Digitization has very quickly become inevitable as more and more aspects of human life have been tremendously transformed from hitherto manual and analogue methods to more advanced methods and healthcare is not left behind. Particularly, there has been significant development of electronic healthcare services, replacing the manual paper records, expanded sharing of medical information across jurisdictions facilitated by technology, which have displaced the previously localized practice of medicine and healthcare. This portends ostensible need for clear regulations to control infractions and breaches associated with digital exposure.
Most of the digital innovations in healthcare, such as personalized medicine, genetic testing, telemedicine and E-healthcare hold profound prospects for improved healthcare delivery, but raises the twin concern of privacy and security. Without doubt, data privacy and security are central to the practice of medicine and the delivery of healthcare. They are conspicuously captured in the Hippocratic Oath, as well as other medical regulations. More importantly, these concepts have been recognized as 'Patient's Rights', in borrowing the language of the Patient Bill of Rights issued by the Consumer Protection Agency in 2018. In other instances, they have been codified as in various statutory enactments, which makes it imperative for them to be upheld.
In Nigeria, the digital divide remains staggeringly wide. The extent of the use of technological resources and tools in healthcare delivery is significantly low, especially when compared to other sectors such as finance and commerce where there has been high uptake of technology. These challenges are not unconnected to the dearth of infrastructural enablers like power and internet connectivity, lack or short supply of adequately trained personnel and more importantly, lack of information. These myriad of obstacles means that there is need to encourage the proliferation of innovation to create more simple technologies that can promote healthcare delivery. Balancing the intersect and potential overlapping of innovation and privacy in healthcare delivery will require profound legal enactments to that effect.
The Legal Framework on Healthcare and Digital Health in Nigeria.
Constitutionally speaking, healthcare is neither in the exclusive nor concurrent legislative list. This will naturally mean that it falls within the confines of the residual legislative list, putting it within the ambit of the items the Local Governments (States) have exclusive legislative competencies to legislate on. However, in practice, the National Assembly has made laws governing healthcare, among other substantive and supplementary legal enactments. These will be briefly highlighted below.
- The National Health Act, 2004
The National Health Act ('NHA') was enacted in 2004, with the primary objective of providing the guidelines and regulations for the development of healthcare in Nigeria. The NHA espouses some important provisions which prescribes the protection and lawful use of patient's medical and health records. Section 26(1)of the NHA provides for the confidentiality required of medical practitioners and data handlers, when dealing with the medical information of patients. Pursuant to Section 25of the NHA, the patient's medical and health records must be held in a manner which makes it readily available to them. This captures the twin major principles in data privacy; protection, and availability.
Section 27 of the NHA also captures circumstances where Patient's data records can be me made available to a third-party healthcare provider or professional, but only for a legitimate purpose. Again, Section 29 of the NHA requires a health facility to put measures in place to prevent unauthorized access to the repository of patients' data. This section of the NHA also criminalizes unauthorized access to patient's medical records. However, pursuant to Section 28 (2)of the NHA, the authorization of the patient may be dispensed with, where the data is used for scientific or research purposes or if the data (medical records) sought to be shared has been de-identified (de-identified patient data is patient information that has had personally identifiable information (PII; e.g. a person's name, email address, or social security number), including protected health information such as medical history, test results, and insurance information) removed).
- The Nigerian Data Protection Regulation, 2019
The Nigerian Data Protection Regulation (NDPR) was issued by the National Information Technology Development Agency ('NITDA'). It came into effect in 2019 to foster safe conduct for transactions involving the exchange of personal data, and to afford a just and equitable legal and regulatory framework on data protection, which is in tune with international standards of best practices. It is presently the main data protection regulation in Nigeria as at the date of this article (although there is a bill for the enactment of the Nigerian Data Protection Act 2023). The regulation applies to Nigerian citizens domiciled within the country and abroad. Consequently, when a Nigerian citizen visits a medical facility abroad, the facility is under an obligation under the regulation to file a compliance report with NITDA. In circumstances where there is a reciprocal arrangement in place, the Attorney General of the State where the medical facility is domiciled may enforce such obligations.
In the Regulation, health records were classified as part of personal data meaning that such data must be processed in accordance with a specific, legitimate and lawful purpose consented to by the data subject (patient). Furthermore, health data was classified as sensitive personal data, which cannot be dealt with, except by means allowed by law, or with the consent of the data subject.
