The National Health Insurance Authority (NHIA) in Nigeria’s Privacy Policy emphasizes lawful processing of personal data, security measures, and data protection. It outlines that data will not be processed without a legal basis and prohibits the commercial use of digital health data. The policy also states that data subjects have rights regarding their personal information and that the NHIA conducts regular audits to ensure compliance.

Key aspects of the NHIA’s Privacy Policy:

Lawful processing: Personal data is only processed based on a valid legal or business basis, in compliance with all applicable laws and regulations.

Data security: The NHIA maintains records, including Personal Data Inventories and Data Flow Diagrams, to ensure data is processed correctly. Regular audits are conducted to verify and ensure compliance.

Prohibited use: Digital health data, whether identifiable or anonymized, will not be used or disclosed for commercial purposes, including to insurance companies, employers, or pharmaceutical companies.

Compliance and accountability: Employees, ecosystem partners, and Third-Party Administrators (TPAs) are responsible for protecting personal data. Sanctions may be imposed for failing to protect confidentiality.

Transparency: Policies and procedures related to data confidentiality and security are transparent and available to the public.

Data rights: Individuals have rights regarding their personal data, and the NHIA is committed to processing data in line with those rights.

Third-Party Administrators (TPAs): TPAs registered with the NHIA must also comply with the data protection requirements of their role in administering health insurance scheme