“As Nigeria digitizes its health sector, we must ensure that technology serves the patient, not the other way around. Your health data is your dignity. Guard it well.”
Last Tuesday, Mrs. Nkechi Okonkwo, a 48-year-old trader at Onitsha Main Market, walked into a private clinic, complaining of persistent headaches. The doctor barely looked up from his laptop. He asked for her name, tapped a few keys, and within seconds, her entire medical history appeared on his screen — her 2019 fibroid surgery, her 2021 hypertension diagnosis, the antidepressant she took briefly in 2022 after her husband’s death.
The doctor did not ask for her consent. He did not explain who else could see those records. He simply prescribed medication and sent her on her way.
Mrs. Okonkwo is not alone. Across Nigeria today, millions of citizens are interacting with a healthcare system that is rapidly going digital — and most have no idea what happens to their most intimate information once it enters the electronic ether. This is not merely a technical problem. It is a profound question of human dignity.
The Digital Tsunami: Health Data And Patient Dignity
Nigeria’s healthcare landscape is being transformed by digital technology. Tele-health platforms, mobile health apps, electronic health records, and digital insurance enrolment are no longer experimental — they are becoming the standard. The government is accelerating this shift through large-scale digital identity and health infrastructure projects.
Chief among these is the Nigeria Digital Identification for Development Project, co-financed by the World Bank, the Agence Française de Développement, and the European Investment Bank to the tune of $430 million.
The project aims to enroll 180 million Nigerians in the National Identification Number (NIN) system by December 2026 — a target that, if met, would see more than three quarters of the population in the database.
The integration of this identity infrastructure with health data creates unprecedented opportunities for service delivery — but also unprecedented risks for surveillance and exclusion.
And then there is the Digital Health Services Bill, 2025, currently awaiting its second reading in the House of Representatives. If passed, it will be Nigeria’s first comprehensive law governing telemedicine, mobile health apps, AI-driven diagnostics, and electronic health records.
All of this is exciting. All of it is necessary. But here is the question we must ask: In our rush to digitize, are we building a system that protects the dignity of the patient, or one that treats personal health data as just another commodity to be harvested?
The Dignity Of Privacy
Your health data is not like your name or your address. It is a map of your vulnerabilities. It reveals whether you have HIV, whether you have sought mental health treatment, whether you are pregnant, whether you are infertile, whether you have a genetic condition that might affect your children. In the wrong hands, this information can be used to deny you employment, to shame you publicly, to discriminate against you, or to exploit you financially.
The law recognises this. The National Health Act, 2014 contains provisions affirming patient rights, including the right to confidentiality and privacy in the course of receiving healthcare services.
The Nigeria Data Protection Act, 2023, drawing its constitutional authority from Section 37 of the 1999 Constitution (which guarantees the right to privacy), establishes a comprehensive framework for safeguarding personal data. Together with the General Application and Implementation Directive (GAID) 2025, it classifies health data as sensitive personal data, requiring explicit patient consent and strict conditions for processing.
The GAID also grants data subjects the right to access, correct, request erasure of their data, and lodge complaints with the Nigeria Data Protection Commission.
Yet here is the uncomfortable truth: having laws on paper is not the same as having protection in practice.
The Gaps In The Wall
In many Nigerian hospitals and clinics, data protection remains an afterthought. Healthcare workers often lack training on their legal obligations. Institutions frequently have no clear breach response protocols. And the rapid outsourcing of data storage and processing to third-party technology vendors — often without adequate oversight — creates vulnerabilities that the law has not yet caught up with.
Globally, the warning signs are flashing red. In May 2026, NYC Health + Hospitals disclosed that hackers had stolen the personal, medical, and biometric data (including fingerprints and palm prints) of, at least, 1.8 million people through a third-party vendor breach. The attackers had access from November 2025 to February 2026 — three months — before detection.
If a system as resourced as New York’s can be so comprehensively compromised, Nigeria must ask: are we ready?
