The Kenyan government has officially dismissed allegations of a potential data breach linked to the recently signed Ksh 200 billion health security agreement with the United States.
The deal, intended to strengthen Kenya’s healthcare system, has come under scrutiny following claims about the security of the country’s health data.
The allegations were raised by Adani whistleblower Nelson Amenya, who warned that the agreement could grant the U.S. government unrestricted, real-time access to Kenya’s national health databases. According to Amenya, the alleged arrangement could allow U.S. authorities to view sensitive personal medical information, including HIV status, tuberculosis treatment history, and vaccination records.
Amenya further argued that a clause in the agreement subjecting it to U.S. federal law could override Kenyan legal protections, including those provided under the Data Protection Act, Health Act, and Digital Health Act.
READ ALSO: New Twist in Mbeere North Race as Voters Move to Court to Nullify Leo Wa Muthende's Win
Responding to the claims, Health Cabinet Secretary Aden Duale issued a statement clarifying that Kenya’s health data remains secure and protected under the law. CS Duale emphasized that in Kenya, health data is classified as a national strategic asset and cannot be accessed or shared without following established legal procedures.
CS Duale explained that any data-sharing arrangement, whether within Kenya or with a foreign government, must receive prior approval from the Digital Health Authority (DHA) and the Data Protection Commissioner. He stressed that the new U.S.-Kenya health framework only allows the sharing of de-identified and aggregated data, which does not include individual patient information.
“Under this framework, all data sharing follows Kenyan laws. Only de-identified, aggregated data is shared, and approvals must go through the DHA and the Data Commissioner. The Digital Health Act and the Data Protection Act fully apply,” Duale stated.
The Health CS’s clarification comes as part of the government’s broader effort to reassure citizens about the security and confidentiality of health information amid increasing international collaboration in public health initiatives.
READ ALSO: After Karish’s Defeat, What Happens to His MCA Seat? Here’s What the Constitution Says
Kenya has increasingly engaged in partnerships aimed at improving disease surveillance, outbreak preparedness, and health system strengthening, and the agreement with the United States forms part of this strategy.
Experts in digital health and data protection have noted that de-identified, aggregated data provides insight into health trends and statistics while maintaining the privacy of individuals.
This type of data enables governments and international partners to monitor disease patterns, plan interventions, and improve healthcare delivery without exposing personally identifiable information.
The government has reiterated that all processes under the U.S.-Kenya health agreement are subject to Kenyan law, and any collaboration will continue to adhere to the country’s regulatory and legal frameworks.
This includes ensuring compliance with the Digital Health Act, which governs the management and sharing of health data, and the Data Protection Act, which provides safeguards for personal information.
CS Duale’s statement reaffirms Kenya’s commitment to protecting citizens’ health information while leveraging international partnerships to strengthen public health infrastructure.
The government has assured that there are no provisions in the agreement that allow foreign authorities unrestricted access to personal health records and that all activities are conducted under Kenyan oversight and legal requirements.
