Kenya has unveiled the full set of rules governing the new multi-billion shilling health agreement with the United States, highlighting strict measures to protect the nation’s health data. Health Cabinet Secretary Aden Duale confirmed that the seven-year pact emphasizes security, ownership, and transparency.
Under the Digital Health Act of 2023, health data is classified as a strategic national asset, and the agreement ensures the U.S. will access only approved, non-identifiable data through secure platforms. Any misuse or unauthorized access triggers immediate reporting and potential suspension of data sharing.
Detailed Overview of Conditions in the US Health Deal with Kenya
The health deal signed between President William Ruto and U.S. Secretary of State Marc Rubio establishes a framework that prioritizes Kenya’s control and oversight of health data.
The document, released under Article 35 of the Constitution on Access to Information, provides a comprehensive outline of rules and responsibilities the U.S. must follow. With Kenya’s health programs covered under this cooperation framework, the agreement reinforces national security, data integrity, and legal compliance for both nations.
Data Access Limited to Aggregate Information
One of the most critical conditions in the agreement is that individual-level or personally identifiable health information will not be shared unless absolutely necessary. Instead, the U.S. will have access mainly to aggregate, anonymized data through secure dashboards and reporting tools.
This ensures that Kenya protects patient privacy while enabling meaningful insights for health programs.
The government has emphasized that all covered digital systems must remain fully operational. Any updates, outages, or disruptions affecting data access must be communicated promptly to the U.S., ensuring transparency and continuity in data handling.
Restriction on Data Use and Ownership Rights
The U.S. is legally bound to use Kenyan health data solely for purposes explicitly outlined in the agreement. Applying the data to unrelated projects would constitute a violation. Storage, archiving, and disposal of data must follow Kenyan law and U.S. federal standards, with Kenyan regulations taking precedence in case of conflict.
Additionally, Kenya retains full intellectual property rights over its health data. Any research, publication, or analysis using Kenyan information requires official approval and must include Kenyan co-authors, reinforcing national ownership and accountability.
Immediate Reporting of Breaches and Funding Contingencies
Under the new rules, the U.S. must report any unauthorized access or data breaches within timelines mandated by Kenyan law.
The U.S. must provide full documentation of any incident, enabling Kenya to respond decisively to security threats.
If the United States reduces or terminates funding for supported health programs, Kenya can immediately restrict or halt data sharing. This safeguard ties data access to agreed-upon program support and prevents misuse during funding changes.
Kenya and the U.S. can modify or terminate the seven-year agreement only through mutual written consent, ensuring Kenya retains oversight and strategic control over its health information.
By enforcing these conditions, the nation is sending a clear message that its health data is a protected national asset, with strict legal, technical, and operational safeguards.
