&w=64&q=75)
The Kenya Medical Practitioners and Dentists Council (KMPDC) has announced a new compliance requirement for all health facilities under the Data Protection Act, 2019.
This measure aims to enhance the safeguarding of personal data in the healthcare sector and comes into effect on January 1, 2025.
In a notice released by KMPDC Chief Executive Officer Dr. David G. Kariuki, all new health facility registrations will require a valid Certificate of Data Handler/Processor issued by the Office of the Data Protection Commissioner (ODPC).
Existing health facilities have been given a three-month grace period to comply, with a March 31, 2025 deadline.
The move aligns with KMPDC's mandate under the Medical Practitioners and Dentists Act (CAP 253), which includes regulating the training and practice of medical and dental professionals, as well as overseeing health facilities across Kenya.
The Council emphasised that protecting patient privacy is a cornerstone of ethical medical practice.
By ensuring the responsible and lawful handling of personal data, health institutions not only adhere to regulatory standards but also strengthen patient trust and enhance safety.
The Data Protection Act, implemented by the ODPC, regulates personal data processing to prevent misuse and uphold individual privacy rights.
The requirement for certification demonstrates the government’s commitment to enforcing these protections in sectors that handle sensitive personal information, including healthcare.
KMPDC reiterated its dedication to upholding high standards of professionalism and accountability in the health sector as part of its mission to ensure quality healthcare for all Kenyans.
Health facilities are advised to begin the certification process promptly to meet the stipulated deadlines and avoid disruptions to their operations.
The Growing Need for Data Protection in Kenya’s Healthcare Sector
In recent years, Kenya’s healthcare sector has undergone rapid digital transformation, with facilities increasingly adopting electronic medical records (EMRs), telemedicine platforms, and digital payment systems.
While these advancements have improved efficiency and access to care, they have also introduced significant risks related to data breaches, misuse of personal information, and compromised patient confidentiality.
Healthcare systems globally, including those in Kenya, have become prime targets for cyberattacks.
Many providers have become reliant on mobile applications, online portals, and third-party platforms to manage patient care.
While these tools made healthcare more accessible, they also created vulnerabilities, with some facilities unable to guarantee compliance with Kenya’s Data Protection Act, 2019.
As healthcare data became more decentralised, risks of unauthorised access, data mishandling, and cross-border data transfers emerged.
This made it imperative to establish a standardised framework for health facilities to handle personal information securely and lawfully.