MedRoam Africa Logo
Back to Home

Data Protection

Our Commitment to Your Data

End-to-end encryption for all health data
Compliance with Ghana Data Protection Act
Regular third-party security audits
24/7 security monitoring
Staff trained in data protection
Clear data retention policies

Last updated: January 25, 2026

1. Introduction

MedRoam Africa is committed to protecting your personal data and respecting your privacy. This Data Protection Policy outlines our approach to data protection in compliance with the Ghana Data Protection Act, 2012 (Act 843) and international best practices in healthcare data management.

2. Legal Framework

Our data protection practices comply with:

  • Ghana Data Protection Act, 2012 (Act 843)
  • Health Institutions and Facilities Act, 2011 (Act 829)
  • Electronic Transactions Act, 2008 (Act 772)
  • International standards including HIPAA principles and GDPR guidelines

3. Data Protection Principles

We adhere to the following principles:

Lawfulness, Fairness, and Transparency

We process personal data lawfully, fairly, and in a transparent manner. We clearly inform you about how your data is collected and used.

Purpose Limitation

Personal data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.

Data Minimization

We only collect personal data that is adequate, relevant, and limited to what is necessary for providing healthcare services.

Accuracy

We take reasonable steps to ensure personal data is accurate and kept up to date. You can update your information through your dashboard or by contacting us.

Storage Limitation

Personal data is kept only for as long as necessary for the purposes for which it was collected, in accordance with medical record retention requirements.

Integrity and Confidentiality

We implement appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

4. Technical Security Measures

We implement comprehensive security measures including:

Encryption

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • End-to-end encryption for sensitive communications

Access Controls

  • Role-based access control (RBAC)
  • Multi-factor authentication for staff
  • Automatic session timeouts
  • Audit logging of all data access

Infrastructure Security

  • Secure cloud hosting with certified providers
  • Regular security patches and updates
  • Intrusion detection and prevention systems
  • DDoS protection

5. Organizational Measures

  • Dedicated Data Protection Officer
  • Regular staff training on data protection
  • Confidentiality agreements for all employees
  • Clear incident response procedures
  • Regular security assessments and audits

6. Data Subject Rights

Under the Ghana Data Protection Act, you have the right to:

  • Right of Access: Obtain confirmation of whether we process your data and access to that data
  • Right to Rectification: Have inaccurate personal data corrected
  • Right to Erasure: Request deletion of your data where applicable
  • Right to Object: Object to certain types of processing
  • Right to Data Portability: Receive your data in a structured, machine-readable format

7. Data Breach Response

In the event of a personal data breach, we will:

  • Investigate and contain the breach immediately
  • Assess the risk to affected individuals
  • Notify the Data Protection Commission within 72 hours where required
  • Notify affected individuals without undue delay if there is high risk
  • Document the breach and our response
  • Implement measures to prevent future breaches

8. Third-Party Data Processors

We carefully select third-party processors and ensure they provide sufficient guarantees regarding data protection. All processors are bound by data processing agreements that require them to:

  • Process data only on our documented instructions
  • Implement appropriate security measures
  • Assist us in responding to data subject requests
  • Delete or return data at the end of the service

9. Data Protection Officer

Our Data Protection Officer oversees compliance with data protection laws and can be contacted at:

  • Email: dpo@medroamafrica.com
  • Phone: +233 507 309 168
  • Address: Boadi, Kumasi, Ghana

10. Complaints

If you believe your data protection rights have been violated, you may lodge a complaint with the Data Protection Commission of Ghana:

  • Website: www.dataprotection.org.gh
  • Email: info@dataprotection.org.gh

See also: Terms of Service | Privacy Policy | Cookie Policy