Anecate Hospital privacy notice

Patient privacy and health data protection

Effective May 22, 2026. This notice explains how Anecate Hospital expects patient, staff, facility, billing, radiology, laboratory, pharmacy, reception, and support data to be handled in healthcare workflows. It is written for patients, authorised representatives, facility administrators, and staff users.

Patient notice Read terms Facility checklist Contact

This is an operational privacy notice for the platform and facility workflows. Each facility should have Kenyan legal counsel or a data protection professional review its final patient-facing notice, retention schedule, processor contracts, and local procedures.

Current policy versions

Facility data terms: ANECATE-HOSPITAL-HOSPITAL-DATA-PRIVACY-KE-v2-2026-05-22
Staff workspace terms: ANECATE-HOSPITAL-STAFF-DATA-SECURITY-KE-v2-2026-05-22
Patient privacy terms: ANECATE-HOSPITAL-PATIENT-PRIVACY-KE-v2-2026-05-22

Patient quick summary

Your information is collected so the facility can identify you, care for you, bill correctly, process claims, refer you, contact you, and meet lawful health obligations.
Your health information is confidential. It should be viewed only by authorised people who need it for healthcare or approved facility work.
You can ask the facility about access, correction, retention, sharing, withdrawal of consent, complaints, and copies of your health information.
In emergencies, public health situations, claims, legal duties, or court orders, some processing may happen or continue even where consent cannot be obtained first.

Kenya legal foundation

Laws and guidance this notice is designed around

Constitution of Kenya, 2010, Article 31

Protects every person's right to privacy, including family and private affairs and communications.

Data Protection Act, Cap. 411C

Sets the core duties for lawful, fair, transparent, secure, and purpose-limited processing of personal data and health data.

Data Protection (General) Regulations, 2021

Adds practical requirements for consent, privacy policies, retention schedules, data sharing, breach notification, cross-border transfer, and DPIAs.

Health Act, No. 21 of 2017

Requires informed consent, patient health information, confidentiality, complaints handling, and patient duties in healthcare settings.

Digital Health Act, No. 15 of 2023

Governs digital health data banks, health data use, consent, safeguards, portability, and offences around sensitive health data.

Office of the Data Protection Commissioner

Kenya's data protection regulator, with public guidance on data subject rights, complaints, registration, enforcement, and compliance.

Plain-language patient promise

Anecate Hospital is used to help facilities deliver care. Patient information is sensitive and must be handled quietly, carefully, and only by people with a real work reason.

We do not treat patient information as a product for sale.
We require facilities and users to use patient data only for authorised healthcare, administration, claims, reporting, security, or legal purposes.
We require patient-facing workflows to link to this notice and the terms before consent is recorded.
Where a stricter facility policy, professional duty, contract, or Kenyan law applies, the stricter rule controls.

Who controls patient data

For patient care records, the hospital, clinic, pharmacy, chemist, or other healthcare facility normally decides why and how patient data is used. Anecate Hospital provides the software and may process data for hosting, support, security, maintenance, audit, and service improvement under the facility's instructions.

Facility-level patient rights requests should be made to the facility that created or controls the record.
Anecate Hospital product privacy questions can be raised through the public contact channel or the support channel configured for the workspace.
Each facility should publish its own data protection contact, complaints route, and health-records request process.

Information we process

Patient identity, contact, demographic, next-of-kin, guardian, emergency contact, and consent details.
Health data including visits, complaints, diagnoses, vitals, allergies, medications, prescriptions, procedures, nursing notes, discharge notes, lab orders and results, radiology orders, images or reports, maternity, vaccination, theatre, dental, pharmacy, and referral records.
Billing, receipt, invoice, payment, insurer, SHA or other claim, authorisation, stock issue, and service utilisation details.
Staff user profiles, roles, branch assignments, login activity, audit logs, access evidence, device/session metadata, workflow actions, exports, and support interactions.
Technical logs needed for security, troubleshooting, fraud prevention, service reliability, rate limiting, backups, and incident investigation.

