All health institutions are required to acquire certification as data handlers or processors under the Data Protection Act, 2019.
The Kenya Medical Practitioners and Dentists Council on Tuesday announced new compliance requirements for health facilities operating within the country.
This is in an effort to ensure patient privacy and further regulate the handling of personal data.
Starting January 1, 2025, all newly registered health facilities will be required to provide a valid Certificate of Data Handler/Processor from the Office of the Data Protection Commissioner.
This certification ensures that health institutions comply with legal obligations in safeguarding personal data against misuse and protecting the privacy of individuals.
Other existing health facilities are required to apply for the same by March 31, 2025.
This three-month window ensures that established institutions will have ample time to meet this new requirement, which, by the way, has become a legal obligation provided for under the Data Protection Act, 2019.
The KMPDC said this is important in ensuring that the ethical practice of medicine, confidentiality, and security of patient information are upheld.
KMPDC is mandated by the Medical Practitioners and Dentists Act (CAP 253) to regulate the practice of medicine, dentistry, and community oral health,
This move is part of a broader effort to improve trust for patients, prevent data breaches, and enhance the safety of health information throughout the country.
KMPDC Chief Executive Officer David Kariuki emphasiSed the need for observance of the standards.
"This prerequisite indicates the grave importance of ensuring patient privacy, which is a core component of medical ethics," Kariuki said.
"By ensuring the responsible and lawful handling of personal data, health institutions not only meet regulatory standards but also strengthen patient trust and enhance safety."
The Data Protection Act, 2019, is focused on the regulation of the processing of personal data in ways that ensure the protection of the privacy of individuals and mitigate the risk of data misuse across all sectors, including healthcare.
As health facilities prepare for these new regulations, the KMPDC is working to ensure that all stakeholders are informed and ready to comply with the changes.
