3 weeks · 6 lessons · All health professionals
$29
Sponsorships & scholarships available — most learners join on a funded seat.
Digital tools have moved African health data off locked paper registers and onto phones, laptops, servers, and the cloud, multiplying both its usefulness and its exposure. This Level I course equips every health professional and student, clinical or not, with the practical ethics, privacy, and security skills to handle that data responsibly. Across three weeks you will learn to protect patient confidentiality in EMRs and on shared devices, obtain and document informed digital consent, apply lawful data-sharing and access rules, and practise personal cyber-hygiene against phishing and ransomware.
You will also be able to name the data-protection law that governs your work, from Ethiopia's PDPP and POPIA to the Nigeria and Kenya DPAs and the Malabo Convention, and apply the WHO six AI-ethics principles to question bias, equity, and accountability before trusting an algorithm. The course carries 5 contact hours in the Ethics and Human Rights CEU category.
Open to all health professionals and students. No prior digital-health experience required — but places are confirmed by application so we can build a cohort that finishes together.
3 modules · 6 lessons · delivered in the ADHA learning platform after admission
Full lessons unlock in the learning platform once you're admitted. Apply →
Next cohort — applications open
Open to all health professionals and students. No prior digital-health experience required — but places are confirmed by application so we can build a cohort that finishes together.
Sponsorships & scholarships available — most learners join on a funded seat.
Q: I work in a clinic with one shared computer. How can I protect confidentiality if everyone uses the same login? A: A shared login is itself the core risk — it disables role-based access and breaks the audit trail. Push for individual user accounts (most EMRs support them at no extra cost), and in the meantime always lock or log out when you step away, angle the screen from the waiting area, and never leave patient data open. Raise it with your supervisor as a governance gap, not just an inconvenience.
Q: Is it ever okay to discuss a patient case on WhatsApp with colleagues? A: Only with caution. Personal messaging apps are usually not approved, governed channels, and even "anonymised" cases can be re-identified from context. If your facility has a sanctioned, secure platform and there is a genuine clinical reason (e.g., an urgent specialist opinion), use that with consent where appropriate. Never share identifiable images or details in informal or social groups.
Q: A patient ticked "I agree" on a registration app. Is that valid consent for everything the app does? A: Not necessarily. Consent must be informed, specific, and freely given. A single tick on a long, unread policy does not validly cover unrelated uses such as marketing or data sales. Each distinct purpose generally needs its own clear, understandable consent, and the patient must be able to withdraw.
Q: The police / an employer / a relative asked me for a patient's information. Must I give it? A: Not by default. You need a lawful basis. A relative asking out of concern is not a basis; an employer is not a basis. Some legal requests (court orders, statutory mandates) are, but you should not judge these alone — follow your facility's policy and escalate to a supervisor or data-protection focal point rather than disclosing on the spot.
Q: How do I know which data-protection law applies to me? A: It is generally the national law of the country where you and your patients are. Examples: POPIA (South Africa), the Data Protection Act 2019 (Kenya), the Data Protection Act 2023 (Nigeria), and the Personal Data Protection Proclamation 2024 (Ethiopia), all under the continental Malabo Convention. The core duties — lawful basis, minimisation, security, breach notice, and data-subject rights — are similar across them, so good practice travels well even across borders.
Q: I think I clicked a phishing link or my account was hacked. What should I do? A: Report it immediately to your supervisor or IT/security focal point — speed matters more than embarrassment. Early reporting lets the institution reset credentials, contain any malware before it spreads, and meet legal breach-notification deadlines. Do not try to hide it or fix it silently.
Q: Can I trust an AI tool that the ministry or a vendor has provided? A: Trust it conditionally, not blindly. Ask whether it was validated on patients like yours, whether you can understand and override its output, who is accountable if it errs, and whether it performs equitably across skin tones, genders, and languages. AI in African health is augmentation under clinical governance with a human in the loop — your judgement and accountability remain.
Q: Why is "where the data is hosted" an ethics issue and not just a technical one? A: Because hosting determines whose law governs the data, who holds the keys and administrative access, and whether services survive if a foreign vendor exits — the 2023 collapse of Babylon Health's Rwanda telehealth partnership showed national services inheriting a vendor's fragility. Data sovereignty (local/regional hosting for sensitive data, exit clauses, open-source digital public goods) is therefore part of protecting patients' rights, not just IT preference.