Digital Health Act

Section 1. Short title Section This Act may be cited as the Digital Health Act, 2023.

Section 2. Interpretation Section In this Act, unless the context otherwise requires— "Agency" means the Digital Health Agency established under section 5 ; "anonymization" means the removal of personal identifiers from personal data ("any information relating to an identified or identifiable natural person;") so that the data subject ("an identified or identifiable natural person who is the subject of personal data;") is no longer identifiable; "Board" means the Board of Directors of the Agency ("the Digital Health Agency established under;") constituted under section 8 ; "Cabinet Secretary" means the Cabinet Secretary for ministry responsible for matters relating to health; "client" means an individual ("data subject;") who uses, or has used, a health service, or in relation to whom health data ("data related to the state of physical or mental health of the data subject and includes records regarding the past, present or future state of the health,data collected in the course of registration for or provision of health services or data which associates the data subject to the provision of specific health services;") has been created; "consent" has the meaning assigned to it under...

Section 3. Objects of the Act Section establish the Digital Health Agency ("the Digital Health Agency established under;") ;

Section 4. Guiding principles Section health data ("data related to the state of physical or mental health of the data subject and includes records regarding the past, present or future state of the health,data collected in the course of registration for or provision of health services or data which associates the data subject to the provision of specific health services;") is a strategic national asset;

Section 5. Establishment of the Digital HealthAgency Section 5(1) There is established an Agency ("the Digital Health Agency established under;") to be known as the Digital Health Agency ("the Digital Health Agency established under;") . Section 5(2)(a) suing and being sued; Section 5(2)(b) taking, purchasing or otherwise acquiring, holding, charging and disposing of movable and immovable property; Section 5(2)(c) receiving, investing, borrowing money; and Section 5(2)(d) doing or performing such other things or acts necessary for the proper performance of its functions under this Act.

Section 6. Functions of theAgency Section develop, operationalise and maintain the Comprehensive Integrated Health Information System to manage the core digital systems and the infrastructure required for its seamless health information exchange;

Section 7. Powers of theAgency Section 7(1) The Board ("the Board of Directors of the Agency constituted under;") shall be responsible for the management and administration of the Agency ("the Digital Health Agency established under;") . Section 7(2)(a) manage, control and administer the assets of the Agency ("the Digital Health Agency established under;") in such manner and for such purpose as best promotes the objects for which the Agency ("the Digital Health Agency established under;") is established in accordance with the Public Procurement and Assets Disposal Act ( Cap. 412C ): Provided that the Agency ("the Digital Health Agency established under;") shall not charge or dispose of any immovable property without the prior approval of the National Assembly; Section 7(2)(b) enter into association with such other bodies or organizations, within or outside Kenya, as it may consider desirable or appropriate and in furtherance of the purpose for which the Agency ("the Digital Health Agency established under;") is established; and Section 7(2)(c) invest the funds of the Agency ("the Digital Health Agency established under;") not immediately required for its purposes in the manner prov...

Section 8.Boardof Directors Section 8(1)(a) a non-executive chairperson who shall be appointed by the President; Section 8(1)(b) the Principal Secretary responsible for Health or a representative designated in writing; Section 8(1)(c) the Principal Secretary responsible for the National Treasury or a representative designated in writing; Section 8(1)(d) the Principal Secretary responsible for Information, Communication and Technology or a representative designated in writing; Section 8(1)(e) the Data Commissioner or a representative designated in writing; Section 8(1)(f) one person representing the private sector appointed by the Cabinet Secretary ("the Cabinet Secretary for ministry responsible for matters relating to health;") ; Section 8(1)(g) three persons, not being Governors, nominated by the Council of County Governors with knowledge and experience in matters of digital health ("the field of knowledge and practice that is associated with the development and use of digital technologies to improve health;") ; and Section 8(1)(h) the Chief Executive Officer, who shall be an ex-officio member of the Board ("the Board of Directors of the Agency constituted under;") . Section 8(2)...

