Fwd: Transforming ECHS for a Quantum Leap in Veteran Healthcare Services

45 views
Skip to first unread message

Chandra Nath

unread,
Aug 18, 2025, 4:16:04 AMAug 18
to vetera...@googlegroups.com

Chandra Nath
7760928824
______________




---------- Forwarded message ---------
From: Chandra Nath <cpc...@gmail.com>
Date: Sun, Aug 17, 2025 at 8:06 PM
Subject: Re: Transforming ECHS for a Quantum Leap in Veteran Healthcare Services
To: Gp 28th-NDA <28thco...@googlegroups.com>, Armed Forces Veterans <armedforc...@googlegroups.com>, <vasanth-v...@apnacomplex.com>
Cc: Min. of Defence MD ECHS <mdech...@nic.in>, Min. of Defence Dy. MD ECHS <dymdec...@nic.in>


Sorry, the link to the PDF of Original was erroneous. 

Chandra Nath
7760928824
______________
My every thought is stealthily copied/sometimes borrowed/mostly stolen/almost always shamelessly misappropriated; none are my own, and hence a crutch by itself




On Sun, Aug 17, 2025 at 7:48 PM Chandra Nath <cpc...@gmail.com> wrote:
With sincere regards,


Chandra Nath
7760928824
______________
My every thought is stealthily copied/sometimes borrowed/mostly stolen/almost always shamelessly misappropriated; none are my own, and hence a crutch by itself
Real courage is found, not in the willingness to risk death, but in the willingness to stand, alone if necessary, against the ignorant and disapproving herd. Jon Roland, 1976
I have only one passion: the love of liberty and human dignity.  In my view, all governmental forms are only more or less perfect means to satisfy that holy and legitimate passion of men—Tocqueville.


Ravindra Waman Pathak

unread,
Aug 18, 2025, 10:00:12 AMAug 18
to vetera...@googlegroups.com
Dear Nath Sir

The CGHS is applicable to  the serving and hence they contribute monthly whilst ECHS takes a once in lifetime contribution. However at the end the contributions byboth  are the same.

The referrals can also be for OPD services like say a tryptometry test for glaucoma.

In an emergency the patient gets admitted for treatment and if no Aadhar is available( though he should be always carrying one) as long as the same is produced soon after admission. Even if this is not done for Emergency treatment there is a HPC procedure for claims.

Data is not stored on the ECHS card but on a server which the doctors can access when they open the database. Unfortunately the data of medicine issued by any polyclinic is not available in another polyclinic and this can and does lead to misuse.

E-sehat is still on trial basis and has not been implemented in Pan India. 

The Home delivery system currently under test run is also a major deviation from the original concept of home delivery . It was first initiated by me with the then MD in waiting when he was posted at SC Hq. The idea was that the patient does not come to the clinic and after online consultancy the Doctor will issue a Rx, which will go to an e-pharma  online for delivery at home. 

The present home delivery system is bound to fail in its current form.

There are no veteran wards as far as I know and no policy letter is issued by DGAFMS.

There is no  link with the Dhanvantari system and apparently none is in the offing
 
The main issue is fund being available round the year rather than in 6 months tranches causing delayed payment of crores in case of EPH and also medicine bills or Hospital bills of patients

The HPC system is too slow and needs physical transfer of papers from the polyclinic to HPC committee. This claim process should have gone online by now
 




I am a proud Hindu and I believe Ahimsa, essentially, is doing everything to stop Himsa. Ahimsa is not the absence of Himsa, but the use of Sam, Dam, Danda, and Bhed to achieve peace.
 People often ask me what we can do for the soldiers. The answer is "be an Indian who is worth fighting for. "See if you can be one"

Do I have enemies? Yes.Good. That means I’ve stood up for something, sometime in my life.


Cdr Ravindra Waman Pathak I.N. (Veteran)

Member Veterans Pension Group

Adviser War Widows Association

1 Surashri,1146 Lakaki Road
Shivajinagar 

Pune 411016
raviw...@gmail.com
9822329340  





--
You received this message because you are subscribed to the Google Groups "veteransindia" group.
To unsubscribe from this group and stop receiving emails from it, send an email to veteransindi...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/veteransindia/CAAoj_dVsQaYaFGxJBbkD48u2ucSKDTPzvYXDnmKSwSxCn2PGaA%40mail.gmail.com.