There are other laws which highlight various aspects of data protection in healthcare, some of which include the Cybercrimes (Prevention and Prohibition) Act 2015, which includes healthcare as critical national infrastructure and protects against unlawful intrusion, the Child Rights Act 2003,Freedom of Information Act 2011 as well as the National Health Insurance Scheme Act 2022 which contain salient provisions on the rights of patients to guard against the unlawful use of their medical information. Much of these provisions have been formulated in what is known as the Patient's Bill of Rights, a quasi-regulation issued by the Consumer Protection Council.
In addition to the foregoing, Section 17 (3) (d) of the Constitution of the Federal Republic of Nigeria, 1999 ('the Constitution'), prescribes the right to adequate medical and health facilities for all persons. However, this provision cannot give right to any legal action or remedy, given the fact that the provision of Section 6 (6) (c) of the Constitution had rendered it alongside other provisions in Chapter II of the Constitution as non-justiciable. Similarly, Section 37 of the Constitution protects the privacy of citizens which includes their medical records and information, and same cannot be dealt with, except with the consent of the data subject, or as prescribed by law.
Emerging Trends in Digital Healthcare in Nigeria
In recent years, technological innovation has been enormously expanded and new horizons of possibilities continue to spring up. Some of these technological tools are not new, but they have gained so much prominence in the last ten years and more, that it has now become difficult and almost impossible to understate how much they have affected modern life. These technological advancements also portend immense prospects for healthcare advancement. Some of them have been briefly discussed below.
- Artificial Intelligence
Artificial intelligence ('AI') is referred to as the automation of activities associated with the human thinking such as decision-making problem solving and learning. It is simply the simulation of human intelligence processes by computers. Artificial intelligence in healthcare can help facilitate finding new links between genetic codes, power surgery automating administrative tasks and personalizing treatment. In some instances, AI has been used to screen diagnostic tests and blood work to detect cancer in its earliest stages. More simply, through the use of algorithms, the diagnosis and treatment has been made easier.
The use of AI as with other aspects of technology raises issues of privacy and security. Other concerns include, liability for the decisions made by the AI especially considering its borderless nature which raises the question of which of the municipal laws will be applicable.
- Blockchain Technology
Blockchain is a system that maintains records of transactions across computers linked in a peer-to-peer network. It is a technology that enables secured and transparent sharing of data through a network linked by cryptographic hashes. Blockchain has immense potential to facilitate the transfer of health information of patients for treatment and research purposes. Its use is also very beneficial as the technology is immutable and secured and almost completely eliminates the possibility of interference with the data stored and transferred through the network. Additionally, Blockchain helps the traceability of data without hassles, such that where there is an alleged unauthorized access to a patients' data, it is easier to trace if the data is lodged on the blockchain technology.
Some of the legal issues associated with Blockchain technology stems from its decentralized nature, which makes it difficult to apportion liability and demand accountability for potential mishaps. There are also jurisdictional concerns as with AI, given the fact that the technology in itself has multijurisdictional contemplations.
The National Blockchain Policy released by the Federal Ministry of Communications in May 2023 and the digital economy seeks, to address some of these concerns, by prescribing a multi-agency approach to formulating a framework on which the technology will be utilized and harnessed in Nigeria. While it is regrettable that the policy is silent on the application of Blockchain in health development, it is consolatory knowing that the policy in itself is a much needed first step of many. It is expected that with increased uptake of the technology in Nigeria, especially, in the health sector, it will culminate in the enactment of an Act to cater to the use of the technology in the health sector in Nigeria.
The importance of innovation in healthcare delivery cannot be overstated. The law as an instrument of social engineering and a bedrock of societal progress must be apace with digital developments, through the right utilization of law and technological advancement. This can be achieved where sound laws are enacted and/or amended where necessary to reflect these technological advancements. It is however pertinent that these laws are specific as to the issues of liability and accountability which are some of the risks associated with the use of the most advance forms of technology.
There is also the need to engage professionals to properly educate the medical professionals on the nexus between providing healthcare using digital means and the legal requirements in relation to data privacy. There is often the tendency for innovation to be seen as displacement as opposed to a disruption of the norm which can make such innovations unwelcome. However, with the right education, the healthcare sector would make tremendous progress especially when creators of these digital innovations are armed with relevant legal provisions with respect to the protection of their intellectual property. More importantly, efforts must be made to simplify digital knowledge to patients, in order for them to make informed decisions on the use of their data.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.