DATA PRIVACY IN PUBLIC HEALTH INFORMATION

DATA PRIVACY IN PUBLIC HEALTH INFORMATION: CHALLENGES AND FUTURE DIRECTIONS

INTRODUCTION

In an era where personal health information is increasingly digitalized and shared, the importance of data privacy cannot be overemphasized, especially in a country like Nigeria. As we traverse the complexities of healthcare delivery in Nigeria and the growing dependence on the use of technology, the need to protect sensitive health data has become paramount. Data privacy is important as it safeguards personal information, trust in the healthcare systems and protect the fundamental rights of individuals in the healthcare sector.[1]

While data protection regulation exists both nationally and globally to safeguard user’s data and privacy, there are still existing loopholes in the Nigeria’s regulatory framework. The use of traditional method for collecting and storing data, such as the paper based form and the physical record pose weaknesses but resistance from individuals in traditional data storage roles has hindered the transition to more modern practices.[2] Additionally, the introduction of electronic medical recording and remote access to data has left technology illiterate personnel struggling as they are unable to operate the electronic medical record.[3]  Despite the adoption of electronic systems for data storage, there is still a risk of electronic crashes, which can lead to data loss if proper backups are not maintained, for example the loss of patients medical records in national hospital in  Abuja early this year as a result of improper backup of patient data led to confusion and mix up of patients information. Addressing these weaknesses is important for effective implementation of data protection and privacy measures.

In this article, we will be exploring what data privacy in public health is, the impact of data privacy to public health, and how it is collected in primary healthcare facilities. Additionally, this article seeks to expose the data privacy and protection challenges in Nigeria with case studies that demonstrate the impact of data breaches in Nigeria. We will further provide future directions to address the realities of Nigeria’s public health and regulatory framework.

OVERVIEW OF THE MEANING AND IMPACT OF DATA PRIVACY IN PUBLIC HEALTH

 Privacy can be said to be an individual’s right to decide whether information about him or her is released, while confidentiality is an assurance given by a data holder that they will not violate any individual’s privacy by releasing data the individual desires to be private. Healthcare data privacy on the other hand, involves policies and technology used in protecting sensitive health data for medical clients and patients.[4] These data are only allowed to be accessed by authorized individuals, like doctors to see sensitive patient medical data or protected health information (PHI). Section 26 (1) of the National Health Act 2014 makes it mandatory for health care workers to maintain a patient’s privacy.[5] Data privacy helps individuals to maintain control over their personal information, it allows them to decide how these data are collected, used and shared. Data privacy ensures that individual personal information is not breached or misused without consent.[6] The NDPR provides legal safeguards for the processing of personal data in accordance with a specific, legitimate and lawful purpose consented to by the data subject.[7]  

A data breach on the other hand, is an intentional or unintentional release of confidential information that exposes it to unauthorized access, whether through malicious attacks or careless handling. It can lead to financial losses, reputation damage and legal penalties. [8] This is why laws and policies are put in place to govern the safety of patient private data, such as the NHA (National Health Act), NDPA (Nigeria Data Protection Act), NHMIS (National Health Management Information System). These laws mandate that the health data of individuals must be kept confidential, no information about a patient should be shared without consent from them, accessing and evaluating the performance of health care service and their impact on healthcare status, ensuring that the data of patient are kept confidential and not breached.

IMPACT OF DATA PRIVACY TO PUBLIC HEALTH IN NIGERIA

Data privacy has impacted the public health in Nigeria in various ways;

1. Patient trust: one significant challenge healthcare workers face is patient reluctance to fully disclose their medical conditions due to fears of privacy breaches by unauthorized individuals. Many patients hesitate to share the full extent of their medical issues because of a lack of trust. When patients believe their medical records will be kept confidential, they are more likely to open up and return for ongoing healthcare needs. Building patient trust is crucial not just for patients themselves but also for hospitals and healthcare facilities.
   
   
2. Patient safety: just as patient trust is important, the safety of patient’s vital information is equally important. Healthcare facilities have a responsibility to safeguard patient information and medical records and ensure these records are not lost or breached. One of the challenges hospitals encounter today, particularly with the adoption of electronic medical records, is the loss of patient information due to inadequate backup and encryption. Such losses can lead to incorrect conclusions, resulting in misdiagnoses, improper prescriptions, and other errors by healthcare practitioners. Consequently, patients may lose faith in healthcare facilities, which can prevent them from seeking necessary care when their health declines. Ensuring the safety of patient privacy is important for building trust between patients and healthcare providers, and assures patient that their sensitive health information will be handled responsibly.
   
