Latest News

Global COVID-19 experts see inequitable distribution and vaccine hesitancy as the key challenges for Africa in 2021

Filter resources
78 Results
Health Data Security & Privacy on the African Continent

Global health systems are increasingly focused flashpoints around health data privacy and security. As health systems on the African continent transform to be more digitally mature – how do we ensure the protection of personally identifiable information and how do we use this data to provide more targeted and equitable services?

We, therefore, invite you to join our robust discussion as we imagine a future of work in healthcare that takes on board lessons learned and prioritises health data privacy and security.

We’ll call on experts to share their insights answering questions like:

• What is the current state of play in Health Data Privacy and Security in Africa?
• Why is the protection of personal identifiable information important?
• What can we learn from existing policies and frameworks around the world to secure health data on the African continent
• What tools and technologies exist and what are the drawbacks and advantages
• What immediate actions need to be taken

Join us in three-part series as we look to unpack this important topic and how we can harness the best of scalable technology and manage the risks in a digital world in securing health data assets. Part One will give you an overview of the core challenges and opportunities, while Part Two and Three will delve into more technical detail.

Come and join the debate and be part of the solution!

Panel Discussion: Health Data Security & Privacy on the African Continent

Tuesday 09th November 2021, 3pm (SAST)

REGISTER HERE

Read more
Opinion| Health Data Privacy Protection Is Pivotal To Health Equity In Africa

by: Christopher A. LeGrand, CEO, BroadReach Group, Rachel Clad, Director, Partnerships and Alliances, BroadReach Group,  Ruan Viljoen, Chief Technology Officer, BroadReach Group

Cloud computing, along with increasingly ubiquitous digital tools for collection, aggregation, and analysis of health data, offer substantial potential to help the African continent leapfrog many more mature systems in transforming healthcare and improving health outcomes. However, more rigour and attention must be focused on protecting the privacy and security of health data.

Health data privacy and security protections carry strong health equity implications. The disclosure of personally identifiable health information, such as HIV status, can result in stigma, embarrassment or discrimination, and lead to loss of employment and reduced trust in and engagement with the healthcare system. Free and informed consent around data disclosure and control over one’s own health data should be equally applied across all geographies. This must be a focus across Africa.

Historical Context

Almost 20 years ago when people across the African continent were dying daily by the tens of thousands from HIV/AIDS, the US President’s Emergency Plan for AIDS Relief (PEPFAR) program was launched to save lives. PEPFAR and other global HIV programs, as well as many other urgent infectious disease efforts over the years have been noble and laudable in their hyper focus to save lives.

Through those years huge volumes of data were collected across Africa, some of it personally identifiable health data. Safeguarding this data, while considered, was a much lower priority than getting the lifesaving drugs and services to those most in need. And while significant investments have been made in strengthening health systems, there has been limited attention on the rigor required to protect health information, particularly with heightened frequency of cyber crime and cyber terrorism worldwide.

Over the past two decades we have seen major advances in technology and digital health tools, which mean that most health data is now automated and stored digitally, and sharable for research, policy, and program implementation.  Key privacy laws have also been formalised in many parts of the world to 1) confirm the privacy and stewardship of personally identifiable health information (PHI) and 2) require that those holding this information protect and secure it from unauthorised use or release. About half of African countries have now passed laws to protect a person’s right to the privacy of their health information; however, even in African countries that have enacted privacy legislation, practically speaking these laws have seen limited enforcement and impact.

Nonetheless, these legal frameworks signal important progress in advancing health data privacy and security agendas.

Current State of Play

Hundreds of digital health technologies, many of these free or open source, have been piloted and implemented across countries in Africa. Despite their noble intent, these technologies have not been subject to the kinds of scrutiny that rigorous compliance frameworks such as POPIA, GDPR, or the US-based HITRUST certification process bring. It is critical to explore:

  • Securing the privacy of health information via robust cloud computing, and
  • Ensuring the myriad of digital health technologies are hardened enough to offer end-to-end protection of health data, including PHI.

Some assume that cloud computing means data is ‘offshored’ and is no longer private nor protected by a local country’s regulations. This has led to some countries calling for health and other data to be stored physically within the country’s borders. Yet, this may mean less rigorous IT security provisions than could possibly be found with a global provider.

Locally developed or freely available digital health software tools and applications are also being deployed across Africa, which is exciting, but it is critical to ensure these systems are subject to the design, technical, and process compliance needed to secure health data.

Opportunities

There are several areas that could be explored to advance privacy and security of health data on the African continent. These include the following:

Advancing Policy and Practice. The global development community must focus more attention on protecting health information through policy development, education and awareness, and systems strengthening.

For example, an overarching WHO-led regulatory framework for health data privacy and security has been discussed, but this sort of regulatory framework, beyond promoting general principles of data privacy, has yet to come to fruition. This means a continued patchwork of impractical, inconsistent, or non-existent governance approaches to securing health data for the foreseeable future.

Health data privacy and security policy and practice need to be a focused part of the development agenda going forward.

Embracing Cloud Computing. Several of the large cloud offerings from Microsoft, Google, and Amazon, offer secure, cost-efficient ways to manage health data for African healthcare. However, these global tech players need to navigate the maze of legal frameworks across African countries, which may be partially implemented and sometimes contradictory. African country governments and their supporting development donors need to take advantage of the global tide of cloud computing so that they can harness the best technologies for managing increasing volumes of data.

Hardening Digital Tools and Applications. African governments and their ecosystem actors also need to consider enhanced scrutiny of the various digital health tools and software applications to ensure these have adequate data protection and security features. Deploying full-on POPIA or GDPR-like legal requirements or implementing a rigorous system certification requirement such as HITRUST across Africa would be cost prohibitive and impractical; yet, there are some components that should be explored. For example, a “lite” version of HITRUST certification could become a minimum standard for digital health technologies and cloud computing offerings.

Conclusion

While much progress has been made in health development across the African continent, this progress has not kept up with exponential growth in digital health. This includes harnessing the best of what scalable technology can bring, while also managing the accompanying risks in a connected digital world, including securing health data assets.

 

 

 

 

Read more