Chandra Nath

unread,
Aug 18, 2025, 1:21:36 PMAug 18
to vetera...@googlegroups.com, Armed Forces Veterans
Dear Commander,
Thank you very much for applying your mind to the issues at hand. 

The footnote on the first page: "Errors & Omissions  Excepted" itself had an error😀

"Data is not stored on the ECHS card but on a server which the doctors can access when they open the database. Unfortunately the data of medicine issued by any polyclinic is not available in another polyclinic and this can and does lead to misuse." --Commander Pathak

do not work in the area of Medical Informatics/EHR but exposed myself to these just to learn where our ECHS is going wrong.

As for the best way to save what, and where should not be by trial and error but based on the standards arrived at universally as per the latest  EHR standards:

Here’s the executive-level case for building on a universally accepted standard (e.g., HL7 FHIR + common terminologies) — no deep tech, just outcomes:

  1. Interoperability by default
    Data flows cleanly across hospitals, labs, imaging, insurers, and government systems—reducing manual re-entry and error.

  2. Vendor independence (no lock-in)
    Standard interfaces let you change or add vendors without rewriting your stack, improving bargaining power and resilience.

  3. Regulatory alignment and auditability
    Standards embody current best practice for consent, provenance, and record-keeping, making compliance and audits simpler.

  4. Patient safety and clinical clarity
    Shared vocabularies (ICD, SNOMED, LOINC, DICOM) cut ambiguity, improving decision support and care quality.

  5. Speed to integrate and innovate
    Reusable patterns, reference APIs, and off-the-shelf connectors shorten projects and de-risk timelines.

  6. Data portability and longevity
    Records remain usable across upgrades, mergers, and decades—critical for lifetime health histories.

  7. Analytics and AI-readiness
    Clean, structured, coded data unlocks reliable dashboards, population health insights, and safe AI/ML.

  8. Security and privacy by design
    Mature standards include tested models for access control, consent, auditing, and secure exchange.

  9. Cost efficiency at scale
    Lower interface/integration costs, fewer bespoke builds, and easier reuse across programs.

  10. Ecosystem leverage
    A standards-based platform attracts a marketplace of interoperable apps, devices, and services.

In one line: Standards turn healthcare data into a shared, durable utility—portable, safe, and ready for care, policy, and innovation.


Here’s a serially numbered master checklist of critical questions to evaluate any EHR, grouped under logical heads. The numbering runs continuously across groups so each question has a unique ID.


Governance & Regulatory Compliance

  1. What formal certifications and conformance does the product hold (e.g., ISO 27001, ISO 27701, ONC/CE-mark where relevant, national health-data rules, ABDM/NDHM in India)?

  2. Which clinical safety standards/processes are followed (e.g., clinical risk management, SaMD classification, documented safety cases)?

  3. How are regulatory updates tracked and implemented (owner, cadence, evidence of past updates)?

  4. What is the vendor’s product roadmap governance (who decides scope; stakeholder representation; versioning policy)?

  5. What’s the documented quality-management system (QMS) and audit history (internal/external, last nonconformities)?

  6. Are data residency and cross-border transfer requirements supported for your jurisdiction(s)?

Interoperability & Open Standards

  1. Which standards are first-class: HL7 FHIR (which versions), CDA, DICOM, IHE profiles, XDS/XCA, SMART on FHIR?

  2. How complete are FHIR resources/APIs (read/write/search; bulk export/import; paging; terminology binding)?

  3. How are coding systems handled: SNOMED CT, ICD-10/11, LOINC, RxNorm/ATC, UCUM—licensing, updates, local extensions?

  4. Can the system act as/with a National Health Information Exchange or consent manager (e.g., ABDM gateways, NHS spine equivalents)?

  5. Are open APIs documented, versioned, and stable (OpenAPI/Swagger, deprecation policy, SDKs/sandboxes)?

  6. How are referrals, ePrescriptions, lab orders, imaging shared across organizations (IHE profiles, eRx, eLab, eImaging workflows)?

Data Model & Terminology Services

  1. What is the underlying data model (relational, document, graph, openEHR archetypes) and clinical content governance?

  2. Is there a terminology service (mapping, subsumption, refsets, versioning) and how are local codes mapped to standards?

