TECH
09/05/2019 10:42 AM IST | Updated 10/05/2019 12:00 PM IST

Is Your Medical Data Safe With Apps? Some Doctors Don't Think So

Practo has completely denied allegations of spying on users, calling them false and misleading Internet rumours, and pointed to its compliance with international standards for medical data privacy, which aren't even required in India.

Mint via Getty Images

BENGALURU, Karnataka—When you call a doctor using the Practo app, the company makes a recording of the conversation that can be accessed through a Web-based platform, with the recording saved on servers maintained by the company.

“We did not know that this information was being saved,” said Dr Abhishek Vijayakumar, a cosmetic/ plastic surgeon practicing in Bengaluru.

“We had a dispute about some billing and then one of Practo’s representatives came over to our office and showed us the dashboard which had recordings of all our calls,” he added. “I was shocked that this was available, and he told me that this can be accessed by Practo for dispute resolution.”

Is Practo secretly tracking the medical data of users that install the popular application? A viral WhatsApp message circulating between doctors alleged that Practo was using patient data for advertising medicine delivery, misusing records maintained by doctors. HuffPost India tracked down the messages to their origin—a blog post made by Vijayakumar, who then showed us the Practo dashboard. The allegations were later denied by the company.

However, at a time when there is no Indian law to protect private medical data, this is a question that needs to be asked not just about Practo, but any other company offering tech solutions to healthcare while harvesting vast amounts of user data. 

Many companies invariably point to the reams of fine print contained in the terms and conditions governing app usage, but users often do not appreciate just how intrusive data gathering has become.

Worse, while so-called disrupters in other sectors claim to be reducing costs, apps like Practo might just increase the cost of doctors appointments by charging doctors a flat fee for every patient who books an appointment through the app.

Today, with over 100,000 listed doctors and reportedly 50 million appointments across over 50 cities in India, as well as Brazil, Indonesia, Philippines and Singapore, Practo is acquiring a scale that can prove influential in cities like Bengaluru, which has become a sort of unsupervised laboratory for many Indian startups.

Dr Abhishek Vijayakumar
A look inside the doctor's dashboard where recordings of calls with patients are listed.

Around the world, medical records are hugely insecure and very highly lucrative. In India too, as electronic medical records (EMR) become more common, this data is up for grabs, and Practo is simply the biggest and most visible company providing health related services.

For the latest elections news and more, follow HuffPost India on TwitterFacebook, and subscribe to our newsletter.

A Practo spokesperson said that the dashboard is only for doctors to check calls in case of any dispute, and that this information is encrypted so Practo can’t hear what you’re saying to your doctor. However, when HuffPost India used Practo to place a call, there wasn’t any notice (written or verbal) that the call will be recorded.

Update: A Practo spokesperson stated that the recording is mentioned in the company’s terms and conditions, and after the story was published, the recorded warning was also available.

Inside the ecosystem

Practo is one of the earliest success stories in India’s health-tech sector. The company has reportedly raised $243 million over five funding rounds, and is now expanding into other countries.

Practo has a few of different services which include a listings business, where doctors are listed on the platform in the way that Zomato lists restaurants. You can search by specialisation, symptoms, look for doctors nearby, or which ones offer online bookings, and so on.

You can specify whether you want a male or female doctor, whether you’re looking for allopathy, Ayurveda, or homeopathy, and how much the fee should be. Some listings are sponsored, and shown at the top of the results, but doctors can get listed for free, and patients do not pay to use the app. The app charges doctors for every patient who comes to them through Practo. The costs vary based on Practo’s internal calculations that include the doctor’s specialisation, and the going rate for medical services.

The other vertical is Practo Ray, the company’s medical practice management system, which gives doctors features like appointment reminders, online payments, and digital record keeping for medical and financial data that the industry calls electronic medical records or EMRs.

There’s a growing ecosystem of EMR and practice management companies, medicine delivery companies that ask for scans of medical prescriptions, or offer prescriptions online, and so build a detailed medical history of each patient over time. Several of these apps also connect patients with doctors.

One app that HuffPost India has written about is Doxper, an EMR app that uses a special pen with a tiny embedded camera that automatically digitises prescriptions that doctors write on a special paper provided by the company. These prescriptions are then stored on Doxper’s proprietary servers.

Doxper says it is committed to the privacy of patients, but its terms of service warn that it will hold customer data indefinitely, and that people should not expect that all of their personally identifiable information shall be completely removed even if a user deletes their account.

According to startup tracker Tracxn, there are 2,716 companies active in the health-tech space, of which Practo is the biggest. Curefit, which includes online mental health platform MindFit, fitness centres under CultFit, and healthy food delivery via Eat Fit, is the second largest, followed by medicine delivery apps Netmeds and Pharmeasy. In fifth place is MedGenome, which offers end-to-end clinical genomics services.