Section 9. Conduct of business and affairs of theBoard Section Except as provided in the Schedule, the Board ("the Board of Directors of the Agency constituted under;") shall regulate its own procedure.

Section 10. Committees of theBoard Section 10(1) The Board ("the Board of Directors of the Agency constituted under;") may, from time to time, establish such committees as it considers necessary for the better carrying out of its functions under this Act. Section 10(2) The Board ("the Board of Directors of the Agency constituted under;") may co-opt into the membership of a committee established under sub-section (1) such other person whose knowledge and skills are found necessary for the functions of the Agency ("the Digital Health Agency established under;") .

Section 11. Chief Executive Officer Section 11(1) The Board ("the Board of Directors of the Agency constituted under;") shall, through an open, transparent and competitive recruitment process, appoint a suitably qualified person to be the Chief Executive Officer of the Agency ("the Digital Health Agency established under;") . Section 11(2) Subject to this Act, the Chief Executive Officer shall be appointed on such terms and conditions of service as shall be determined by the Board ("the Board of Directors of the Agency constituted under;") in the instrument of appointment or otherwise in writing from time to time in consultation with the Salaries and Remuneration Commission.

Section 12. Qualification for appointment as Chief Executive Officer Section 12(1)(a) has a minimum of a master’s degree from a university recognized in Kenya; Section 12(1)(b) has at least ten years' knowledge and experience in health information science, data science, data governance ("the overall management of the availability, usability, integrity and security of data used in an organization;") , health informatics ("the practice of acquiring, studying and managing health data and applying medical concepts in conjunction with health information technology systems to help health professionals provide better healthcare;") , digital health ("the field of knowledge and practice that is associated with the development and use of digital technologies to improve health;") or any other relevant field; Section 12(1)(c) has served in a management level for a period of at least five years; Section 12(1)(d) has not been convicted of an offence and is not serving a term of imprisonment; and Section 12(1)(e) meets the requirements of Chapter Six of the Constitution. Section 12(2) The Chief Executive Officer shall, subject to the directions of the Board ("the Board of Directors of the Agency...

Section 13. Corporation Secretary Section 13(1) There shall be a Corporation Secretary who shall be competitively recruited and appointed by the Board ("the Board of Directors of the Agency constituted under;") on such terms as the Board ("the Board of Directors of the Agency constituted under;") may, on the advice of the Salaries and Remuneration Commission, determine. Section 13(2)(a) holds a bachelor’s degree in law from a university recognized in Kenya; Section 13(2)(b) is an Advocate of the High Court of Kenya; Section 13(2)(c) has at least five years’ experience as a corporation secretary or a similar governance role; Section 13(2)(d) is a member in good standing of the Institute of Certified Secretaries of Kenya; and Section 13(2)(e) meets the requirements of Chapter Six of the Constitution. Section 13(3)(a) in consultation with the Chairperson of the Board ("the Board of Directors of the Agency constituted under;") , issue notices for meetings of the Board ("the Board of Directors of the Agency constituted under;") ; Section 13(3)(b) keep in custody, the records of the deliberations, decisions, and resolutions of the Board ("the Board of Directors of the Agency constituted...

Section 14. Staff Section The Board ("the Board of Directors of the Agency constituted under;") may appoint such staff as may be necessary for the proper discharge of the functions of the Agency ("the Digital Health Agency established under;") under this Act, upon such terms and conditions of service as the Board ("the Board of Directors of the Agency constituted under;") may determine upon the advice of the Salaries and Remuneration Commission.

Section 15. Establishment of a comprehensive integrated health information system Section 15(1) There is established a system to be known as the comprehensive integrated health information system which shall be administered by the Agency. Section 15(2) The Agency shall, in consultation with the Cabinet Secretary, establish a framework for administration and management of the system and shall ensure the maintenance of the integrity and security of the system. Section 15(3) The system shall operate as a point of collection, collation, analysis, reporting, storage, usage, sharing, retrieval or archival of data related to the state of physical or mental health of the data subject and includes records regarding the past, present or future state of the health, data collected in the course of registration for, or provision of health services, or data which associates the data subject to the provision of specific health services.

