Hangout) on 20th April, 2015, to understand the role of software patents within the software ecosystem.Software patents are a much debated subject in the technology world today. In some jurisdictions like India, software is not part of patentable subject matter, while in other jurisdictions like the US, software patents are rampant. Do Indian startups need software patents? In a globalizing world, what strategies can they adapt to navigate through the software patents conundrum?

I moderated the session and asked the software entrepreneurs in the discussion to share their cost-benefit analysis of software patents.

Rushabh Mehta of ERPnext responded by saying that as a young startup, they find the cost of software patenting (estimated at around $ 15,000-$20,000 or between Rs 9.3 lakh to Rs 12.4 lakh) to be too high.

Srivibhavan Balaram of Vocera Communications, an entrepreneur, who has worked with open source and closed source software companies, said that patenting makes sense only if there is something unique that is worth patenting. However, he also added that the market for enterprise software was tilting more to open source now because companies were more inclined to go with time tested open source software, which find much faster acceptance. He added that companies are wary of proprietary software from startups.

Subramaniam Vutha, a veteran IP Lawyer and founder of the Technology Law Forum, said that India should actively encourage open source software, while accumulating as many patents as possible in jurisdictions that allowed it. He called this strategy, “Running with the hares and hunting with the hounds.”

Samuel Mani, Partner at Mani Chengappa & Mathur, said that defensibility is the only reason to file software patents. In a study that his organization did, he found that most areas that could be patented were already staked out. He pointed out that the cost of patenting is between $15,000-$20,000 which is the cost of hiring one employee for two years. He suggested that companies that aim to create a defense against software patents could join a defensive patent pool like the Open Invention Network (OIN).

Mishi Choudhary of the Software Freedom Law Center agreed with Mani on defensive patent pools like OIN. She added that most Free and Open Source Software are copyright licenses, but some also contain patent grants. She suggested that participants review the Debian Patent Policy.

This was the first such Hangout on software patents from iSPIRT, and there are plans to organize more such Hangouts to generate greater understanding of this topic.