   
3. Preserving individual autonomy: data privacy empowers individuals to maintain control over their personal information. It allows them to determine how their data is collected, used and shared, ensuring that personal information is not exploited or misused without their consent.[9]

4. Protection of personal information: data privacy safeguard individual’s personal information from unauthorized access, it is the responsibility of the health organization to preserve and protect personal information of patient and ensure that sensitive health information remains secured.[10]

5. Legal and regulatory compliance of data protection in Nigeria: in Nigeria, the legal and regulatory compliance of data privacy in public health is governed by several key frameworks, such as the Constitution of the Federal Republic of Nigeria, the chapter 4 of the constitution being in relation to the subject matter, points at the provision of s37 thereof which provides for and avails every of its citizen the right to privacy.[11] The National Health Act of 2014 also provides the importance of patient confidentiality and the protection of personal health information. Section 26 (1) of the NHA provides that “all information concerning a user, including information relating to his or her health status, treatment or stay in a health establishment is confidential”. This Act mandates that healthcare providers to maintain the privacy of patient’s medical records and only disclose such vital information with the consent of the patient or only when legally required.[12] Additionally, the primary legislation is the Nigeria Data Protection Regulation (NDPR) which was introduced in 2019. This regulation aims to protect personal data and ensures that data processing activities are conducted transparently and securely. It also emphasizes that healthcare providers and organization must obtain explicit consent from patient before collecting, processing or sharing their personal health information. Compliance with these laws helps public health avoid legal repercussions, and damage to their reputation.

MEANS OF COLLECTING AND STORING DATA IN PUBLIC HEALTH

Data privacy is a critical aspect of healthcare and hospitals uses various methods to collect and store patient data ensuring the confidentiality, availability and integrity of the data. Examples of such methods are; the paper based medical records, patient data is been recorded on a plain sheet and stored in a folder or file. Information that should be recorded on the patient card include; blood group, and genotype, name, age, drug, allergy, medical history, home address, occupation, sex, next of kin, next of kin address and phone number. These sensitive documents of patients are stored in a locked cabinet or room to prevent unauthorized access. Also, the Electronic health record; many healthcare facilities are adopting the use of electronic health record systems to store and manage patient information digitally. In this method, patient data is stored electronically, allowing for easy access and sharing among health care professional. Other method includes survey and questionnaires method, interviews and focus group methods, community health programs method, they are used to gather information about the patient, especially when the patient don’t really like to open up concerning some vital information due to some personal reasons or out of shyness. In such cases, these methods are used to collect their personal information while ensuring their safety.

 DATA PRIVACY CHALLENGES IN NIGERIA PUBLIC HEALTH

1. Lack of Enforcement Mechanism: Despite the existence of the Nigeria Data Protection Regulation (NDPR), the inconsistent application of the regulations across healthcare facilities especially in rural areas leads to non-compliance and unauthorized access to data privacy. For example, during the COVID-19 pandemic, Nigeria faced challenges in managing health data such as the electronic contact tracing capacity and vaccination efforts were not adequately secured which led to the concern about unauthorized access and misuse of personal information. This situation led Nigeria to adopt the use of technology in the healthcare facilities. Although, the NDPA has exist, it does not cover all aspect of data privacy as this law only applies to electronic storage, there is no adequate financial resources to ensure the implementation of this law to all hospitals in Nigeria.
   
   
2. Infrastructure limitation: this pose a significant impact to data privacy in Nigeria. Many health sectors lack the necessary technology infrastructure to securely store and manage health data leading to vulnerabilities where sensitive information may be exposed to unauthorized access. One of the challenges faced in using electronic health record is the inconsistent and unreliable internet access, this can hinder the implementation of cloud-based data management system essential for securing data handling and sharing. Since the adoption of electronic health data, many healthcare facilities are faced with the missing of digital medical records, as a result of limited or lack of data encryption, making it susceptible to breaches. An example is the data breach at the national hospital in Abuja, earlier this year 2024. The hospital faced loss of patient medical data as a result of switching from paper health records to electronic medical records leaving healthcare workers with no information on what to do as regards the history of the patient health for further action, leading to medical havoc as patient were unable to access their medical history.[13] This incident highlighted the urgent need for healthcare facilities to implement data encryption and educate staff on data privacy.
   
