Data Protection Commission Investigates Alleged Patient Data Security Breaches By LightWave HealthCare Solutions

The Data Protection Commission (DPC) has taken up the data management breaches allegations raised in relation to access to patient data managed by LightWave HealthCare Solutions under a previous contract with the Ministry of Health (MoH)

In a statement, it said it was working to ascertain the facts and ensure that personal health data is securely managed in accordance with the Data Protection Act. 2012 (Act 843).

As part of its investigation, it will review mode of storage for the affected data; assess compliance with Act 843 on lawful processing, retention, and security; and ensure that the rights of data subjects are upheld.

“The DPC will engage all relevant parties, including Light Wave HealthCare Solutions, the Ministry of Health, and associated service partners.”

It also intends to collaborate with the Ministry of Health, the Cyber Security Authority (CSA), and the National Information Technology Agency (NITA).

It used the occasion to assure the public of a thorough and objective investigation.

“The DPC remains committed to protecting personal data, particularly sensitive health information, and to maintaining public trust in Ghana’s digital ecosystem.”

The Minister for Health, Kwabena Mintah Akandoh, at a press conference on October 30, accused the company of breaches in the implementation of the National Electronic Medical Records (EMR) and Patient Management System.

“It is unconscionable for any company to have access to the electronic medical records of Ghanaians without the state having control. With the cloud infrastructure built somewhere in India, we had to act.”

Story by Hajara Fuseini

Click to read more: https://opemsuo.com/author/hajara-fuseini/