Section 16. Components of the System Section an Information and Communication Technology environment which consists of the underlying infrastructure, enterprise service bus ("an architectural pattern whereby a centralized software component performs integrations between applications; transformations of data models, handles connectivity, message routing, converts communication protocols and potentially manages the composition of multiple requests and may make these integrations and transformations available as a service interface for reuse by new applications;") , standards, data banks, data exchange, governance, actors and applications, internet enabled environment, and other related components;

Section 17. Objectives of thesystem Section facilitate people-centred quality health service delivery;

Section 18. Technical aspect of thesystem Section 18(1) The Agency ("the Digital Health Agency established under;") shall adopt relevant internationally accepted standards, procedures, technical details, best practices, and formalities for effective implementation of the system ("the comprehensive integrated health information system established under;") . Section 18(2)(a) confidentiality, security and privacy; Section 18(2)(b) scalability and interoperability; Section 18(2)(c) accuracy, responsiveness and reliability; Section 18(2)(d) efficiency and effectiveness; Section 18(2)(e) redundancy; Section 18(2)(f) transparency; Section 18(2)(g) simplicity and accessibility; and Section 18(2)(h) consistency in use.

Section 19. Classification ofhealth data Section sensitive personal level health data ("data related to the state of physical or mental health of the data subject and includes records regarding the past, present or future state of the health,data collected in the course of registration for or provision of health services or data which associates the data subject to the provision of specific health services;") ;

Section 20. Governing principles. Section 20(1)(a) improvement of client ("an individual who uses, or has used, a health service, or in relation to whom health data has been created;") health, safeguard of individuals and communities against harm and violations; Section 20(1)(b) data security ("protection of electronic health data, and specifically the means used to protect the privacy of health information contained in electronic health data that supports professionals in holding that information in confidence;") throughout the entire data life-cycle; Section 20(1)(c) equity and accountability; Section 20(1)(d) privacy and confidentiality; and Section 20(1)(e) accuracy and reliability.

Section 21. Establishment ofhealth datagovernance framework Section 21(1) The Cabinet Secretary ("the Cabinet Secretary for ministry responsible for matters relating to health;") shall, in consultation with the Director-General , establish a health data ("data related to the state of physical or mental health of the data subject and includes records regarding the past, present or future state of the health,data collected in the course of registration for or provision of health services or data which associates the data subject to the provision of specific health services;") governance framework. Section 21(2)(a) develop guidelines to promote effective use of legacy data including data migration; Section 21(2)(b) establish standards for integration, interoperability and exchange of health data ("data related to the state of physical or mental health of the data subject and includes records regarding the past, present or future state of the health,data collected in the course of registration for or provision of health services or data which associates the data subject to the provision of specific health services;") ; Section 21(2)(c) ensure regular update and availability of the nati...

Section 22. Healthdatacustodian Section The Agency ("the Digital Health Agency established under;") shall be the custodian for all health data ("data related to the state of physical or mental health of the data subject and includes records regarding the past, present or future state of the health,data collected in the course of registration for or provision of health services or data which associates the data subject to the provision of specific health services;") in Kenya.

Section 23. Healthdatause Section 23(1) The Cabinet Secretary ("the Cabinet Secretary for ministry responsible for matters relating to health;") shall ensure that Health data use is used for public good. Section 23(2) The Agency ("the Digital Health Agency established under;") shall provide health data ("data related to the state of physical or mental health of the data subject and includes records regarding the past, present or future state of the health,data collected in the course of registration for or provision of health services or data which associates the data subject to the provision of specific health services;") to the Cabinet Secretary ("the Cabinet Secretary for ministry responsible for matters relating to health;") for relevant action.