  3. How is longitudinal record assembly handled (encounters, episodes, provenance, version history)?

  4. Can you define reusable order sets, care plans, pathways, forms, and templates without code?

  5. How are units (UCUM) and reference ranges managed across sites and labs?

  6. What is the approach to data validation (schema, cardinality, business rules) and error-handling at ingest?

Security, Privacy & Consent

  1. What access controls exist (RBAC/ABAC), including least privilege, break-glass, and time-bound access?

  2. How is patient consent modeled, recorded, and enforced across APIs and data sharing?

  3. What encryption is used at rest and in transit; how are keys managed (HSM/KMS, rotation, segregation)?

  4. Are audit logs immutable, queryable, and complete (who/what/when/where), and how long are they retained?

  5. What privacy features exist: data minimization, masking, de-identification/re-identification controls, DPIAs?

  6. What’s the incident response playbook (detection, triage, notification, forensics, recovery SLAs)?

Clinical Workflow, Usability & Patient Safety

  1. Does the system support specialty-specific workflows (ED, ICU, oncology, rehab, mental health, dentistry)?

  2. How are alerts/decision support managed (evidence source, override reasons, alert fatigue analytics)?

  3. What usability testing has been conducted (heuristics, cognitive load, clinician task time, accessibility)?

  4. Can clinicians chart rapidly (smart phrases, voice input, structured+free text, mobile capture, offline mode)?

  5. How are handoffs and continuity handled (care team, tasks, sign-out, inpatient–outpatient transitions)?

  6. Are downtime procedures supported (read-only cache, printable packs, safe resync after outage)?

Medication Management & Orders

  1. How are medication dictionaries maintained (RxNorm/ATC), with dose forms, routes, and interaction checking?

  2. Are ePrescribing, formulary management, and prior-authorization integrated (including controlled substances rules where applicable)?

  3. How are medication reconciliation and discharge meds handled across care settings?

  4. Can order sets and protocols be localized by site while keeping governance and version control?

  5. What safety nets exist for allergies, duplicates, interactions, contraindications?

  6. How are infusion/IV, chemotherapy, titration, and tapering orders represented?

Imaging, Labs & Diagnostics

  1. Are DICOM storage, viewing, and worklists supported; can outside studies be imported with priors?

  2. Do lab workflows support LOINC, specimen tracking, reflex rules, delta checks, critical results escalation?

  3. How are POCT (point-of-care tests) and device interfaces handled (IHE POCT1-A, device integration engines)?

  4. Can diagnostic reports be structured (CDA/FHIR DiagnosticReport) and include discrete data for decision support?

  5. How are external providers connected for teleradiology/telepathology?

  6. What is the turn-around-time (TAT) monitoring and exception handling for diagnostics?

Patient Engagement, Portals & APIs

  1. What patient-facing features exist (portal, PHR, apps): access to notes, results, scheduling, secure messaging?

  2. Can patients download/export their data (FHIR Bulk Data / user export) and share via apps (SMART on FHIR)?

  3. How are consents, proxies, minors, and caregivers supported in patient access?

  4. Are multilingual UI/education materials available; accessibility compliance (e.g., WCAG 2.1 AA)?

  5. How are reminders, remote monitoring, and telehealth integrated (video, device data, PROs)?

  6. What guardrails exist for patient-visible results (result release timing, abnormal flags, critical call workflows)?

Analytics, Reporting & AI

  1. What native analytics exist (quality dashboards, operational KPIs, registry extracts) and in what data model?

  2. Is there a clinical data warehouse or FHIR data lake; can you stream to external BI tools (SQL, Parquet, HL7 FHIR Bulk)?

