The Kenya Medical Practitioners and Dentists Council (KMPDC) has issued a firm directive requiring all healthcare facilities to comply with data privacy laws by March 31, 2025. This mandate is part of a broader effort to enhance data protection measures in the medical sector and ensure that patient information is handled responsibly and securely.
Under the new regulations, all health facilities must register and obtain certification as data handlers and processors from the Office of the Data Protection Commissioner (ODPC). This certification process is designed to enforce strict adherence to data protection standards, preventing unauthorized access, misuse, or leakage of sensitive patient records.
With the increasing digitization of health records, data privacy has become a growing concern in Kenya’s healthcare system. Cases of data breaches and misuse of personal information have highlighted the need for stricter regulations and oversight. By enforcing compliance, KMPDC aims to strengthen the integrity of medical data management and ensure that patients’ rights to confidentiality are upheld.
Healthcare facilities that fail to meet the compliance deadline may face penalties, including fines or suspension of their operating licenses. The KMPDC has urged medical institutions to take immediate steps to align with the legal requirements, including investing in secure data management systems, training staff on data privacy protocols, and updating their privacy policies.
The implementation of these measures is expected to improve trust in Kenya’s healthcare system, as patients will have greater confidence that their personal health information is being handled with the highest level of security.
As the March 31 deadline approaches, healthcare providers must prioritize compliance efforts to avoid repercussions and contribute to a more secure and efficient medical data management system in the country.