Section 48. Funds of theAgency Section 48(1)(a) monies appropriated by the National Assembly for the purposes of the Agency ("the Digital Health Agency established under;") ; Section 48(1)(b) such monies or assets as may accrue to the Agency ("the Digital Health Agency established under;") in the course of the exercise of its powers or in the performance of its functions under this Act; Section 48(1)(c) such levy fees for services rendered by the Agency ("the Digital Health Agency established under;") ; Section 48(1)(d) monies from any other source provided, donated, lent or given as a grant to the Agency ("the Digital Health Agency established under;") ; and Section 48(1)(e) any other funds designated for or accruing to the Agency ("the Digital Health Agency established under;") by virtue of the operation of law. Section 48(2) There shall be paid out of the funds of the Agency ("the Digital Health Agency established under;") , all expenditure incurred, administrative expenses or for such other purposes as may be necessary for the discharge of the functions of the Agency ("the Digital Health Agency established under;") in the exercise of its powers or the performance of its functio...

Section 49. Financial year Section The financial year of the Agency ("the Digital Health Agency established under;") shall be the period of twelve months ending on the thirtieth day of June in each year.

Section 50. Annual estimates Section 50(1) Before the commencement of each financial year, the Chief Executive Officer shall cause to be prepared estimates of the revenue and expenditure of the Agency ("the Digital Health Agency established under;") for that year. Section 50(2)(a) payment of salaries, allowances, gratuities, pensions and other charges in respect of the members of the Board ("the Board of Directors of the Agency constituted under;") and Agency ("the Digital Health Agency established under;") ; Section 50(2)(b) maintenance of buildings and grounds of the Agency ("the Digital Health Agency established under;") ; and Section 50(2)(c) funding of training, research and development of activities in relation to the organization and functioning of the Agency ("the Digital Health Agency established under;") . Section 50(3) The annual estimates shall be approved by the Board ("the Board of Directors of the Agency constituted under;") before the commencement of the financial year to which they relate, and shall be submitted by the Chief Executive Officer for tabling in the National Assembly. Section 50(4) The annual estimates, once approved by the Board ("the Board of Director...

Section 51. Accounts and Audit Section 51(1) The Board ("the Board of Directors of the Agency constituted under;") shall cause to be kept all proper audit books and records of accounts of the income, expenditure, assets and liabilities of the Agency ("the Digital Health Agency established under;") . Section 51(2) The accounts of the Agency ("the Digital Health Agency established under;") shall be audited and reported upon in accordance with the Public Finance Management Act ( Cap. 412A ) and the Public Audit Act ( Cap. 412B ).

Section 52. Annual report Section 52(1) At the end of each financial year, the Chief Executive Officer shall prepare an annual report on the activities of Agency ("the Digital Health Agency established under;") . Section 52(2) The annual report shall be submitted for tabling in the National Assembly not later than one month after the submission of the Auditor-General’s report. Section 52(3)(a) the financial statements of the Agency ("the Digital Health Agency established under;") ; Section 52(3)(b) a description of the activities and outcomes of functioning of the Agency ("the Digital Health Agency established under;") ; and Section 52(3)(c) any other information that the Agency ("the Digital Health Agency established under;") may consider relevant.

Section 53. Bank account Section The Chief Executive Officer may, in accordance with the law relating to the management of public finance, open bank accounts on behalf of the Agency ("the Digital Health Agency established under;") with the approval of the Board ("the Board of Directors of the Agency constituted under;") and the National Treasury and shall, as the accounting officer, be responsible for the proper management of the finances of the Agency ("the Digital Health Agency established under;") .

Section 54. Investment of Funds Section 54(1)(a) in such investment in a reputable bank on the advice of the Central Bank of Kenya, being an investment in which trust funds, or part thereof, are authorized by law to be invested; and Section 54(1)(b) in government securities as may be approved by the National Treasury. Section 54(2) All investments made under this section shall be held in the name of the Agency.