  3. How are risk models/AI integrated (governance, validation, bias, monitoring, human-in-the-loop, rollback)?

  4. Can you author and version rules/alerts (CDS Hooks, CQL) with audit of performance and overrides?

  5. Are research exports de-identified with reproducible pipelines (tokenization, k-anonymity, linkage controls)?

  6. What is the approach to data lineage and provenance for analytics and regulatory reporting?

Infrastructure, Performance & Resilience

  1. What are deployment options (SaaS, private cloud, on-prem); supported regions; tenancy model?

  2. What are SLA guarantees (uptime), RPO/RTO, capacity planning, and horizontal scaling characteristics?

  3. How are upgrades delivered (blue-green/rolling), with rollback and environment parity (dev/test/stage/prod)?

  4. What observability exists (metrics, traces, logs), SRE practices, and automated health checks?

  5. Are there robust backup/restore procedures, point-in-time recovery, and disaster-recovery drills?

  6. How is edge/offline support handled for low-connectivity sites (store-and-forward, sync conflicts)?

Implementation, Change & Support

  1. What is the implementation methodology (discovery → build → test → train → cutover), with named owners?

  2. How are migrations, parallel-run, and go-live support staffed (clinical superusers, 24×7 hypercare)?

  3. What training modalities exist (role-based curricula, e-learning, simulation, certification)?

  4. How are change requests triaged, prioritized, and released (CAB, sprint cadence, release notes)?

  5. What support tiers, response times, and escalation paths are contractually committed?

  6. Are clinical safety incidents and near-misses tracked with RCA and product changes?

Data Migration, Portability & Exit

  1. What is the ingestion pipeline (formats accepted: FHIR bulk, CSV, CDA, DICOM; data quality rules; reconciliation)?

  2. Can you perform full export of your data (including metadata, audit logs, and binary artifacts) without penalty?

  3. How are patient identifiers matched/merged/split (MPI, probabilistic/deterministic, survivorship rules)?

  4. What’s the mapping strategy from legacy codes to standards (tools, governance, acceptance criteria)?

  5. What contractual exit/transition assistance is provided (timelines, fees, vendor cooperation)?

  6. How are legal holds, retention policies, and e-discovery supported during and after exit?


If none of these questions were asked, what were the standards used in their Quality Management System?

ECHS answer would be: We do not know anything, we just went by what the IT specialist ( Signal's Officer posted at ECHS HQ)
Unless we accept that qualified professionals are entrusted with these important tasks, we will end up in situations that are not very enviable.

If we accept that veterans deserve only this, we have a real problem. Even to understand that there is a problem, we need to have some understanding which itself is missing amongst the leadership professionals. 

The Dunning–Kruger effect is a cognitive bias in which people with limited competence in a particular domain overestimate their abilities. It was first described by the psychologists David Dunning and Justin Kruger in 1999.Some researchers also include the opposite effect for high performers' tendency to underestimate their skills. In popular culture, the Dunning–Kruger effect is often misunderstood as a claim about general overconfidence of people with low intelligence instead of specific overconfidence of people unskilled at a particular task.


As I claimed earlier: I do not work in the area of Medical Informatics/EHR but exposed myself to these just to learn where our ECHS is going wrong. If I could gather enough understanding of these, shouldn't ECHS professional staff become proficient in it before sinking so much of "our money" into the wrong standards or actually "no standards" at all? 

SANTOSH KUMAR MISHRA

unread,
Aug 20, 2025, 11:25:06 PMAug 20
to veteransindia
The continued non-functioning of the SeHAT OPD by the DGAFMS, Indian Army, Ministry of Defence, Government of India, amounts to a profound betrayal and deception towards serving and retired Armed Forces personnel as well as their dependents.

Ravindra Waman Pathak

unread,
Aug 21, 2025, 1:20:52 AMAug 21
to vetera...@googlegroups.com
This is not my paper. It has many errors and mostly impractical in Indian evironment

I am a proud Hindu and I believe Ahimsa, essentially, is doing everything to stop Himsa. Ahimsa is not the absence of Himsa, but the use of Sam, Dam, Danda, and Bhed to achieve peace.
 People often ask me what we can do for the soldiers. The answer is "be an Indian who is worth fighting for. "See if you can be one"

Do I have enemies? Yes.Good. That means I’ve stood up for something, sometime in my life.


Cdr Ravindra Waman Pathak I.N. (Veteran)

Member Veterans Pension Group

Adviser War Widows Association

1 Surashri,1146 Lakaki Road
Shivajinagar 

Pune 411016
raviw...@gmail.com
9822329340  




--
You received this message because you are subscribed to the Google Groups "veteransindia" group.
To unsubscribe from this group and stop receiving emails from it, send an email to veteransindi...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/veteransindia/2267b961-cd51-4d71-9511-6ec545828ecbn%40googlegroups.com.

SANTOSH KUMAR MISHRA

unread,
Aug 21, 2025, 2:13:33 AMAug 21
to veteransindia
It stands proven beyond doubt that online teleconsultation is fully feasible and operational in India, as demonstrated by the Government’s own eSanjeevani (https://esanjeevani.mohfw.gov.in/#/) and by several private providers like the Apollo Pharmacy App and leading hospital-based platforms, all of which deliver uninterrupted, reliable services nationwide.

