Mott MacDonald
10 Fleet Place London EC4M 7RB United Kingdom
T +44 (0)20 7651 0300 mottmac.com
Mott MacDonald Limited. Registered in England and Wales no. 1243967.
Registered office: Mott MacDonald House, 8 10 Sydenham Road, Croydon CR0 2EE, United Kingdom
Document reference: Information class: Standard
This document is issued for the party which commissioned it and for specific purposes connected with the above captioned project only. It should not be relied upon by any other party or used for any other purpose.
We accept no responsibility for the consequences of this document being relied upon by any other party, or being used for any other purpose, or containing any error or omission which is due to an error or omission in data supplied to us by other parties.
This document contains confidential information and proprietary intellectual property. It should not be shown to other parties without consent from us and from the party which commissioned it.
Glossary of Terms 5 Acronyms 8
Executive summary 10
1 Introduction 14
2 The Kuunika Project in Malawi 15
2.1 Design features of the Kuunika Project 15
2.2 Mapping key implementation milestones 16
2.3 Independent evaluations 17
3 The digital health governance context 20
3.1 Stakeholder context 20 3.2 Policy context 21 3.3 Standards and interoperability 23
4 Global standards on digital health governance 24
4.1 Defining digital health governance 24 4.2 Working to common principles 25 4.3 Spotlight on privacy and security 26 4.4 Digital Health Governance Models 29 4.5 Applying the concept of aid effectiveness 29
5 Study methodology 32
5.1 Study design 32 5.2 Study participants and sampling method 32 5.3 Primary data collection instruments 32 5.4 Secondary data sources 32 5.5 Data management arrangements 33 5.6 Data Analysis Plan 33 5.7 Study limitations & mitigating actions 34 5.8 Study specific ethics considerations 34
6 Special Study 2 findings 35
6.1 Delivery of the Database and Demographic Exchange 35
6.1.1 Preamble 35 6.1.2 Understanding the DDE ambition 35 6.1.3 The implementation reality 38 6.1.4 Benchmarking against global standards 39
6.2 Role of implementation and aid effectiveness issues 41
6.2.1 Preamble 41
6.2.2 Key role players and their objectives 41 6.2.3 The implementation reality 42
6.2.4 Benchmarking against global standards 43
6.3 Role of intellectual property regulation, data privacy and global digital governance standards 45
6.3.1 Preamble 45
6.3.2 Regulatory context of the Kuunika Project 45
6.3.3 Implementation experience 46
6.3.4 Benchmarking against global standards 47
6.4 Lessons for future programming 48
7 Conclusion and recommendations 50
7.1.1 Conclusion 50 7.1.2 Recommendations 50
Annex 1: Kuunika theory of change and causal pathways 51
Annex 2: Formative stakeholder mapping for Special Study 2 53
Annex 3: Summary of progress in terms of building blocks 54
Annex 4: Health information system review 55
Annex 5: Status of digital health standard operating procedures 57
Annex 6: List of people interviewed 58
Figure 1: Key Kuunika milestones with implications for digital health governance 16
Figure 2: Summary of Kuunika's progress review (Dec 2020) 19
Figure 3: Elements of digital health leadership and governance (WHO 2019) 24
Figure 4: Overview of digital principle on open standards 26
Figure 5: Overview of digital principle on privacy and security 26
Figure 6: Effective digital safety requires national and international collaboration across multiple domains 28
Figure 7: Comprehensive approaches to data protection 29
Figure 8: Kuunika's 2016 system architecture showing the DDE component 36
Figure 9: Vision for a shared EHR system within the digital health architecture 37
Figure 10: Advantages and disadvantages of Electronic Health Records 37
Figure 11: Potential fault lines across Kuunika stakeholder interests 42
Figure 12: Evaluation team's reconstructed theory of change 51
Figure 13: Evaluation team's reconstruction of the Kuunika causal pathways 52
Figure 14: Kuunika's reported progress against key digital health 'building blocks' 54
Table 1: Overview of principal digital health governance structures in Malawi 20
Table 2: Key digital health legislation, policies and strategies in Malawi 22
Table 3: Overarching analysis plan for Special Study 2 33
Table 4: Study limitations, potential for impact and mitigating action 34
Table 5: Reflections on performance against Principles of Digital Development 40
Table 6: Reflections on Kuunika’s experience against the principles of aid effectiveness 44
Table 7: Reflections on Kuunika’s regulatory context against key GDHI indicators 48
Table 8: Seven lessons arising from the Special Study 2 questions 49
Table 9: Overview of the status of Digital Health SOPs (2021) 57
Box 1: Key baseline evaluation findings on digital health governance 17
Box 2: Key midline evaluation findings on digital health governance 18
Box 3: Specific questions identified for Special Study 2 19
Box 4: The concept of aid effectiveness 30
Box 5: Use of UICs in working with key populations 35
Box 6: The Digital Health Strategy's priority actions to protect digital health security 46
1
Application Programming Interface
A concept in software technology referring to how multiple applications can interact with and obtain data from one another. APIs operate on an agreement of inputs and outputs.