Section 24. Security, privacy anddisclosureofdatain thesystem Section 24(1) The Cabinet Secretary ("the Cabinet Secretary for ministry responsible for matters relating to health;") shall be responsible for the confidentiality, privacy and security of all sensitive personal data ("any information relating to an identified or identifiable natural person;") held in the system ("the comprehensive integrated health information system established under;") . Section 24(2)(a) the data subject ("an identified or identifiable natural person who is the subject of personal data;") is unable to give informed consent for the disclosure ("submission of relevant information to an authorized party;") and such consent is given by a person authorised by the data subject ("an identified or identifiable natural person who is the subject of personal data;") in writing to grant consent ; Section 24(2)(b) the disclosure ("submission of relevant information to an authorized party;") has been authorised by the implementation of written law or the enforcement of a court order; Section 24(2)(c) a health service without informed consent as authorised by written law or court order is being provided; Section 24(...

Section 25. Retention and disposal ofdatainsystem Section 25(1) Data held in the system ("the comprehensive integrated health information system established under;") shall be maintained for a minimum period of twenty years. Section 25(2)(a) it is required or authorised by law; Section 25(2)(b) it is authorised by the data subject ("an identified or identifiable natural person who is the subject of personal data;") ; or Section 25(2)(c) it is reasonably necessary for a lawful purpose; Section 25(2)(d) for historical, statistical or research purposes. Section 25(3) Where the period for the maintenance of the data held in the system ("the comprehensive integrated health information system established under;") is not extended under subsection (2), the data shall be secured by de-identification , anonymization ("the removal of personal identifiers from personal data so that the data subject is no longer identifiable;") , pseudo-anonymization or archiving, or establishing such technical and organisational security measures as the Cabinet Secretary ("the Cabinet Secretary for ministry responsible for matters relating to health;") may determine to be necessary.

Section 26. Establishment of health data banks Section 26(1)(a) establish a national health data bank and designate county health data banks; Section 26(1)(b) store the health data submitted to the system in the national health data bank; and Section 26(1)(c) establish seamless integration and interoperability of the national health data bank with other relevant databases. Section 26(2)(a) establish county health databanks; Section 26(2)(b) store the health data submitted to the system in the county health data bank; and Section 26(2)(c) establish seamless integration and interoperability of the county health data bank with other relevant databases and data banks. Section 26(3) The health information databases and data banks referred to in subsections (1) and (2) shall be established at the different levels of healthcare delivery specified under section 25 of the Health Act ( Cap. 241 ). Section 26(4) A data controller shall transmit health data containing sensitive personal data to the national health information data bank and county health information data bank in a secure and encrypted form. Section 26(5) A data controller shall maintain records of the health data containing sen...

Section 27. Use of sensitivepersonal data Section identify a person who needs or is receiving a health service;

Section 28. Responsibilities ofhealth databank controller Section take reasonable measures to ensure that no agent or the data controller ("a natural or legal person, public authority, agency or other body which, alone jointly with others, determines the purpose and means of processing of personal data; or") or processor collects, uses, discloses, retains or disposes of sensitive personal data ("any information relating to an identified or identifiable natural person;") unless it is in accordance with the law; and

Section 29. Request for information by authorized person Section A person authorised by the data controller ("a natural or legal person, public authority, agency or other body which, alone jointly with others, determines the purpose and means of processing of personal data; or") to enter sensitive personal data ("any information relating to an identified or identifiable natural person;") into the system ("the comprehensive integrated health information system established under;") shall ensure compliance with section 24 (2) of this Act.

Section 30. Disclosure of sensitivepersonal datadeceased persons Section 30(1)(a) identifying the person; Section 30(1)(b) informing a person to whom it is reasonable to inform in the circumstances of; or Section 30(1)(c) investigating the cause of death. Section 30(2) A request under subsection (1) shall be made as provided under the relevant law.