Chandra Nath

unread,
Aug 21, 2025, 3:01:05 AMAug 21
to vetera...@googlegroups.com, Armed Forces Veterans, Gp 28th-NDA, vasanth-v...@apnacomplex.com
Dear All,
"It has many errors and mostly impractical in the Indian environment"
The above is a very sweeping statement. 
Can you state what is "impractical" in the Indian environment but practical in London, Paris, Tokyo, Beijing, Hongkong, New York, Los Angeles or San francisco?

We should have the humility to leave EHR to the professionals.(and I am not an EHR/Medical Informatics professional, I am just a student  investing hundreds of hours struggling to understand it!)

We did not invent "EHR or Medical Informatics" just as we did not invent math or physics!

We only screwed up the very foundation of  its principles by issuing a card (not one  but 4 of them successively ) all of them not just violating the provisions of the standard but totally reinventing our own version of it designed purely out of ignorance"(that is fundamental violation of the very principle of having standards!)

Why do we need standards  compliance? Because if everyone follows it, it will become interworkable. 
Is "interworkable" not mandated for us? Is it mandated only in London, Paris, New York, Los Angeles or San francisco?



"esahat not being implemented" has nothing to do with the issue at hand: Universal standards violating  EHR cards we have issued in ECHS makes interworkability even within the same organization not possible. Really? Why so? 

You said: "Unfortunately the data of medicine issued by any polyclinic is not available in another polyclinic and this can and does lead to misuse."
That is what happens if we do not follow the standard. If different polyclinics within ECHS cannot see "One patient, one record",  how can you expect the polyclinics, the specialist at MH, the specialist at civil Hospital, the pharmacy at the civil Hospital, the specialist for the second opinion see the same "One patient, one record"?

Should all of them see all parts of the record? Obviously NO. that is why standards have RBAC(Role Based Access Control)

But can we quarrel with the fundamental thesis?  A standard is not something everyone  implementing a system redefines but should be following strictly. 
Why should we follow it strictly? Because all our "First encounter/point of contact" ("Polyclinic in our vocabulary"), the referred military/civil  hospital, the specialist we go to for a second opinion , the pharmacy etc. (i.e. all entities)  should be able to see "one patient one record". Is there anything peculiar to our environment that makes it  NOT applicable? I do NOT  get it.

But, be that as it may. We can not counter the "not invented here" argument unless the arguments are stated specifically but in broad/vague  terms: NIH (not invented here). If my paper can not withstand the "peer review", then it is useless, and dangerous and perhaps, total nonsense!


Let me counter one other misunderstanding here:


"In an emergency the patient gets admitted for treatment and if no Aadhar is available( though he should be always carrying one) as long as the same is produced soon after admission."


"if no Aadhar is available" means what? If I remember my Aadhar Number , "my Aadhar is available".
The card in which the number is printed is not the identity. Knowing my number is the "identity" because it can be authenticated. Authentication is the most important part of the process, not producing the printed card! (This distinction is the most important aspect of the issue)

Video Explainer: https://notebooklm.google.com/notebook/693c6e69-e84a-425f-8d14-202804fd385d?artifactId=f25ef167-bb08-4acb-ab87-7543497f8467
Audio Overview: https://notebooklm.google.com/notebook/693c6e69-e84a-425f-8d14-202804fd385d?artifactId=52cac56b-a92f-40b8-9973-5b889950fc61

PDF/Google Doc:  https://docs.google.com/document/d/1cYmoEvlfODsOhqCXaeZyPp6zJ09bHjZrWFC029GpAPo/edit?usp=sharing


"though he should be always carrying one
is the fundamental proof of the misunderstanding!

Most Important: Next time some asks for a copy of the Aadhar card for their file, you know what to tell them: Go and climb a tree or more crisply:GFY
Chandra Nath
7760928824
______________
My every thought is stealthily copied/sometimes borrowed/mostly stolen/almost always shamelessly misappropriated; none are my own, and hence a crutch by itself
Real courage is found, not in the willingness to risk death, but in the willingness to stand, alone if necessary, against the ignorant and disapproving herd. Jon Roland, 1976


On Mon, Aug 18, 2025 at 7:30 PM Ravindra Waman Pathak <raviw...@gmail.com> wrote:
Dear Nath Sir

The CGHS is applicable to  the serving and hence they contribute monthly whilst ECHS takes a once in lifetime contribution. However at the end the contributions byboth  are the same.

