Today, we are all very happy that we live in a digital world. Especially, in a country like India, where I come from, I can go round the country with just my mobile phone which holds all my money, tickets, reservation, identification cards, driving license, and many others. However, this digitalization comes with some drawbacks. On a day-to-day basis, we are forced to share a lot of personal information such as our name, date of birth, mobile number, and E-mail. You go to the supermarket store, you need to give you mobile number so that the bill/receipt can be sent to your mobile personally, avoiding the need for printing. You book an online delivery you need to share your address, mobile number, and Google location so that the purchased item can be delivered. You book tickets for a movie, flight, or rail you need to share your mobile and E-mail for delivery of tickets. In the process, we receive unwanted marketing calls and are constantly frustrated and try to block as many as possible. We also register for “do not call registries.” However, we as blood centers and health-care providers are part of the problem.
A donor donating blood reveals his name, address, mobile number, E-mail, sexual history, and a lot of personal details that he would not normally reveal to anyone. This is because our blood donor forms and counselors assure them that the information is private and secure and will not be revealed to any third party. We as doctors value patient and donor confidentiality and privacy in conformance with the Hippocratic Oath that we have taken.
Most countries have laws and regulations on confidentiality and privacy. Confidentiality refers to the obligation of health-care professionals and health-care institutions not to disclose personal and sensitive information about their patients or blood donors to third parties. This duty has long been codified in the Hippocratic Oath and is still one of the core principles of medical ethics. The WHO and Centers for Disease Control and Prevention (CDC) guidelines recommend strict confidentiality of personal information about donors and their test results at all times. When a donor donates blood to “XYZ” blood center, he trusts that his personal information inclusive of transfusion transmissible infections (TTIs) reports will not be revealed to any third party, health-care system or otherwise.
If this confidentiality is breached individually or with a donor organization, then this will have a negative impact on the National Blood Transfusion Services and affect the voluntary blood donation in the country. In fact many donor organizations/corporates send our donor forms for scrutiny to their legal cell and ask for an undertaking that their staff (potential donors) personal data will not be breached. Blood centers usually convince them in writing or verbally. The WHO guidelines recommend that confidentiality of donor records should be ensured through the use of unique numbers for donors and donations and the use of codes for infectious markers. As per the WHO/CDC, “Medical data should be shared only with other health-care providers (read as doctors providing treatment) who are, or will be, directly involved in the subsequent care of the donor. Otherwise, no confidential information should be shared without the consent of the donor.”
In India too, recommendations of the “The Digital Personal Data Protection Bill, 2022” is intended to safeguard personal details of individuals – be it donors, patients, or any kind of customer. First, let's examine – Is this law applicable to blood donors and blood centers?
This act is applicable to: (a) personal data collected from data principals (in our case, the blood donors) online and (b) personal data collected offline and later digitized.
A blood center collects the data from blood donors offline through the donor form, but the same gets digitized when we use E-Raktakosh or any such software of our own. While we are responsible for the contents of our database held privately, we have no clue as to how the data is processed or is going to be processed in a national database such as E-Raktakosh.
While collecting the data, the data protection act requires that the data fiduciary (blood center) must give to the data principal (blood donor), a description of personal data collected, and the purpose for which such personal data have been processed. Thus, while collecting donor personal data for the purpose of a particular blood donation, at a particular blood center to meet legal requirements is perfectly ethical and legal, sharing it on other websites be it E-Raktakosh or your own data management system comes with some risk. Let us examine whether these data are useful and for whom.
Blood centers need donor-specific details to get back to the donor in a confidential manner in case of any look-back testing or TTI reactivity. The reason is specified to the donor and involves his personal health. However, is there a need for donor data to be online in public platforms – concealed or revealed is the question. While it is fully understandable that things such as number of donors, number of components, their group-wise distribution, and blood availability are in public interest, what purpose is served by sharing donor identifier information – such as address, mobile number, and e-mail is not clear. Let's also examine what is public interest.
Public interest as per “The Digital Personal Data Protection Bill, 2022” means in the interest of any of the following: (a) sovereignty and integrity of India, (b) security of the state, (c) friendly relations with foreign states, (d) maintenance of public order, (e) preventing incitement to the commission of any cognizable offence relating to the preceding subclauses, and (f) preventing dissemination of false statements of fact. Will donor personal details come under any of these? Obviously No.
The heath-care systems in India (and may be the neighboring countries) are contravening their own laws by asking for blood donor personal identifiers. If the health-care system still wants blood centers to give out donor details, they must spell out the purpose behind the same and take responsibility for data breach. Even then, this will have a negative impact on blood donation. To quote an example, law or no law, I as a centurion blood donor would not like my personal data to be with the health-care system or any other third party as it amounts to breach of my privacy and confidentiality. Many like me, may stop donating blood if they come to know that blood centers are required to share these personal donor details with third parties. Of what use is donor personal data to the health-care system as a whole?
The ultimate aim of the Government as per my understanding is very noble – to create a national database of voluntary blood donors using E-Raktakosh. Nothing wrong with that. The problem is with the method. A donor donating blood for “XYZ” blood center is not giving his consent for donating to any blood center in the city or country.
There are many other such rules that violate laws of the country. Another area which is potentially a violation of individual privacy and confidentiality in India is the NBTC guideline that states that if a HIV-positive donor does not respond after three attempts to contact him, his personal details must be shared with the Government. The same NBTC states that blood centers are required to fill up two forms: (a) referral slip for blood donors and (b) consent for referral. Only when the consent for referral is filled by the donor can he be referred to the state health service, not otherwise. If blood centers are forced to share donor details with health-care service after three failed attempts to contact them, why have the “Consent for referral” form at all?
Different states make different rules. State Blood Transfusion Councils asking blood center to take their permission for conducting blood donation camps, forcing blood centers to share blood free of cost with the government blood centers is another such instance [Table 1][3,4,5].
To develop a national donor data base and central management system E-Raktakosh can do the following things:
- Provide a portal for blood donors to register online into this database voluntarily
- Provide a portal for blood centers to register voluntary donors on this portal with their specific written consent
- Provide separate columns for actual stock and display stock as hospital-based blood centers (government and private) essentially collect blood for their hospital and would not like all of it to be in public domain
- Provide interfacing of E-Raktakosh with blood centers existing software after masking donor personal data to avoid duplication of work. Of what use this will be is still uncertain.
Currently, E-Raktakosh holds donor-specific details, and TTI results together which is the problem. Further, individual donor details serve no useful purpose but only force the blood centers to enter all details in their database and E-Raktakosh, leading to duplicate entries and wastage of time and resources, besides providing opportunity for breach of data and confidentiality.