Section 31. Consent Section 31(1) A healthcare provider shall ensure that he or she has obtained consent to process sensitive personal data ("any information relating to an identified or identifiable natural person;") . Section 31(2)(a) for public health in accordance with the Public Health Act ( Cap. 242 ); and Section 31(2)(b) in compliance with any other statutory requirements. Section 31(3)(a) ensure confidentiality of the information of the client ("an individual who uses, or has used, a health service, or in relation to whom health data has been created;") ; Section 31(3)(b) provide prompt and accurate data necessary for treatment of the patient; Section 31(3)(c) comply with the duty to notify the data subject ("an identified or identifiable natural person who is the subject of personal data;") in accordance with the Data Protection Act ( Cap. 411C ); Section 31(4) A data subject ("an identified or identifiable natural person who is the subject of personal data;") who has issued a consent to the use or disclosure ("submission of relevant information to an authorized party;") of personal data ("any information relating to an identified or identifiable natural person;") may wit...

Section 32. Processing ofpersonal datarelating to a minor or a person without capacity Section Where a data subject ("an identified or identifiable natural person who is the subject of personal data;") is a minor or for any other reason does not have the capacity to issue informed written consent , the parent, an appointed guardian ("a guardian recognised under any law for the time being in force;") or next friend of the patient shall, for purposes of section 31 (1), act on behalf of, and in the best interest of, the patient in accordance with the law.

Section 33. Duty to protect sensitivepersonal data Section 33(1) A data controller ("a natural or legal person, public authority, agency or other body which, alone jointly with others, determines the purpose and means of processing of personal data; or") shall protect sensitive personal data ("any information relating to an identified or identifiable natural person;") and adopt reasonable administrative, technical and physical safeguards to ensure the privacy, confidentiality, security, accuracy and integrity of the data . Section 33(2)(a) the identity of the person seeking to use the information is verified; Section 33(2)(b) the data processor ("a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller;") is authorized to use it; and Section 33(2)(c) the proposed use is authorised under this Act.

Section 34. Disposal of health information Section The Cabinet Secretary ("the Cabinet Secretary for ministry responsible for matters relating to health;") shall develop regulations for the disposal of sensitive personal data ("any information relating to an identified or identifiable natural person;") .

Section 35. Breach ofhealth data Section 35(1)(a) tampers with the data ; Section 35(1)(b) abuses a privilege; Section 35(1)(c) discloses inauthentic access to the data ; Section 35(1)(d) improperly disposes of unnecessary but sensitive data ; Section 35(1)(e) loses data ; Section 35(1)(f) steals data ; or Section 35(1)(g) shares sensitive personal data ("any information relating to an identified or identifiable natural person;") to an unauthorised party. Section 35(2) A person who commits an offence under subsection (1) shall be liable, on conviction, to a fine not exceeding one million shillings or to imprisonment for a term not exceeding fifteen years, or to both. Section 35(3) Where a person commits an offence under subsection (1) with respect to sensitive personal data ("any information relating to an identified or identifiable natural person;") , that person shall be liable, on conviction, to the penalties under section 73 of the Data Protection Act ( Cap. 411C ).

Section 36. Health Data Portability Section 36(1) Subject to this Act, a person has a right, on request, to examine and receive a copy of his or her personal health information ("data related to the state of physical or mental health of an individual and includes information provided by the client, records regarding the past, present or future state of the health,data collected in the course of registration for, or provision of health services, or data which associates the individual to the provision of specific health services;") maintained by a data controller ("a natural or legal person, public authority, agency or other body which, alone jointly with others, determines the purpose and means of processing of personal data; or") . Section 36(2) A request under subsection (1) shall be made in writing to the relevant health facility or health information bank ("an electronic database under the custody and control of the Ministry of Health that contains personal health information and is designated by the Cabinet Secretary as a health information bank;") . Section 36(3) The health data controller ("a natural or legal person, public authority, agency or other body which, alone or joi...