The referrals can also be for OPD services like say a tryptometry test for glaucoma.

In an emergency the patient gets admitted for treatment and if no Aadhar is available( though he should be always carrying one) as long as the same is produced soon after admission. Even if this is not done for Emergency treatment there is a HPC procedure for claims.

Data is not stored on the ECHS card but on a server which the doctors can access when they open the database. Unfortunately the data of medicine issued by any polyclinic is not available in another polyclinic and this can and does lead to misuse.

E-sehat is still on trial basis and has not been implemented in Pan India. 

The Home delivery system currently under test run is also a major deviation from the original concept of home delivery . It was first initiated by me with the then MD in waiting when he was posted at SC Hq. The idea was that the patient does not come to the clinic and after online consultancy the Doctor will issue a Rx, which will go to an e-pharma  online for delivery at home. 

The present home delivery system is bound to fail in its current form.

There are no veteran wards as far as I know and no policy letter is issued by DGAFMS.

There is no  link with the Dhanvantari system and apparently none is in the offing
 
The main issue is fund being available round the year rather than in 6 months tranches causing delayed payment of crores in case of EPH and also medicine bills or Hospital bills of patients

The HPC system is too slow and needs physical transfer of papers from the polyclinic to HPC committee. This claim process should have gone online by now
 




Cdr Ravindra Waman Pathak I.N. (Veteran)

Member Veterans Pension Group

Adviser War Widows Association

1 Surashri,1146 Lakaki Road
Shivajinagar 

Pune 411016
raviw...@gmail.com
9822329340  



Ravindra Waman Pathak

unread,
Aug 21, 2025, 3:31:39 AMAug 21
to vetera...@googlegroups.com, Cdr V K Santhanam
It is no point being proven in other schemes. We are running a pilot for such a longtime and yet not available.

Suppose if becomes available where are the doctors for Alternative Medicines as treatment is now allowed through those also.

The last communication from Centorg they seem to be considering sanction for one Ayurved Medical Office but details not known.

Further there is no clarity on Homeopathy or Unani treatment as permitted by the letter on alternative medicine 

I am a proud Hindu and I believe Ahimsa, essentially, is doing everything to stop Himsa. Ahimsa is not the absence of Himsa, but the use of Sam, Dam, Danda, and Bhed to achieve peace.
 People often ask me what we can do for the soldiers. The answer is "be a​n ​Indian who is worth fighting for. "See if you can be one​"

Do I have enemies? ​Yes.​Good. That means I’ve stood up for something, sometime in my life.
Cdr Ravindra Waman Pathak I.N. (Veteran)

Member ​Veterans ​Pension Group

Adviser War Widows Association

1 Surashri,1146 Lakaki Road
Shivajinagar 

Pune 411016
raviw...@gmail.com
9822329340  



--
You received this message because you are subscribed to the Google Groups "veteransindia" group.
To unsubscribe from this group and stop receiving emails from it, send an email to veteransindi...@googlegroups.com.

Chandra Nath

unread,
Aug 21, 2025, 4:03:03 AMAug 21
to Gp 28th-NDA, Armed Forces Veterans, vasanth-v...@apnacomplex.com, vetera...@googlegroups.com
FYI
Chandra Nath
7760928824
______________


---------- Forwarded message ---------
From: Chandra Nath <cpc...@gmail.com>
Date: Thu, Aug 21, 2025 at 1:28 PM
Subject: Fwd: Transforming ECHS for a Quantum Leap in Veteran Healthcare Services
To: Min. of Defence MD ECHS <mdech...@nic.in>, Min. of Defence Dy. MD ECHS <dymdec...@nic.in>


Dear MD,
FYI.
ECHS again made the mistake of demanding Aadhar Card copy from members and is with every EHR and this is a security risk:
Aadhar number by itself is not a security risk, but with associated name, address, phone number etc. is.

When  there is a security breach (It is not a question of if but when)  so much of Aadhar related security information of so many members and their families  is breached.

Storing Aadhar Copies 

with ECHS Records: 

A High-Stakes Gamble with Severe Financial and Legal Risks

New Delhi: An organization, including the Ex-servicemen Contributory Health Scheme (ECHS), that stores a physical or digital copy of an Aadhaar card with every Electronic Health Record (EHR) of its members is exposed to substantial legal, financial, and reputational risks. This practice directly contravenes the foundational principles of the Aadhaar Act and is now punishable by staggering fines under the new Digital Personal Data Protection Act, 2023.

