The use of data and new technologies in the health sector has considerably changed how health data is being used, accessed, analyzed, and shared between health professionals and individuals. Organizations that handle health data and embrace these new techniques and practices have to maintain a high standard of security and privacy. Privacy and confidentiality of health data is not a new concept within the health sector, as its existence and practice are grounded on creating and maintaining trust. This concept dates back to the creation of the Hippocratic oath. Data protection plays a significant role in protecting the processing of health data and binds healthcare providers not only by oath but also by law. Given the sensitivity of the information that medical practitioners are privy to, professional-patient confidentiality can promote trust and thus effective communication between physicians and patients for the provision of quality healthcare services. The Constitution of Kenya guarantees the right to privacy as a fundamental right. To give effect to this constitutional right under Article 31(c) and (d), the Data Protection Act, 2019 (‘the Act’) was enacted and came into effect on 25 November 2019. Progress towards implementation started in November 2020 with the appointment of the Data Protection Commissioner and setting up of the Office of the Data Protection Commissioner. The Act applies to all processing of personal data by any data controller or data processor established or resident in Kenya and who processes personal data while in Kenya, or not established or residing in Kenya but processing personal data of data subjects located in Kenya. The existing laws and policies regulating health information/data all came into force prior to the enactment of the DPA. However, it is imperative to recognize that the principles of data protection, including privacy and confidentiality, have long been integral to the healthcare domain. The foundational data protection principles serve as guiding tenets for the lawful processing of personal data, extending equally to health data. The principles of lawfulness, fairness, transparency, accuracy, data minimization, purpose limitation, storage limitation, security, and accountability though present in a few of the policies have not been provided for or adequately incorporated in discussing the processing of health data. Is your healthcare organization compliant with data protection regulations? Our specialized legal services offer tailored solutions to navigate the intricate landscape of data protection in the health sector, ensuring your practice meets regulatory standards and safeguards patient confidentiality. Partner with us to mitigate risks, uphold compliance, and foster trust among patients by securing sensitive health information effectively. |