“ The future isn ’ t what it used to be ”:
Managing Data Privacy in Kenya in Wake of COVID-19 Pandemic Response
by Rufus Nyaga , informatics technical manager , APHL Kenya and Reshma Kakkar , informatics manager , Global Health
pandemic has created a unique quandary for data privacy proponents . On one hand , sharing of detailed data is critical to ensure appropriate actions such as contact tracing . On the other hand , it is also important to assure that data remain protected .
In Kenya , APHL , through critical partnerships with the Ministry of Health
( MoH )/ National Public Health Laboratories
( NPHL ), has not only established a centralized national laboratory data repository for consolidating COVID-19 laboratory data , but also achieved consensus from private and public laboratories throughout the country to share COVID-19 laboratory data with the repository . This is no mean feat , especially when many developed countries are challenged with convincing all testing laboratories to share their data in a timely manner for accurate reporting to the World Health Organization
( WHO ) and other key institutions to guide national and global response efforts .
Laying Foundations Early
A primary reason for this accomplishment was early engagement about the importance of laboratory data sharing and reporting with all laboratories that were testing or planned to add COVID-19 testing capability . With Kenya ’ s decentralized approach to testing , county ( equivalent to states ) and private laboratories independently conduct COVID-19 testing after receiving certification from MoH . To address the range of data privacy concerns resulting from the need to share testing data , NPHL developed agreements with both public and private laboratories sharing data with the repository , as well as external entities that utilize data from the repository to govern privacy and confidentiality .
APHL and the MoH Information and Communication Technology ( ICT ) team configured the repository as an extension of the established Laboratory Information Management System ( LIMS ) at NPHL , enabling security features that ensured only authorized users had access to these sensitive data . Any result submitted to or accessed from the repository by any user is fully audited . Therefore , at any point in time , the repository can generate a detailed report ( audit trail ) on who accessed the data , what was accessed and when . All authorized repository users also sign non-disclosure agreements . All application programming interface ( API ) integrations with external systems are through previously declared internet protocol ( IP ) addresses that are whitelisted on NPHL ’ s server , thus adding further security to the data submission and retrieval process .
Key highlights of the data management efforts to support Kenya ’ s COVID-19 response include :
• 100 % of laboratories conducting COVID-19 testing are now sharing data with the National COVID-19 data repository . This was possible due to NPHL and APHL establishing data privacy requirements . Of these laboratories , 40 % are private and the remaining are public facilities .
• Data integration with external systems was also feasible due to measures instituted for data privacy and confidentiality . This secure integration was instrumental in enriching the data available to surveillance and other existing systems to support their core mandate .
• Dashboards providing daily / monthly summary on COVID-19 testing status have been valuable to the MoH and NPHL and no personally identifiable information is available through these tools . n
16 LAB MATTERS Winter 2021