While no direct ECHS circular explicitly forbidding the storage of Aadhaar copies with EHRs is publicly available, the legal framework established by the UIDAI and the Government of India makes the practice illegal and unsafe. The government's push, including within ECHS, is towards using the Ayushman Bharat Health Account (ABHA) number, which uses Aadhaar only for one-time verification to create a secure, digital, and consent-based health data ecosystem. Storing the source document (Aadhaar) defeats this security-by-design approach.

The Risks: What is at Stake?

Storing Aadhaar copies with sensitive health data creates a toxic combination that poses severe risks:

  • Medical Identity Theft: A compromised Aadhaar copy linked to an EHR can be used to fraudulently avail medical services, file fake insurance claims, or obtain prescription medications in the member's name.

  • Financial Fraud: The Aadhaar number is a key enabler for the Aadhaar Enabled Payment System (AePS). While direct withdrawals are not possible with the number alone, leaked data can be used by sophisticated criminals for social engineering and other fraudulent activities.

  • Data Aggregation and Profiling: Combining demographic data from Aadhaar with sensitive health information creates a comprehensive personal profile. In the wrong hands, this can be used for targeted scams, discrimination, or extortion.

  • Legal and Regulatory Action: This is the most direct and severe risk, involving massive financial penalties and potential imprisonment for responsible officers.

  • Reputational Damage: A data breach involving veterans' personal and health information would cause a significant loss of trust in the ECHS organization.

The Law: DPDP Act, 2023 Brings Massive Financial Penalties

The legal landscape has shifted dramatically with the notification of the Digital Personal Data Protection (DPDP) Act, 2023. This Act now serves as the primary legislation governing personal data, including Aadhaar. It supersedes many earlier provisions with a much more stringent penalty regime.

Under the DPDP Act, an organization like ECHS is a "Data Fiduciary," with a legal duty to protect the personal data of its members ("Data Principals"). Storing Aadhaar copies without a secure, specified, and legal purpose is a violation of key principles of the Act.

The financial risk is no longer trivial. The DPDP Act empowers the Data Protection Board of India to impose penalties for non-compliance, with the fines going to the Consolidated Fund of India. For a significant data breach or non-compliance, the penalties are staggering:

  • Failure to take reasonable security safeguards to prevent a personal data breach: Penalty can extend up to ₹250 crore.

  • Failure to notify the Board and affected persons of a data breach: Penalty can extend up to ₹200 crore.

These penalties can be levied for each instance of non-compliance, meaning the risk for an organization with a systemic practice of improperly storing Aadhaar data is enormous.

How Much Money Could Be Paid to Members?

This is a critical distinction. The massive penalties under the DPDP Act are paid to the government, not directly to the affected individuals.

For members (patients) to receive financial compensation for the harm caused by a data breach, they have a separate recourse:

  1. Approach the Data Protection Board (DPB): The DPDP Act provides a framework for individuals to seek redressal. While the Board's primary function is to impose penalties, its orders can form the basis of a claim for compensation.

  2. Civil Court Proceedings: Affected members can file civil lawsuits to claim damages for the harm suffered due to the negligence of the organization. The amount of compensation is not fixed by law; it would be determined by the court based on the extent of the financial loss, mental agony, and harm caused.

  3. Grievance Redressal: The first step for any member is to use the grievance redressal mechanism of the Data Fiduciary (ECHS). If the issue is not resolved, they can then escalate it to the DPB.

Therefore, there is no fixed amount of money at risk of being paid per member. The organization's primary financial risk is the massive penalty payable to the government. The compensation paid to members would be decided on a case-by-case basis through legal proceedings and would depend on the proven harm to each individual.

The older Aadhaar Act, 2016, also has provisions for penalties, including imprisonment for up to 3 years and fines up to ₹1 lakh for companies for unauthorized use or disclosure of identity information. However, the DPDP Act's financial penalties are far more significant.

In conclusion, the practice of storing Aadhaar copies with EHRs is a relic of outdated data handling procedures. It is legally non-compliant, a significant security threat, and, under the DPDP Act, 2023, a financial risk running into hundreds of crores in government penalties, in addition to the potential for civil liability to the affected ECHS members.