Who’s responsible for the patient’s data?

Practo’s growing scale is making some doctors, including Vijayakumar, uneasy. The clinic he practices at—Healios—is in a quiet residential neighbourhood with single story homes, and temples on many corners. It’s a far cry from startup hubs like Koramangala and HSR Layout, but tech companies have made their presence felt in this old corner of the city too—there’s a number of startups on the same road as Healios now.

“Practo started off as a very good value provider, but over the years, its only focus is on making money. They are charging doctors ridiculous fees, even a missed call to the clinic is charged to us, and now they’re also taking patient data for their advertising,” Vijayakumar said.

At his clinic, Vijayakumar logged into the Practo system, and showed a dashboard that lists all calls that come to the clinic from the app. To demonstrate his point, he clicked on a recording of a call that had come earlier in the day, playing just a few seconds to make it clear that this is a real patient calling in, with questions about their condition. These are all available through the Internet, and Vijayakumar said they are a risk to patients’ privacy.

Medical data is immensely valuable. And in the absence of a Personal Data Protection law—something that has been hanging in abeyance for almost a year now, since the Srikrishna Committee submitted its draft bill—there’s little that can be done to protect yourself.

The problem over time is that as you have more and more information, there’s more and more about people who might be.

Adam Tanner, a fellow at Harvard’s institute for quantitative social science and author of a new book on the topic, Our Bodies, Our Data, said in an interview with the Guardian that patients generally don’t know that their information—such as diseases, or surgeries—is being bought and sold. This is being anonymised and aggregated, but that isn’t necessarily a guarantee of privacy.

“The problem over time is that as you have more and more information, there’s more and more about people who might be,” Tanner said. In other words, when there’s more anonymous data available, it’s easier to circumvent privacy and identify the people with their data.

Vijayakumar also argued that Practo’s latest business offering, Practo Prime, which doctors can sign up for to increase their visibility on the app, involves high charges that have forced the clinic to raise its fees for all patients.

“The patients think that we are being greedy, but really, if I have to pay a certain amount to Practo because they think this is what a cosmetic surgeon charges, then I have to raise my fee also,” he said.

‘False and misleading Internet rumours’

Practo has denied all the allegations as completely baseless. In a blog post titled “Practo’s reponse to false and misleading Internet rumours”, the company stated that there is no truth to the claim that it sells customer data. All patient data, Practo said, is encrypted and Practo is compliant with the American Health Insurance Portability and Accountability Act (HIPAA), which ensures the data privacy of medical information.

“Since the time Practo was founded, we have been very cautious about how to treat user data, and it is one of the core tenets of the company. Shashank [Practo’s co-founder] has always been very clear about this,” a Practo spokesperson told HuffPost India.

“This is just something that comes up every year or so, one or two doctors will be unhappy,” the spokesperson added. “But if you look at the remaining thousands of doctors who are very happy with Practo, you know that this is not a genuine problem.”

On the question of doctors getting lower ratings and being shown less prominently, the spokesperson added, “the feedback system is 100% based on what the users tell us after each visit to the doctor. We don’t put in anything there, it’s entirely what the patients are saying.”

On social media though, some people have raised doubts, asking why Vijayakumar continues to be a Practo customer, if he is so concerned about the company’s ethical practices.

Vijayakumar however said that Practo’s scale meant, doctors don’t have a choice about being on the platform anymore. Given how quickly his message went viral, circulating in doctors groups and showing up on Twitter as well, he may be right. There appears to be a certain amount of discontent between doctors and Practo, even if the company points to surveys it has done with doctors to ensure that they’re satisfied.

One Bengaluru-based doctor that we spoke to, who didn’t want to be named, said that Practo’s requirements have become very onerous. “When you sign up for Prime, you also deposit money in a wallet, which automatically deducts as the charges take place. You have to put down a a lakh, and then they cut Rs 200 every time a patient visits.”

Echoing one of the points that Vijayakumar made, she also added that doctors that pay up for Prime are shown much more prominently in the search results, which can mean that a newcomer to the field might show up before eminent doctors do.

Dr Joyeeta Basu, co-founder of Doctor’s Hub in Gurgaon, pointed tweeted: “Practo was very good and easy to use earlier. While it is still easy to use, too many changes in the software causes problems , they divert traffic.”

Chennai-based Dr Bruno Mascarenhas also said that Practo’s listing platform causes controversy among doctors, and that there is a disconnect between the company’s customer care, technical, and sales teams. “In my opinion, this [Practo] is value for money,” he wrote. “If they get rid of the listing business and concentrate only on their Ray [Practice Management Software] they have a big and bright future.”