Why data is used

To identify patients and authorised representatives accurately.
To provide care, triage, appointments, clinical review, prescriptions, dispensing, laboratory, radiology, nursing, theatre, discharge, referrals, and follow-up.
To process billing, claims, receipts, payments, insurance, SHA workflows, stock, procurement, accounting, and facility administration.
To meet lawful reporting, public health, regulatory, court, audit, tax, accounting, and professional obligations.
To protect accounts, detect misuse, investigate incidents, maintain backups, monitor reliability, improve safe workflows, and support authorised users.
To communicate care, scheduling, billing, results-release, referral, or service messages using approved channels and the minimum necessary data.

Lawful basis and consent

Processing may rely on consent, performance of a healthcare or service relationship, legal obligation, vital interests, public interest in health, legitimate facility interests that do not override patient rights, professional secrecy, or another basis allowed by written law.
Where consent is required, it must be specific, informed, voluntary, recorded, and capable of withdrawal for processing that depends only on consent.
Withdrawal of consent does not automatically erase records that must be kept for legal, clinical, public health, audit, claims, dispute, or defence purposes.
Emergency care and serious public health risks may allow necessary processing before consent can be collected, but the facility should document the reason.
Children, minors, and patients without capacity should be represented by a parent, guardian, next friend, authorised person, or court order where the law requires it.

Sharing and disclosure

Data may be shared with authorised facility staff, clinicians, reception, billing, pharmacy, laboratory, radiology, nursing, theatre, records, administrators, and support teams on a need-to-know basis.
Data may be shared with referral facilities, external laboratories or imaging providers, insurers, SHA or other payers, payment providers, regulators, public health authorities, courts, auditors, professional bodies, and contracted processors where permitted.
Routine sharing should have a clear purpose, documented safeguards, and the minimum necessary patient information.
Personal health information must not be disclosed for market research, direct marketing, curiosity, public gossip, social media, or personal benefit.
Cross-border transfer of personal data or sensitive health data must follow Kenyan data protection safeguards, consent requirements where applicable, and any Kenya-hosting requirement that applies to primary or secondary healthcare processing.

Patient rights

Patients may request access to their personal health information through the facility that controls the record.
Patients may ask for inaccurate, outdated, incomplete, or misleading information to be corrected.
Patients may request restriction, objection, erasure, destruction, anonymisation, or pseudonymisation where Kenyan law allows the request.
Patients may request portability of their health information where technically possible and legally available.
Patients may withdraw consent for processing based only on consent, and may complain to the facility or the Office of the Data Protection Commissioner where privacy concerns are not resolved.

Security and breach response

Anecate Hospital and facilities must apply reasonable administrative, technical, and physical safeguards including role-based access, authentication, session controls, audit trails, backups, secure configuration, and staff accountability.
Users must report suspected misuse, wrong access, lost devices, exposed passwords, leaked files, misdirected messages, unauthorised exports, or suspicious activity immediately.
Where a breach creates a real risk of harm, the controller must assess ODPC notification, affected patient communication, containment, remediation, evidence preservation, and breach records within the timelines required by law.
Facilities should regularly review roles, audit logs, inactive accounts, export activity, shared workstations, print controls, and incident lessons learned.

Retention and deletion

Patient and facility records are kept only as long as reasonably necessary for care, continuity, billing, claims, legal, audit, public health, accounting, dispute, or regulatory purposes.
Facilities should maintain a retention schedule that explains the record category, reason for retention, retention period, review cycle, and disposal action.
When data no longer has a lawful purpose, it should be deleted, erased, anonymised, pseudonymised, or archived in a manner that protects confidentiality.
Backups, audit logs, and legal holds may remain for limited security, continuity, audit, or dispute purposes even where frontline records are corrected or closed.