Chandra Nath
7760928824
______________
My every thought is stealthily copied/sometimes borrowed/mostly stolen/almost always shamelessly misappropriated; none are my own, and hence a crutch by itself





Most Important: Next time some one asks for a copy of the Aadhar card for their file, you know what to tell them: Go and climb a tree or more crisply:GFY

SANTOSH KUMAR MISHRA

unread,
Aug 22, 2025, 3:17:26 AMAug 22
to veteransindia

Dear Sir,

Thank you for your valuable advice shared with the MD, ECHS, on the legal and security/privacy risks of storing Aadhaar copies along with EHR. I sincerely hope for a positive response from the MD, ECHS, on this issue.

At present, if we decline to submit an Aadhaar copy to the ECHS polyclinic along with a claim for reimbursement, the claim is simply not accepted and is subsequently rejected. Further, among empanelled hospitals, some demand Aadhaar copies while some do not.

It is evident from multiple instances that ECHS functionaries, including the Regional Director ECHS and Station Commander ECHS, are not adhering to the well-established policy directives issued by the Central Organisation ECHS. Unfortunately, it also appears that higher authorities are not taking adequate cognisance of these serious concerns. Such inaction and neglect deprive beneficiaries of their rightful entitlements, leaving them helpless.

Regards,

Chandra Nath

unread,
Aug 22, 2025, 3:56:20 AMAug 22
to vetera...@googlegroups.com, Min. of Defence Dy. MD ECHS, Min. of Defence MD ECHS, Gp 28th-NDA, Armed Forces Veterans, vasanth-v...@apnacomplex.com

Subject: Critical Advisory on Aadhaar Storage Practices in ECHS

Dear All,

One important caveat at the outset: do not take my word for granted. 

Every point I raise must withstand critical review and professional challenge. It is only through such scrutiny—by qualified and experienced experts—that truth emerges. Any policy or recommendation that cannot withstand rigorous examination is not worth adopting or emulating.

Conversely, if no one is able to challenge the findings, policy advice, or recommendations presented here, then it is clear that continued disregard exposes ECHS and its leadership to severe legal and administrative consequences. When a breach or violation occurs—as experience worldwide shows it inevitably will—the issue of due diligence will determine liability.

To meaningfully challenge these findings requires demonstrated expertise in information security, privacy law, and compliance—not assertions made without technical or legal grounding. Establishing credibility in this domain means putting forward recommendations that can themselves withstand the same level of scrutiny.

It is therefore imperative for the MD, ECHS, to revise existing policies without delay

Failure to act will not only cause regulatory non-compliance but also inflict direct harm on the beneficiaries who rely on ECHS apart from the legal consequences including the risk to the allocated funds. And if you demonstrably violate the law, then you can not use the organizational funds to defend your case (of violating the Rule of Law) but will have to rely on personal funds to defend your lack of due diligence and clear violations of the mandates of the statutes.

I do NOT make these statements/claims  lightly.

With sincere regards,
Chandra Nath

Bangalore 562157
+91 77609 28824


______________
My every thought is stealthily copied/sometimes borrowed/mostly stolen/almost always shamelessly misappropriated; none are my own, and hence a crutch by itself



Ravindra Waman Pathak

unread,
Aug 23, 2025, 12:56:29 AMAug 23
to vetera...@googlegroups.com, Min. of Defence Dy. MD ECHS, Min. of Defence MD ECHS, Gp 28th-NDA, Armed Forces Veterans, vasanth-v...@apnacomplex.com
Dear Sir

The ECHS and EPH must be made to accept Masked Aadhar card as a safety measure 


I am a proud Hindu and I believe Ahimsa, essentially, is doing everything to stop Himsa. Ahimsa is not the absence of Himsa, but the use of Sam, Dam, Danda, and Bhed to achieve peace.
 People often ask me what we can do for the soldiers. The answer is "be an Indian who is worth fighting for. "See if you can be one"

Do I have enemies? Yes.Good. That means I’ve stood up for something, sometime in my life.
Cdr Ravindra Waman Pathak I.N. (Veteran)

Member Veterans Pension Group

Adviser War Widows Association

1 Surashri,1146 Lakaki Road
Shivajinagar 

Pune 411016
raviw...@gmail.com
9822329340  



--
You received this message because you are subscribed to the Google Groups "veteransindia" group.
To unsubscribe from this group and stop receiving emails from it, send an email to veteransindi...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages