Data Privacy

Data Privacy is a key concern for the openIMIS initiative. Health financing mechanisms (such as insurance systems) capture a wealth of data on individuals, their families, their treatment, their health care costs as well as financial data on income and expenditure of an insurer. While data is generated and transferred by many different hands on the insurer side, the facility side or the client side it also transfers across different IT systems of different stakeholders in context of interoperability. Concerns of data privacy hence come from different angles. With openIMIS we would like to explore such concerns and see how openIMIS could address these.

We encourage you to contribute to this discussion by providing us your ideas and inputs. You can do so by directly stating requirements you would have from an insurance system. You can also share (by uploading on this page below the table) relevant documentation on this topic like publications, consultation summaries, presentations, etc. and adding a summary of your documentation by indicating key reflections and requirements from openIMIS derived from the shared document. You are free to also use workshop concepts developed and shared here by the initiative in your contexts to get us inputs from your contexts on this topic.

Consultation rounds

openIMIS has undertaken consultation rounds on Data Privacy at

re:publica in Accra, Ghana

republica 2018 - Data Confidentiality vs. Shared Data

Key impressions:

• Awareness of importance amongst audience & panellists - "Don't worry - we care"

• "Data confidentiality results in client confidentiality"

• All countries have legal frameworks in place and organisations act according to it

• Donor support is needed to strengthen systems

• Donors requesting data to plan support

• Unique Session: one of two sessions on Data Confidentiality

• Involvement of stakeholders from classic organisations rare

• Discussion between society and actors important

Day one consultation rounds in Basel

Day One Consultation event on Data Privacy

Key impressions:

• Data Privacy needs are contextual including security options

• Option to enable Consent is likely to be needed as a system feature

OpenIMIS data privacy

The data is saved on the file system of the web server (photo of the insured persons) and in the database, which makes it accessible to users only via openIMIS solutions:

• Applications can download non-personal data (hospital list, etc.) only after identification, and can search for personal information only after authentication. These data are limited by the geographical area to which the user has access

• The web portal allows access and modification of personal and health data only for users the rights for these actions, the rights are configurable by the system administrator.

• APIs allow other systems to access the data, the management of rights is done according to the rights associated with the identifier used by the external system.

Server administrators have access to the data through direct access to the computer system (necessary for problem resolution)
System administrators can export data in order to reload them in an offline instance of openIMIS, these exports are protected by a password chosen when exporting.