Cybersecurity Protecting networks, devices, and data from unauthorised access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information.1
Data architecture Data architecture is composed of models, policies, rules or standards that govern which data is collected, and how it is stored, arranged, integrated, and put to use in data systems and in organisations. Data is usually one of several architecture domains that form the pillars of an enterprise architecture or solution architecture.2
Data confidentiality Data confidentiality deals with protecting against the disclosure of information by ensuring that the data is limited to those authorised or by representing the data in such a way that it is only accessible to those who possess some critical information (e.g. a key for decrypting).3
Data governance Data governance is the process of managing the availability, usability, integrity and security of the data in enterprise systems, based on internal data standards and policies that also control data usage. Effective data governance ensures that data is consistent and trustworthy and doesn’t get misused.4
Data management Data management is the implementation of policies and procedures that put organisations and institutions in control of their data regardless of where it resides.5
Data ownership Data ownership is primarily a data governance process that details an organisation’s legal ownership of enterprise wide data. A specific organisation or the data owner has the ability to create, edit, modify, share and restrict access to the data 6
Data privacy Data privacy deals with aspects of the control process around sharing data with third parties, how and where that data is stored, and the specific regulations that apply to those processes.7
Data protection Data protection is the process of safeguarding important data from corruption, compromise or loss. Data protection is often about protection of personal data. It assures that data is not corrupted, is accessible for authorised purposes only, and is in compliance with applicable legal or regulatory requirements. 8
Data quality assurance Describes routine measures to assure data quality for robust analysis and use. Generally assesses the data against the attributes of validity, reliability, precision, integrity and timeliness.9
Data security Data security refers to protective digital privacy measures that are applied to prevent unauthorised access to computers, databases and websites. Data security also protects data from corruption.10
Data sharing
The ability to share the same data resource with multiple applications or users. It implies that the data are stored in one or more servers in the network and that there is some software locking mechanism that prevents the same set of data from being changed by two people at the same time.11
Data sovereignty
Data sovereignty refers to digital data that is subject to the laws of the country in which it is located. The increasing adoption of cloud data services and a perceived lack of security has led many countries to introduce new legislation that requires data to be kept within the
Retrieved from: What is Cybersecurity? | CISA
2 Retrieved from: http://www.learn.geekinterview.com/data warehouse/data architecture/what is data architecture.html
3 Retrieved from: https://csrc.nist.gov/glossary/term/DATA_CONFIDENTIALITY
4 Retrieved from: What Is Data Governance and Why Does It Matter? (techtarget.com)
5 Retrieved from: www.techopedia.com/definition/29059/data ownership
6 Retrieved from: www.techopedia.com/definition/29059/data ownership
7 Retrieved from: www.snia.org/education/what is data privacy
8 Retrieved from: What is Data Protection? | SNIA
9 Retrieved from: https://www.fsnnetwork.org/sites/default/files/Data_quality_%20assurance_short.pdf
10 Retrieved from: www.techopedia.com/definition/26464/data security
11 Retrieved from: www.yourdictionary.com/data sharing
Data-driven decisionmaking
country in which the customer resides.12 It can also to the practice of sharing data for additional research or investigations.13
This term describes a decision making process which involves collecting data, extracting patterns and facts from that data, and utilising those facts to make inferences that influence decision making. Data driven decision making (or DDDM) is the process of making organisational decisions based on actual data rather than intuition or observation alone.14
Digital health (Sometimes called eHealth) The use of Information and Communication Technologies in the health sector to improve the flow and use of information in support of the delivery and management of healthcare services It can also play an important role in strengthening health systems and public health, increasing equity in access to health services, and in working towards universal health coverage.15
Digital health governance Directing and coordinating digital health systems development, achieving consensus on policy, protecting individuals and groups and assuring oversight and accountability in the various aspects relating to use of information and communication technologies for health are all part of the digital health governance function at the national level.16
Electronic Health Record
Electronic Medical Record
Health management information system
Information Communication Technology
An Electronic Health Record (EHR) refers to a system that digitises all clinical health services and provides a longitudinal and holistic view of the patient health records.
