The Standard

How the transition to SHA has exposed gaps in data governance

By Stephanie Wangari | 1mo ago
Medical Services Principal Secretary Harry Kimtai. [Kanyiri Wahito, Standard]

For months, the government has urged Kenyans to register for the new Social Health Authority (SHA), which is replacing the National Health Insurance Fund (NHIF). 

Despite these efforts, only about 2 million Kenyans had signed up for the new scheme, by the time SHA was officially rolled out on October 1, 2024.

To speed up the transition, the government began automatically migrating NHIF members to SHA without their consent.

A message confirming the automatic migration from NHIF to the new Social Health Authority (SHA). [Screenshot]

The unsolicited migration has since sparked widespread criticism, with many expressing concerns over privacy violations.

"NHIF had very different terms of service compared to SHA. Migrating people without their consent is a clear breach of data privacy and is illegal. This should be common sense," opined X user, Bravin Yuri.

Another user questioned the government's actions: "Is the government forcefully migrating us to SHA? I haven't registered, yet I received this SMS. They might as well finish what they've started and update my profile because I’m not on board with this."

Data governance lawyer James Mbugua, speaking to The Standard, avers that the government has violated privacy laws with the unauthorised migration.

"There is a violation of consent and the right to object to data processing. We haven't entered into any agreement with SHA regarding how our data will be handled, processed, or shared," he said.

In response to the backlash, the Ministry of Health on Thursday, September 3 said that the transition process from NHIF to SHA is lawful. 

“The Ministry has received inquiries regarding the transition of existing NHIF members to SHA. We wish to clarify that legal notice 147 of 2024 allows for the migration of all registered and verifiable NHIF members to SHA,” the statement read. 

“This process ensures continuity of coverage, and members are encouraged to verify and update their profiles, as well as add dependents through our official SHA channels.”

The Law
According to the Data Protection Act of 2019, individuals have the right to control how their personal information is used. 

The law mandates that personal data can only be processed or transferred with informed consent, except in cases where a legal exception applies.

Related Topics

SHIF NHIF SHA Ministry of Health
.

Latest Stories

Kindiki has hard task to prove he is right choice for deputy president
Kindiki has hard task to prove he is right choice for deputy president
Alexander Chagema
By Alexander Chagema
24 mins ago
There is no difference between Kenyan politics and shadow plays
Elias Mokua
By Elias Mokua
35 mins ago
DCI links Eastleigh murder suspect to yet another city murder
National
By Mate Tongola
37 mins ago
.

The Standard Insider

Millie Odhiambo: 'Bad girl's' lessons in politics, shock of being assigned many boyfriends
By Nzau Musau 20 hrs ago
Millie Odhiambo: 'Bad girl's' lessons in politics, shock of being assigned many boyfriends
Ruto wades into Rigathi Gachagua's impeachment
By Kamau Muthoni and Fred Kagonye 20 hrs ago
Ruto wades into Rigathi Gachagua's impeachment
Inside Treasury's bold plan to avoid fresh Gen Z tax revolt
By Brian Ngugi 20 hrs ago
Inside Treasury's bold plan to avoid fresh Gen Z tax revolt
Millie Odhiambo's pain of hair loss
By Nzau Musau 1 day ago
Millie Odhiambo's pain of hair loss
.

Digger Classified

GET OUR NEWSLETTER

Subscribe to our newsletter and stay updated on the latest developments and special offers!

CONNECT WITH US

FOR THE LATEST JOB ADVERTS

join Digger Classifieds telegram channel
The Standard
© 2024. The Standard Group PLC. All rights reserved