The Digital Health Services Bill, 2025 attempts to address some concerns. It mandates compliance with the Nigeria Data Protection Act; requires robust cybersecurity measures, and grants patients the right to access, correct, or delete their health data.
But the Bill has significant gaps. It places the Federal Ministry of Health as the primary regulator — a ministry already over-stretched. It does not specify penalties for data breaches beyond referring to the NDPA, which many healthcare providers barely understand. And it does not adequately address third-party vendor risk — the weak link that caused the NYC breach and that is ubiquitous in Nigeria’s healthtech ecosystem.
The Informal Sector Dilemma
As digital health expands, the push to enroll the informal sector — the traders, artisans, farmers, and market women who constitute the backbone of Nigeria’s economy — raises acute dignity concerns.
These are Nigerians who may never have used a smartphone app; who may not understand the fine print of a digital consent form; and who are most vulnerable to exploitation.
When a market woman in Kano is asked to provide her NIN, her biometric data, and her health history to enroll in a digital insurance scheme, does she truly understand what she is consenting to? Does she know that her data might be shared with third-party verification services, telecommunications companies, or international development partners?
A recent report by the African Digital Rights Network, published in December 2025, examined biometric digital ID systems across ten African countries and found serious concerns about exclusion, rights violations, data protection, and accountability.
Millions are struggling to enroll or safely use these systems, or are choosing not to participate due to fear and mistrust. Some are excluded because of disability or illiteracy. Others cannot afford the phone access, mobile data, or electricity needed to interact with digital systems.
In our enthusiasm for digital inclusion, we may be digitally excluding the very people we claim to help.
What Must Be Done
So where do we go from here? How do we ensure that Nigeria’s digital health revolution serves human dignity rather than undermining it?
First, the National Assembly must pass the Digital Health Services Bill, 2025 — but not without strengthening it.
The bill needs explicit provisions on third-party vendor liability, mandatory breach notification timelines, and dedicated funding for enforcement. It should require digital health platforms to conduct regular, independent security audits.
Second, the Nigeria Data Protection Commission (NDPC) must prioritise the health sector. Healthcare providers should be required to register as data controllers; appoint dedicated Data Protection Officers; and undergo mandatory training. The NDPC should publish sector-specific guidelines on health data processing, modeled on the GAID 2025, but tailored to the realities of Nigerian hospitals and clinics.
Third, patient consent must be meaningful, not performative. Too often, “consent” in Nigerian healthcare is a signature on a form written in legal English that the patient cannot understand.
For the informal sector, consent must be obtained in local languages, with clear explanations of what data is being collected, who will have access to it, how long it will be retained, and what rights the patient has to withdraw consent or request deletion.
Fourth, we need a national health data breach registry. When breaches occur — and they will — the public has a right to know. Transparency is not just a legal requirement under the NDPA; it is a public health imperative. If patients do not know their data has been compromised, they cannot take steps to protect themselves from identity theft, insurance fraud, or blackmail.
Fifth, we must resist the temptation to treat health data as a resource to be extracted rather than a trust to be safeguarded. International development partners are funding digital identity and health infrastructure.
Healthtech startups are raising venture capital. All of this is good. But the measure of success cannot be enrollment numbers or app downloads. It must be whether the dignity of the patient remains intact at the end of the process.
A Final Thought
Mrs. Nkechi Okonkwo left that clinic with her medication, but she also left behind something far more valuable — her privacy. She did not know that her depression diagnosis from 2022 was now sitting on a server somewhere, accessible to anyone with the right login credentials.
She did not know that her biometric data was being verified against a national database managed by a third-party contractor. She did not know that if that server were breached tomorrow, her most intimate struggles could become fodder for fraudsters or tabloid gossip. She trusted the system. The system must be worthy of that trust.
Health law is not just about regulating hospitals and licensing drugs. At its core, it is about protecting the dignity of the human person — especially at their most vulnerable. As Nigeria digitizes its health sector, we must ensure that technology serves the patient, not the other way around. Your health data is your dignity. Guard it well.
•Sanu is a Nigerian lawyer and health law scholar. This column breaks down complex health laws for everyday Nigerians.
