Legal Considerations For A Digital Health Service Startup In Nigeria

Introduction:

As Nigeria continues to experience a surge in technology adoption, the digital health sector is fast becoming a viable avenue for improving healthcare access and delivery. Startups offering telemedicine, remote diagnostics, e-pharmacy, and health information platforms, among other relevant services, must, however, navigate a complex legal and regulatory environment. Understanding and complying with the relevant legal considerations is essential for avoiding regulatory pitfalls, which in turn, builds clientele trust, leading to long-term sustainability.

This p outlines some of the key legal considerations for starting a digital health service in Nigeria.

Corporate Structure and Business Registration:

To be recognised as a legitimate business operating in Nigeria, the first step for any digital health startup is to carry out a proper business registration. A health start up can be incorporated with the Corporate Affairs Commission (CAC), ideally as a company limited by shares, in line with the provisions of the Companies and Allied Matters Act (CAMA)¹.

Some of the benefits of registration aside legitimacy includes the ability of the startup to obtain a legal personality, protect its assets, and attract investments and other sources of funds for its business².

To successfully register a health tech start up company with the CAC, special attention has to be given to ensure that the name of company is unique with no restrictions, the objectives of the company is clearly spelt out in the memorandum and ps of

association, and all requirements are carefully curated and provided upon request³. Where there is foreign participation in the company, in addition to registering with the CAC, it must also register with the Nigerian Investment Promotion Commission (NIPC) and obtain a business permit to work in Nigeria⁴.

It is also crucial to have well-drafted legal agreements in place from the start, including founders agreement, shareholder's' agreement, and other investment agreements to define ownership and protect the interests of all parties.

Licensing and Regulatory Compliance:

Healthcare services in Nigeria are regulated at both federal and state levels, and digital health platforms must comply with health-related laws and obtain necessary approvals.

Depending on the focus of the health tech startup, some of the regulators and requirements include⁵:

• The Federal Ministry of Health (FMoH), the body that oversees medical service standards, including the use of technology in healthcare delivery.
• The Medical and Dental Council of Nigeria (MDCN), which licenses doctors and sets guidelines for the provision of telemedicine services. Practicing doctors on your platform must be registered and in good standing
• The Pharmacists Council of Nigeria (PCN),which would be required if the startup involves online sale or distribution of pharmaceutical products.
• National Agency for Food and Drug Administration and Control (NAFDAC), the body that regulates the advertisement and distribution of health-related products.
• Nigerian Communications Commission (NCC), which would be required for telecommunication licensing if the startup operates via SMS, mobile apps, or web-based consultation systems.
• State Ministries of Health and State health agencies, as each state may require separate licenses for operations within their jurisdiction. For example, health

practitioners in Lagos must be registered and licensed with the Health Facilities Monitoring and Accreditation Agency(HEFAMAA)

Also, if the startup intends to onboard medical practitioners to offers services on their platforms, it must verify that the practitioner are registered and have valid credentials as required by their profession.

Data Protection and Patient Privacy:

Since digital health startups would be obtaining and handling sensitive information from any subscriber to their services, there exists a strict obligation to comply with the provisions of the Nigerian Data Protection Act⁶ and any other guidelines/ regulations issued by the National Information Technology Development Agency (NITDA).

The implication of this is that the service provider would be held to the maximum standard in protecting the private information of the subscribers and could be exposed to significant fines, reputational damages and criminal sanctions where there is a violation. To prevent this, health startups are therefore required to ensure compliance with data privacy laws by taking steps such as:

1. Obtaining explicit consent from users before collecting their health data.
2. Storing and processing data only for legitimate medical purposes.
3. Implementing strong cybersecurity measures to prevent data breaches.
4. Appointing a Data Protection Officer (DPO) for compliance monitoring and liaison with the Nigeria Data Protection Commission (NDPC).

In addition to Nigerian Data laws, where the startup intends to onboard and process the data of foreign nationals as clients, it must also ensure to comply with cross-border data laws of other country and obtain necessary consent.

Professional Indemnity and Liability Management:

Owing to its sensitive nature, digital health startups expose themselves to liability risks stemming from issues such as wrong diagnosis and system failures, and to manage

these risks, the company obtain professional indemnity for its medical personnels. Additionally, it must include clear disclaimers outlining the limits of their services, as well as ensuring that modalities are out in place for the escalation of complaints and emergencies.

It should be noted that the laws makes it mandatory for all licensed healthcare providers, including hospitals, clinics, and inpidual medical practitioners, to have professional indemnity insurance⁷.

The startup must also establish a structure and have agreements outlining who would be personally liable in cases of negligence. Not only does this provide clarity to the patients and personnels, it also ensures that all parties are aware they have a duty to act with extreme caution when it comes to handling medical issues.

Conclusion

From the above postulations, it is essential that digital healthcare startups make the necessary preparations to maintain legal and regulatory compliance, particularly at the start of their operations since it is easier to maintain adaptability throughout the course of the business. This is especially as a result of the fact that non–compliance eventually compounds and while the penalty fees may seem little in hindsight, it may eventually snowball and become a costly setback.

Footnotes

1. Companies and Allied Matters Act, 2020, s. 18, s. 28.

2. Ibid, s. 42.

3. Ibid s. 36

4. Ibid s. 78; National Investment Promotion Act s.17, s. 18

5. Regulatory bodies in health and pharmaceuticals in Nigeria, https://siao.ng/key-regulatory-bodies-in-health-and- pharmaceuticals-in-Nigeria/> (Accessed: 19 September 2025).

6. Nigerian Data Protection Act 2023

7. NHIS Act S. 45; Medical and Dental Practitioners Act, R. 12.6 of the Code of Medical Ethics

www.Gresyndale.com/blog/

https://www.linkedin.com/company/gresyndale-legal/

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.