The empaneled agencies will be integrated into various components of NDHM such as the Health Locker service, the Health Information Provider service, the creation of health IDs and more.

A new Request for Empanelment (RFE) from the National Health Authority has revealed the NHA’s plans to use software to make it easier for players to exit the National Digital Health Mission Sandbox. The players would then enter the mission’s live environment.

Why is it important? Before that, it was stated in the sandbox that the certification would be the responsibility of the Standardization Testing and Quality Certification Directorate (STQC) of MeitY. Players who are part of the NDHM Sandbox create products and services that, once certified, could become part of the actual mission. The NDHM is designed to process sensitive health data such as Unique Health IDs, longitudinal health records (possibly from birth to death), health professionals and health facility registries, etc. Although the NHA’s original guidelines mentioned that they would use the services of “empaneled vendors” in the certification process for the “NDHM Sandbox Exit”, no mention was made of who these vendors would be or that the certification was determined using software would .

What the RFE demands from empaneled agencies

  • Develop a certificate self-assessment service / tool to automate the sandbox exit process within 4 months

This tool evaluates the integrations performed by each participant in terms of functionality with NDHM ecosystem APIs and issues a pass-and-fail certification.

Application Programming Interfaces (APIs) Allow a platform or service to connect to other platforms and services. APIs are an integral part of programming. Open APIs allow any service or app to freely connect to a resource and are generally published openly.

  • Based on the certificate, the NHA will sign the final integration of a participant into the NDHM.

The RFE says that the integration will initially only be used for use cases related to:

  • Create a Health Locker Service: That Sandpit defines this as a software system in which a patient’s longitudinal health records are stored either on the patient’s personal devices or on a trusted cloud service.
  • Development of a Health Information Provider (HIP) service: A health information provider can be a hospital, laboratory, health center, clinic, or pharmacy – basically any entity that creates medical information about a patient.
  • Development of a Health Information User Service (HIU): A health information user is an entity that has access to digital health information from HIPs in order to provide services to the patient who owns the information.
  • Creation and approval of health IDs: The health ID is used to uniquely identify people, authenticate them and chain their health records (with the consent of the patient) across multiple systems and interest groups.

However, integration can expand to other applications and other components of the NDHM as soon as they are ready for use.

Criteria for agencies to qualify for inclusion

The agencies need:

  • At least 1 project successfully completed in the development of a self-assessment toolkit for testing functional compliance for an API-based integration in the past 5 years.
  • Average sales of over 3 million in the past 5 years
  • A valid STQC installation certificate for ISO / IEC 17025: 2017 or a valid CERT-IN Empanelment for information security audit services

The RFE says the incorporation will take three years. The software of the empaneled agencies can be used by a sandbox participant at a price jointly agreed between the agency and the participant.

This is how the NDHM sandbox works

Stage 1: The Health Tech Committee (HTC) will shortlist applicants who meet the eligibility criteria for inclusion in the sandbox.

Level 2: Test design for 4 weeks

Level 3: Application examination for 3 weeks

Level 4: Try for up to 12 weeks.

Level 5: Finally, the evaluation would take place over 4 weeks, after which the participant can enter the live NDHM environment.

Previous certification method

According to the sandbox framework guidelines published last year, certification should be based on two approaches, on the one hand to assess the process by which the product was developed, and on the other hand to assess the quality of the end product.

The guidelines state that the Ministry of Electronics and Information Technology (MEITY) must review, validate and certify products / solutions that have been integrated into the NDHM sandbox.

Standardization Testing and Quality Certification Directorate (STQC), an office of MEITY, will be responsible for ensuring the software / product is certified with NDHM before it is launched on the open market. The certification / audit of the product is mandatory and is carried out by STQC or its integrated suppliers, according to the guidelines.

Also read:

Do you have anything to add? Subscribe to MediaNama and post your comment