Kenyan patient records vulnerable to breaches


There is no law that prescribes how to digitally handle patient data and this leaves patients vulnerable to a potential breach of privacy, according to Nicky Nyamasyo, Head of IT at e-health company ION Kenya.

"There was a provisional bill in parliament that was supposed to address the data privacy. In fact, it is general data management laws for the country. They have not been in existence so we have a loophole there," Nyamasyo told ITWeb Africa.

According to Privacy International report released in March, Kenya has no digital privacy laws.

"Kenya does not currently have specific data protection legislation. However, a Data Protection Bill 2013 has been forwarded to the Attorney General for publication, and the Cabinet Secretary for Information Communication and Technology announced the Bill was expected to be presented in Parliament by the end of May 2014. The Bill was still being debated as of February 2016 and has not yet passed," the indictment read.

Nyamasyo said that the Bill requires that all citizen data be hosted in the country, a proposal rejected by major cloud players in the market.

ION Kenya recently launched MyDawa, a service that gives patients an opportunity to order prescription and non-prescription products through an online portal.

In the absence of specific laws on citizen digital data, the company has gone ahead to establish global industry standard in protecting data.

"We know that patient data is private. We have restricted access to patient data, both through encryption and the security around our infrastructure," said Nyamasyo. "We have to build confidence around customer data protection and we have a policy around it."

Patients use their smartphones to order prescriptions from MyDawa which then delivers the product to the respective pharmacy chosen by the client.

The order is fully protected with a seal that has a serial number connected to the patient's phone number. This ensures that only the patient gets the prescription he or she has ordered.

The company has partnered with over 150 pharmacies across Nairobi and offers them a fee for acting as delivery points for prescription drugs. Currently, the service can only be accessed through a mobile app (for both Android and iOS) and through their web interface. The company hopes to launch a USSD solution soon.