Data Privacy is a key concern for the openIMIS initiative. Health financing mechanisms (such as insurance systems) capture a wealth of data on individuals, their families, their treatment, their health care costs as well as financial data on income and expenditure of an insurer. While data is generated and transferred by many different hands on the insurer side, the facility side or the client side it also transfers across different IT systems of different stakeholders in context of interoperability. Concerns of data privacy hence come from different angles. With openIMIS we would like to explore such concerns and see how openIMIS could address these.
We encourage you to contribute to this discussion by providing us your ideas and inputs. You can do so by directly stating requirements you would have from an insurance system. You can also share (by uploading on this page below the table) relevant documentation on this topic like publications, consultation summaries, presentations, etc. and adding a summary of your documentation by indicating key reflections and requirements from openIMIS derived from the shared document. You are free to also use workshop concepts developed and shared here by the initiative in your contexts to get us inputs from your contexts on this topic.
openIMIS has undertaken consultation rounds on Data Privacy at
Data Privacy needs are contextual including security options
Option to enable Consent is likely to be needed as a system feature
OpenIMIS data privacy
The data is saved on the file system of the web server (photo of the insured persons) and in the database, which makes it accessible to users only via openIMIS solutions:
Applications can download non-personal data (hospital list, etc.) only after identification, and can search for personal information only after authentication. These data are limited by the geographical area to which the user has access
The web portal allows access and modification of personal and health data only for users the rights for these actions, the rights are configurable by the system administrator.
APIs allow other systems to access the data, the management of rights is done according to the rights associated with the identifier used by the external system.
Server administrators have access to the data through direct access to the computer system (necessary for problem resolution) System administrators can export data in order to reload them in an offline instance of openIMIS, these exports are protected by a password chosen when exporting.
Did you encounter a problem or do you have a suggestion?