Report flags country's digital health platforms as failing patients

At seven weeks pregnant in March this year, MKC registered for prenatal care at a private hospital on the outskirts of Nakuru.

 As part of her routine check, she was asked to fill in her details on a digital health portal — a seemingly modern, secure way to manage her care.

 But within days, the marketing messages started.

 From maternity insurance to newborn diapers, breast pumps and baby bassinets, her phone buzzed non-stop with product suggestions she had never searched for online.

 “I hadn’t told anyone outside my family about the pregnancy,” she said. “But here were these companies calling me by name, selling things only a pregnant woman would need. Where else could they have gotten this information?”

 “I believe that my data leaked from the hospital’s platform. I’m worried about what else leaked besides my contact,” the 24-year-old fourth-year HR student at a public university said.

 Her story is not an isolated one.

 The plight of MKC is echoed in a new report by the Kenya Legal and Ethical Issues Network on HIV and AIDS (KELIN), a human rights organisation based in Nairobi, which has raised concerns about the lack of legal protection for patients using digital health platforms in Kenya.

 The report, submitted to the Universal Periodic Review by UN a head of the UNGA in New York next month, warns that the country “lacks a comprehensive regulatory framework for digital health and rights thus posing challenges such as fragmented health information systems, data privacy and security, and limited access to healthcare, especially in remote areas.”

 In a society increasingly reliant on digital technologies, the report notes, the absence of a guiding legal framework is putting patients at risk of privacy violations and unequal treatment.

 The Digital Health Act was enacted in October 2023, however, the Act was declared unconstitutional via Constitutional petition E473 of 2023 on July 12, 2024, leaving the digital health space in Kenya unregulated, the report states.

 The court’s judgment stated that Parliament must undertake sensitisation and ensure “adequate, reasonable, sufficient and inclusive public participation” in accordance with the constitution before enacting the law again.

 Some steps have been initiated to meet this requirement, but the KELIN report notes that “all is not yet clear.”

 According to the Ministry of Health, the country's digital health landscape is experiencing significant transformation, driven by government initiatives and technological advancements.

 The ministry says the country is actively working to integrate digital health solutions to improve healthcare access, efficiency and quality, and that key developments include the enactment of the Digital Health Act, the development of the Kenya Digital Health Strategy, and the implementation of various digital health platforms and initiatives.

 But the KELIN report says the legal void left behind has led to widespread regulatory uncertainty.

 According to the report, “there has been regulatory uncertainty due to insufficient and unclear laws, with the public not involved or aware of existing digital health laws, thus discouraging investment and innovation in digital health”.

 The consequences go beyond investor hesitation. The report outlines a deeply fragmented health information system, with no unified standards across national and county levels.

 It notes that, “there are inconsistent health standards at national and county levels due to the lack of an integrated health information system to manage health data, including sensitive personal data, anonymised data and administrative data”.

 This inconsistency has resulted in differing quality of care across digital platforms, especially where patients rely on telemedicine or mobile clinics for services.

 Without universal protocols, providers interpret data storage, service delivery, and patient engagement differently — leading to unpredictability in healthcare experiences and outcomes.

 “Current health laws and policies are inadequate in addressing and safeguarding human health rights, particularly in the context of emerging technologies and digital health solutions,” the report states.

 The gap has exposed patients to risks that go beyond spam messages and commercial targeting. Without clear protections, patients have no assurance that their most intimate health information is secure.

 For patients like MKC, who trusted a hospital platform with personal data during a vulnerable time, the impact is personal and lasting.

 Instant analysis

Kenya’s failure to uphold public participation has stalled digital health reform, exposing systemic regulatory gaps. Patients are now left vulnerable to data misuse as legal clarity remains elusive.