   
3. Resource constraints: data privacy in public health is faced with financial limitation which limits the ability to invest in advanced data security technologies and training for staffs on best practices for data privacy. Without proper systems in place, sensitive health information may be more vulnerable to breach or unauthorized access, with the invention of electronic medical records, some health care personnel who are computer illiterate struggle to adapt to it, this pose challenge in the storage of data and increase risk of data breach. Training healthcare workers and maintaining data protection system requires a lot of funding. Resource constraints also limits the implantation of the NDPA as it requires a significant financial and human resources, which in many parts of Nigeria is scarce. Many healthcare in Nigeria don’t have the resources they need to comply with the requirements of the NDPA.
   
   
4. Lack of awareness and training: a lot of people lack the awareness about data protection, the importance of data protection, and the insufficient training among healthcare workers increases the risk of data breaches and non-compliance. Many healthcare workers are not professionally trained in data protection practices which increases the risk of data breaches.
   
   
5. Cultural attitude towards data privacy: cultural attitude towards data privacy can significantly impact individuals with certain health conditions, such as HIV/AIDS, hepatitis B, etc. As these conditions often carry stigma. The stigma can make patients more cautious about sharing their health information due to concerns about how they will be perceived and treated differently by others. In some culture and religions, there may even be expectation for individuals to disclose their health conditions publicly, particularly in contexts like marriage rites. When an individual reveals a critical health condition, they may face judgement and looked down upon, leading to self-esteem issues. In workplace settings, employees with serious health challenges might be asked to take extended time off, further incentivizing them to keep their health status private. Additionally, the attitudes of healthcare workers can vary, with some nurses displaying different behaviors towards patients with critical or contagious diseases. This can create a conflict between the need for data sharing for public health purposes and the individual’s desire for privacy.

FUTURE DIRECTIONS

Data privacy has emerged as a significant concern in the public health sector. Despite Nigeria having legal frameworks that govern individual privacy, numerous implementation loopholes have raised questions and concerns within healthcare. As awareness of data privacy increases, it is important to enhance the enforcement of existing laws such as the NHA, NDPA and NHIMS, and there is need to develop new policies to address the gaps in public health data privacy especially in the traditional method of collection.

Increased funding should be allocated to healthcare facilities to establish the necessary infrastructure for compliance with these laws. There should be an enforcement of strict penalties for data breaches, such as revoking the licenses of healthcare providers involved in patient data violations. Active advocacy on the importance of data privacy is essential, while awareness has improved over the years, many individuals and some part of the country such as the rural communities still lack understanding of its significance. This effort can help reduce stigma and encourage individuals to feel secure in sharing their data.

Healthcare workers must receive professional training on handling patients with critical illnesses, fostering a friendly and supportive environment that encourages patients to feel secure about their data privacy. Additionally, healthcare workers should be trained in managing electronic medical records to prevent the mixing of patient information. Hospital electronic systems need to be properly encrypted, and patients should be educated on how to access their data electronically. A reliable method for recording and storing patient data is necessary to ensure that patients receive care even when their attending medical personnel is unavailable. Finally, greater transparency regarding how health organizations handle personal data, as outlined in NHIMS, should be implemented.

[1] https://www.ncbi.nlm.nih.gov/books/NBK54293/

[2] Abiodun Odusote, Data Misuse, Data Theft and Data Protection in Nigeria. A call for more Robust and more Effective Legislation (2021) 12(4) Beijing Law Review 1284.

[3] Junaid Hassan and others, the rise of cloud computing data Protection, Privacy and Open Research Challenges-A Systematic Literature Review (SLR)’(2022) 2022 Computational intelligence and neuroscience 8303504 https://eds.p.ebscohost.com/eds/pdfviewe/pdfviewer?vid=2&sid=5c43590c-2cd5-4656-a476-a98f114b0cde%40redis accessed 3 July 2023.

[4] https://www.tonic.ai/blog/what-is-data-privacy-in -healthcare-everything-you-need-to-know

[5] National Health Act 2014

[6] https://www.integrate.io/blog/what-is-data-privacy-why-is-it-important/

[7]https://www.dlapiperdataprotection.com/index.html?t=law&c=NG#:~:text=It%20applies%20to%20residents%20of,to%20by%20the%20Data%20Subject.

[8] https://www.integrate.io/blog/what-is-data-privacy-why-is-it-important/

[9]https://www.integrate.io/blog/what-is-data-privacy-why-is-it-important [10] https://www.integrate.io/blog/what-is-data-privacy-why-is-it-important

[11] Ali Toyin Smart “An Examination of the Legal Framework for Data Protection in Nigeria and its Implications for Security and Economy”, 2021
[12] National Health Act 2014
[13] http://thesun.ng