Connect with us


Protecting the privacy of health data is essential for health equity in Africa (By Christopher A. LeGrand, Rachel Clad and Ruan Viljoen)



Protecting the privacy of health data is essential for health equity in Africa (By Christopher A. LeGrand, Rachel Clad and Ruan Viljoen)

Health data privacy and security policy and practice should be an integral part of the development agenda going forward

CAPE TOWN, South Africa, October 20, 2021 / APO Group / –

By: Christopher A. LeGrand, CEO, BroadReach Group; Rachel Clad, Director, Partnerships and Alliances, BroadReach Group, and Ruan Viljoen, CTO, BroadReach Group

Cloud computing, along with the increasingly ubiquitous digital tools for collecting, aggregating and analyzing health data, offers substantial potential to help the African continent move beyond many more mature systems to transform healthcare. health outcomes and improve health outcomes. However, more rigor and attention must be paid to protecting the privacy and security of health data.

Health data privacy and security protections have strong implications for health equity. Disclosure of personally identifiable health information, such as HIV status, can lead to stigma, embarrassment or discrimination, and result in job loss and decreased trust and commitment to the health system. Free and informed consent regarding the disclosure of data and the control of one’s own health data should be applied in the same way in all geographical areas. This must be a priority across Africa.

Historical context

Almost 20 years ago, as tens of thousands of people across the African continent died from HIV / AIDS every day, the President’s Emergency Plan for AIDS Relief (PEPFAR) program was launched to save lives. PEPFAR and other global HIV programs, as well as many other urgent infectious disease efforts over the years have been noble and laudable in their hyper goal of saving lives.

During these years, huge volumes of data have been collected across Africa, some of it being personally identifiable health data. Safeguarding this data, though considered, was a much lower priority than delivering life-saving medicines and services to those who need them most. And while significant investments have been made in strengthening health systems, little attention has been paid to the rigor required to protect health information, especially with the increasing frequency of cybercrime and cyberterrorism around the world. .

Over the past two decades, we have witnessed major advancements in digital health technology and tools, meaning that most health data is now automated and digitally stored, and shareable for research, implementation. policy and program implementation. Key privacy laws have also been formalized in many parts of the world to 1) confirm the confidentiality and management of Personally Identifiable Health Information (PHI) and 2) require those who hold that information to protect and protect it from any unauthorized use or disclosure. About half of African countries now have laws to protect a person’s right to privacy of their health information; however, even in African countries that have enacted privacy legislation, in practice these laws have had limited application and impact.

Nonetheless, these legal frameworks signal significant progress in advancing health data privacy and security programs.

Current state of affairs

Hundreds of digital health technologies, many of which are free or open source, have been tested and implemented in African countries. Despite their noble intention, these technologies haven’t gone through the kind of scrutiny that rigorous compliance frameworks like POPIA, GDPR or the US-based HITRUST certification process bring. It is essential to explore:

Secure the privacy of health information through robust cloud computing and ensure that the myriad of digital health technologies are hardened enough to provide end-to-end protection of health data, including PHI.

Some assume that cloud computing means that data is “off-premises” and is no longer private or protected by the regulations of a local country. This has led some countries to demand that health and other data be stored physically within the country’s borders. Still, that can mean less stringent IT security arrangements than one might possibly find with a global vendor.

Locally developed or freely available digital health software tools and applications are also being rolled out across Africa, which is exciting, but it is critical to ensure that these systems are subject to design, engineering and compliance. processes necessary to secure health data.


Several areas could be explored to advance the privacy and security of health data on the African continent. These include the following:

Advance policy and practice. The global development community needs to pay more attention to protecting health information through policy development, education and awareness, and systems strengthening.

For example, a WHO-led comprehensive regulatory framework for health data privacy and security has been discussed, but this type of regulatory framework, beyond promoting general principles of data privacy, has failed. not yet borne fruit. This means an ongoing patchwork of impractical, inconsistent, or nonexistent governance approaches to securing healthcare data for the foreseeable future.

Health data privacy and security policy and practice should be an integral part of the development agenda going forward.

Adopt Cloud Computing. Several of the major cloud offerings from Microsoft, Google, and Amazon provide secure and cost-effective ways to manage health data for African healthcare. However, these global technology players must navigate the maze of legal frameworks in African countries, which can be partially implemented and sometimes contradictory. Governments of African countries and their development donors must harness the global wave of cloud computing so that they can harness the best technologies to handle increasing volumes of data.

Strengthening of digital tools and applications. African governments and their ecosystem actors should also consider a thorough review of the various digital health tools and software applications to ensure that they have adequate data protection and security features. Deploying POPIA or GDPR type legal requirements or implementing a rigorous system certification requirement such as HITRUST across Africa would be prohibitive and impractical; however, there are certain elements that should be explored. For example, a “lite” version of the HITRUST certification could become a minimum standard for digital health technologies and cloud computing offerings.


Although much progress has been made in health development on the African continent, these advances have not kept pace with the exponential growth in digital health. This includes harnessing the best that scalable technology can bring, while managing the associated risks in a connected digital world, including securing healthcare data assets.

Short Link:

NNN is a Nigerian online news portal that publishes breaking news in Nigeria, and across the world. We are honest, fair, accurate, thorough and courageous in gathering, reporting and interpreting news in the best interest of the public, because truth is the cornerstone of journalism and we strive diligently to ascertain the truth in every news report. Contact: editor @ Disclaimer.