Section 37. Refusal to grant access to sensitivepersonal data Section access is restricted by a court process, order or judgement;

Section 38. Precautions on release of sensitivepersonal health data Section 38(1)(a) be satisfied as to the identity of the person making the request; and Section 38(1)(b) where the data subject ("an identified or identifiable natural person who is the subject of personal data;") is a minor, by a person who has parental authority or by a guardian ("a guardian recognised under any law for the time being in force;") ; Section 38(1)(b)(i) where the data subject ("an identified or identifiable natural person who is the subject of personal data;") is a minor, by a person who has parental authority or by a guardian ("a guardian recognised under any law for the time being in force;") ; Section 38(1)(b)(ii) where the data subject ("an identified or identifiable natural person who is the subject of personal data;") has a mental or other disability, by a person duly authorised to act their guardian ("a guardian recognised under any law for the time being in force;") or administrator; or Section 38(1)(b)(iii) in any other case, by a person duly authorised by the data subject ("an identified or identifiable natural person who is the subject of personal data;") or by a court order. Section 38(2...

Section 39. Right to rectification or erasure Section rectify, without undue delay, personal data ("any information relating to an identified or identifiable natural person;") in its possession or under its control that is inaccurate, outdated, incomplete or misleading; or

Section 40. E-Health as a mode of health service delivery Section 40(1) E-Health shall be a recognized model of health service delivery. Section 40(2) E-Health Services shall be complementary to existing healthcare service delivery modalities.

Section 41. Provision ofe-Healthservices Section 41(1)(a) telemedicine ("the provision of health care services and sharing of medical knowledge over distance using telecommunications and includes consultative, diagnostic, and treatment services; and") ; Section 41(1)(b) electronic health records; Section 41(1)(c) m-health; Section 41(1)(d) e-learning; Section 41(1)(e) telehealth ("the use of electronic information and telecommunications technologies including video conferencing, the internet, store-and-forward imaging, streaming media, and terrestrial and wireless communications, to support long-distance clinical health care, patient and professional health-related education, public health and health administration;") ; and Section 41(1)(f) any other recognized e-health service. Section 41(2)(a) a healthcare provider holding a valid licence issued by a relevant regulatory body; Section 41(2)(b) a healthcare provider holding a valid licence from an equivalent regulatory authority outside Kenya but shall be recognized by the local regulatory authority; Section 41(2)(c) a health facility licenced to offer e-health services by the relevant regulatory body; or Section 41(2)(d) for forei...

Section 42. Principles and objectives of e-health Section 42(1) The e-Health service shall be an integral part of health service delivery to benefit people in a manner that is ethical, safe, secure, reliable, equitable and sustainable. Section 42(2)(a) promote patient-centred health care services ; Section 42(2)(b) ensure equitable access to quality health care services using Information and Communication Technology; Section 42(2)(c) promote the integration of e-health into the healthcare system ("the comprehensive integrated health information system established under;") ; Section 42(2)(d) facilitate the integration of e-health solutions; and Section 42(2)(e) promote the use of e-health solutions.

Section 43. E-health services Section 43(1)(a) provide the client ("an individual who uses, or has used, a health service, or in relation to whom health data has been created;") with all the information for the management of his or her health; Section 43(1)(b) ensure the client ("an individual who uses, or has used, a health service, or in relation to whom health data has been created;") can access their own health records where necessary; Section 43(1)(c) ensure the client ("an individual who uses, or has used, a health service, or in relation to whom health data has been created;") ’s data is managed as prescribed in the law; Section 43(1)(d) ensure the highest possible quality of care is delivered; Section 43(1)(e) ensure that the agents of the e-health service provider adhere to the provisions of this Act; Section 43(1)(f) ensure the platform used is interoperable with the system ("the comprehensive integrated health information system established under;") ; Section 43(1)(g) ensure that when e-health service delivery involves a minor, the consent of the parent or an appointed guardian ("a guardian recognised under any law for the time being in force;") is obtained; and Section...