We caught up with Senior Health Care Supervisors in Ghana, in conjunction with the Data Protection Commission-Ghana to discuss the current situation on the enforcement mechanisms for regulating personal data within the Health Sector.
Every data-driven organisation should have a privacy framework in place. If your organisation hasn’t yet taken the time to orient itself to this new space, now is the best time to do so. When processing sensitive personal information such as medical records, this must be done in-line with the requirements stipulated by the Data Protection Act 843 which works collectively with the Ghana Health Service Act 525. It is vital for organisations processing personal data to adhere to the data protection principles, data management procedures, and monitoring to safeguard the data.
Some of the challenges faced by the Health Sector in Ghana, when implementing data privacy are funding, lack of awareness and/or education on data protection principles by health staff and organisations, and getting access to the data practitioners’ experts.
Understanding how to handle this data can be difficult, but your Data Protection Officer should be able to support you to navigate these requirements in a seamless manner.
HewardMills has therefore come up with key guidelines which must be adhered to when processing personal data:
- Minimise collection/use of personal data
- Get consent for personal data
- Retention periods
- Data governance that utilises tools and privacy policies to inform data subjects of their data privacy rights.