Kenya Medical Council Mandates Data Protection Certification for Healthcare Facilities

Kenya Medical Council Mandates Data Protection Certification for Healthcare Facilities.

Posted By Neema Mujesia On 0

By Cherie Oyier

The Kenya Medical Practitioners and Dentists Council (KMPDC) has issued a notice requiring all health institutions to obtain certification as data handler/ processors.

The new health institutions will be required to include a valid certificate of registration from the Office of the Data Protection CommIssioner (ODPC) during registration with KMPDC.

For existing health facilities, KMPDC has provided a grace period for compliance hence they will be required to complete their registration processes and obtain certification by 31st  March 2025.

It is important to note that, health data falls under the category of sensitive data hence it is vital that institutions handling such data put up proper technical and organisational measures to ensure protection.

While registration as a data handler/ processor is a starting point for safeguarding the privacy of patients, this move by the KMPDC will contribute heavily in encouraging compliance.

Health institutions, of course, will have to put in place additional  measures for comprehensive compliance and protection of patients data such as privacy policies, staff training on data protection principles and data subjects rights and investment in digital security tools to ensure patients’ data remain secure among other measures.

Failure to obtain the registration certificate from the ODPC will mean that:

  • Prospective new entrants into the medical and dentistry field will be unable to register their institutions with the KMPDC;
  • Existing institutions stand to be held liable for operating without the registration certificate as either a data handler/processor;
  • A fine of up to KES 5 million or 1% of the institution’s annual turnover of the preceding financial year will be imposed on non-compliant institutions; and
  • Institutions risk diminished public trust and reputational damage among other dire consequences.

However, health institutions can easily avoid these consequences by registering on the ODPC portal. The portal provides for a quick and easy registration process that institutions can follow or obtain the services of data protection experts to take them through and register.

Cherie Oyier, Programs Officer-Women’s Digital Rights, KICTANet

Loading

Neema Mujesia
Neema Mujesia information

Related Posts

Meta Ditches Fact-Checkers, Prioritizes Free Speech, Sparks Global Debate
From Fact-Checking to Community Notes: Analyzing Meta’s New Decision and Its Likely Geopolitical Implications
Kenya Society for the Blind at the Okame Technical and Vocational College in Busia County training basic computer navigation for persons with disabilities under the Digital Access Programme.
Towards an Inclusive Digital Future: KSB Empowers Persons with Visual Impairments in Busia
Nic Nyakundi at the IGF 2024 Riyadh in Saudi Arabia
Embracing Disability Digital Inclusion: A Collective Journey

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.