AN APPRAISAL OF THE LEGAL FRAMEWORK FOR DATA SECURITY PROTECTION FOR HEALTH INSTITUTIONS IN NIGERIA
Abstract
This study appraises the legal framework for data security and protection within health institutions in Nigeria, focusing on the adequacy, effectiveness, and enforcement of existing legislation. As the health care sector increasingly adopts digital technologies for patient records, diagnostics, and management, safeguarding sensitive health information has become critical. This appraisal examines key legislation, including the Nigeria Data Protection Regulation (NDPR), the Cybercrimes Act, and sector-specific guidelines, assessing their capacity to protect patient privacy and ensure data security. The research identified gaps in legal protections, such as insufficient enforcement mechanisms, lack of comprehensive cyber security standards, and limited awareness of data privacy rights among health care providers and patients. Additionally, it considers the alignment of Nigeria’s legal framework with international best practices, such as the General Data Protection Regulation (GDPR), and evaluates the extent to which Nigerian laws accommodate the unique privacy concerns within the healthcare sector. Findings from this appraisal reveal that while foundational regulations are in place, there is an urgent need for more robust and sector-specific data protection measures tailored to health institutions. The recommendations include enhanced regulatory oversight, stricter penalties for data breaches, and increased investment in cyber security infrastructure within health institutions. The study concludes that strengthening the legal framework for data security in Nigeria’s health care sector is essential for building public trust, protecting patient rights, and advancing the country’s digital health objectives
Keywords:
Data protection, institutions, security, health, legalDownloads
Published
DOI:
https://doi.org/10.5281/zenodo.14905819Issue
Section
How to Cite
License
Copyright (c) 2025 Ottah, Ogbemudia Isaac , Imoisi, Ejokema Simon PhD
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
References
Adeshina A. Information Security in Nigerian Health Systems: Protecting Patient Data (ABU Press, Zaria, 2019) 45.
Adewale, S.O, Cybersecurity and Data Protection in Nigeria: The Impact of Laws and Regulations (Routledge, London, 2020) 58.
Lawal,A Nigerian Constitutional Law (Constitutional Publications, Abuja, 2016) 204.
Chimaokwu I. Data Security Issues in Nigeria's Health Information Systems (University of Lagos Press, Lagos, 2021) 75-76.
Agom CG The Right to Privacy under the Nigerian Constitution: An Analysis (University of Lagos Press, Lagos 2021) 45.
Kuner, C. European Data Protection Law: Corporate Compliance and Regulation (Oxford University Press, Oxford 2020) 50.
Okeke CN, Health Law in Nigeria: Principles and Practice (Nigerian Academic Press, Abuja, 2015) 112.
Solove DJ and Schwartz PM, Privacy Law Fundamentals (IAPP, Portsmouth 2021) 112.
Albrecht DM, The Future of Data Protection in Healthcare: Privacy, Security, and Compliance (Springer, 2020) 45.
Albrecht DM, The Future of Data Protection in Healthcare: Privacy, Security, and Compliance (Springer, 2020) 45.
Data Protection Compliance Organisation, Annual Report on Data Protection in Nigeria (DPCO, Lagos, 2023) 45-47.
Bakare E. Human Rights and Medical Law in Nigeria (African Studies Publishing, Abuja 2020) 120.
Akpan EN and Joseph I. Udo, Freedom of Information and Privacy Law in Nigeria (Nigeria Law Publications, Port Harcourt, 2013) 98.
Opara FK, Medical Data Protection in Africa: The Nigerian Experience (African Press, 2021) 138.
Greenleaf G. Asian Data Privacy Laws: Trade and Human Rights Perspectives (Oxford University Press, Oxford 2023) 89.
Sulaiman I. Medical Ethics in Nigerian Practice: Legal and Professional Perspectives (University Press, Ibadan 2019) 67.
Anyanwu I. Nigerian Health Law in Practice (Lagos Law Publishers, Lagos 2015) 102.
John Doe, Confidentiality and Data Protection in Nigerian Healthcare (Oxford University Press, Oxford, 2020) p. 45.
Mutesi M. Data Protection in Africa: Frameworks, Challenges, and Prospects (Routledge, New York 2023) 70.
Smith M. Healthcare Privacy: Legal and Ethical Implications in Nigeria (Cambridge University Press, Cambridge, 2018) p. 127.
Onwuliri N and Akande B, Health Information System Security: The Role of National Health Policy (University of Ibadan Press, Ibadan, 2020) 103.
Nigerian Communication Commission, Guidelines on Data Security for Health Institutions (NCC, Abuja, 2021) 28-30.
Nigerian Medical Association, Guidelines for the Management of Health Records in Nigeria (NMA Press, Lagos, 2013) 98-102.
Chukwu N. Healthcare, Ethics, and Patient Rights in Nigeria (Nigerian Legal Publications, Abuja 2018) 98.
Nnaji, EU, Data Protection in Nigeria's Health Sector: An Analysis (University of Lagos Press, Lagos, 2021) 94.
Nwabueze, RN Legal and Ethical Issues in Health and Technology (Springer, New York, 2019) 42.
Amao O and Adewunmi F, Nigeria Data Protection Regulation: A Practical Guide (Lagos Press, Lagos, 2020) 75.
Bamidele OO, Cybersecurity Laws in Nigeria: A Critical Examination (University of Lagos Press, 2022) 112.
Bamidele OO, Cybersecurity Laws in Nigeria: A Critical Examination (University of Lagos Press, 2022) 112.
Olusola SA, Cyber Law and Policy in Nigeria (Ibadan University Press, Ibadan, 2018) 146.
Ibenegbu SN, Health care and the Law: A Nigerian Perspective (LexisNexis, 2021) 91.
Olawale O, Case Studies of HIS Breaches in Nigerian Hospitals (Ahmadu Bello University Press, Zaria, 2022) 54-55
World Health Organisation, Global Health Data Protection Guidelines (WHO, Geneva, 2016) 88-91.
JOURNALS
Chidi Okeke, Data Privacy and Security in Nigerian Medical Practice [2017] University Press, Ibadan, 98.
G. Ogunyemi, "Patient Confidentiality and Legal Frameworks" [2021] (5) (1) Journal of Nigerian Health Policy Springer, Lagos, 102.
Michael Williams, "Data Protection in Nigerian Health Institutions"[2019] (6) (3) International Journal of Health Law Routledge, London, 67.
STATUTES
Constitution of the Federal Republic of Nigeria 1999 (with amendments) (Federal Government Press, Abuja, 1999) s 37
Nigeria Data Protection Act, 2014
ONLINE SOURCES
The National Information Technology Development Agency, Nigerian Data Protection Regulation (NITDA, 2019) <https://nitda.gov.ng/> accessed November 11, 2024.
CASE LAW
Medical and Dental Practitioners Disciplinary Tribunal v Okonkwo' [2001] 5 NWLR 95