Patient registration consent wording

These points are shown in registration and should be read or explained to the patient or authorised representative before patient data is stored.

The patient or authorised representative has been told who is collecting the information, why it is needed, and which facility will use the record for care and related administration.
The patient record may be used for identification, care, appointments, triage, clinical notes, lab and radiology requests, prescriptions, pharmacy, billing, claims, referrals, discharge, follow-up, lawful reporting, audit, and approved hospital operations.
The record may include identity, contact, next-of-kin, demographic, clinical, medication, allergy, vital signs, laboratory, radiology, diagnosis, procedure, billing, insurance, claim, consent, and audit information.
Only authorised facility users may view or update the patient record, and only where their role requires it for care, administration, claims, reporting, audit, security, or another permitted purpose.
The facility and Anecate Hospital must protect the record using role-based access, authentication controls, audit logs, secure storage, staff accountability, and incident response.
The patient may ask the facility how the record is used, request access to their health information, ask for inaccurate data to be corrected, request portability where technically possible, object or restrict processing where legally available, and complain if privacy is mishandled.
Some records may be retained or shared even after a request to withdraw consent where retention or sharing is required for care continuity, legal obligations, public health, claims, audit, defence of legal claims, or another written law.
Information about minors or patients without capacity must be handled through a parent, guardian, next friend, authorised representative, or court order as applicable, and always in the patient's best interests.
If consent and the applicable terms are not accepted and no other lawful basis is documented, the patient registration must not be saved in Anecate Hospital except where emergency care or written law permits necessary processing.

Legacy import attestation

These points apply when a facility imports existing patient registers into Anecate Hospital.

Every imported patient record has patient consent, authorised representative consent, or another documented lawful basis for storage and use in Anecate Hospital.
Patients were informed, or will be informed where legally required, that their records may be used for care, appointments, billing, claims, referrals, lawful reporting, audit, security, and approved hospital operations.
The import source is a legitimate facility record and was not obtained unlawfully, fraudulently, by scraping, by unauthorised copying, or from a source that the facility has no right to use.
The facility has checked that imported identifiers, phone numbers, dates of birth, insurance or SHA details, and clinical information are as accurate as reasonably possible before use.
The facility remains responsible for the source register, import approvals, duplicate checks, consent evidence, patient correction requests, and any required patient communication.
Imported records must not include more data than is necessary for the intended healthcare, billing, claim, reporting, or continuity purpose.
Anecate Hospital protects imported data with access controls and audit safeguards, while facility admins remain responsible for staff roles, devices, credentials, printouts, exports, and local operating procedures.

Staff privacy commitments

Every workspace user must accept these duties before account access is completed.

I will access patient and facility information only for the role, branch, department, patient, visit, request, or task that the facility has authorised me to handle.
I will not browse patient records out of curiosity, search for relatives or public figures without a care reason, or use another person's account to view records.
I will not sell, leak, copy, photograph, screen-record, export, print, disclose, discuss, or post patient information outside authorised facility work.
I will keep my password, OTPs, email, phone number, tokens, passkeys, and authentication devices private and under my control.
I will not save passwords on shared, public, borrowed, ward, reception, theatre, radiology, lab, pharmacy, or unattended devices, and I will sign out or lock the workstation when I step away.
I will verify patient identity before registering, ordering, prescribing, dispensing, reporting, billing, releasing results, sharing discharge documents, or handing out printed records.
I will use only approved facility channels for patient communication, referrals, claims, exports, and support requests, and I will minimise the patient data included in each message.
I will report wrong access, exposed passwords, lost devices, suspicious activity, misdirected messages, leaked printouts, or any suspected breach immediately.
I will tell hospital administration when I leave the facility, my contract ends, I move branch or department, or my access should be changed, suspended, or removed.
I understand that misuse of patient data may lead to account suspension, employment discipline, professional reporting, civil liability, regulatory enforcement, or criminal consequences under applicable law.