An Electronic Medical Record (EMR) is a digitised medical record system generally narrower than an EHR and associated with vertical disease programmes 17
The Health Management Information System (HMIS) is one of the six building blocks essential for health system strengthening. HMIS is a data collection system specifically designed to support planning, management, and decision making in health facilities and organisations.18
Information Communication Technology (ICT) is the broader term for Information Technology (IT) and refers to the diverse set of technological tools and resources used to transmit, store, create, share or exchange information.19
Information governance Refers to the process of converting data or evidence into actionable information, Information governance establishes policy, determines accountability for managing information, and ensures this strategic asset is used properly and protected. It covers the strategic, operational, regulatory, legal, risk, and environmental requirements for information.20
Innovation governance
Effective innovation governance in the health sector aims to improve the focus, support, funds, vision, and resources for innovation. There is emphasis on increasing speed and decreasing time and costs, through structured communication, coordination, and collaboration that challenges the status quo, while protecting operations. Effective innovation governance means for constructively disrupting processes and improving operations, while managing risk to achieve better outcomes.21
Intellectual property
Intellectual property (IP) refers to creations of the mind, such as inventions; literary and artistic works; designs; and symbols, names and images used in commerce. IP is protected in law by, for example, patents, copyright and trademarks, which enable people to earn recognition or financial benefit from what they invent or create.22
The Principles for Digital Development are a set of nine guidelines for integrating best practices into technology enabled development programs for international development and cooperation. They include: Design with the User. Understand the Existing Ecosystem. Design for Scale. Build for Sustainability. Be Data Driven. Use Open Standards, Open Data, Open Source, and Open Innovation. Reuse and Improve. Address Privacy & Security. They have been endorsed by over 200 organisations including BMGF.23
12 Retrieved from: https://www.snia.org/education/what is data privacy
13 Retrieved from: https://en.wikipedia.org/wiki/Data_sharing
14 Retrieved from: https://www.northeastern.edu/graduate/blog/data driven decision making/
15 WHO. (2019). WHO guideline recommendations on digital interventions for health system strengthening. Geneva: WHO.
16 Retrieved from: https://www.who.int/ehealth/governance/en
17 Government of the Republic of Malawi. (2020). National Digital Health Strategy, 2020 2025. Lilongwe: Ministry of Health
18 Retrieved from: Health Management Information Systems (HMIS) MEASURE Evaluation
19 Retrieved from: Information and Communication Technologies (ICT) | UNESCO UIS
20 Retrieved from: https://www.starbridgeadvisors.com/2020/07/13/digital health governance in a digital health system/
21 Adapted from: Digital Health Governance in a Digital Health System StarBridge Advisors
22 Retrieved from: What is Intellectual Property? (wipo.int)
23 Retrieved from: https://digitalprinciples.org
Interoperability
Describes the ability of two or more information systems or components to exchange information based on standards, and to use the information that is exchanged. Interoperability enables different health information systems to work together in and across organisational boundaries to advance the health status of individuals and communities and the effective delivery of healthcare to them.24
Knowledge governance
mHealth
National ICT policy
National ICT Strategy
Knowledge governance is a means for deriving meaning from, managing, and securely and appropriately sharing information assets according to established principles and policies. It is often a fusion of information and contextualised experience. Sharing knowledge can improve the performance of the individual and an organisation within a health system, effective and timely sharing of validated knowledge can improve and save lives.25
The use of mobile and wireless devices (cell phones, tablets, etc.) to improve health outcomes, health care services, and health research.26
A National ICT Policy is a policy put into place by governments and stakeholders who are committed to the process of bringing digital technology to all individuals and communities so that they can have access to information.27
A National ICT Strategy is an approach to create an information technology infrastructure capability for maximum, and sustainable value for a country and its institutions. An ICT is timebound. It is informed by the national policy context and is implemented through an ICT Strategic Plan which documents specific steps, deliverables, and timeline. It may be supported by legislation, regulations, national guidelines and standard operating procedures (SOPs).28
24 Retrieved from: https://www.healthdatacollaborative.org/fileadmin/uploads/hdc/Documents/Working_Groups/Digital_Health_Interoperability_Working _Group/HIS_Interoperabiity_Maturity_Toolkit_Users_Guide.pdf
25 Adapted from: https://www.starbridgeadvisors.com/2020/07/13/digital health governance in a digital health system/
26 Retrieved from: What is mHealth? How Is It Different from Telehealth? (careinnovations.com)
27 Retrieved from: What is National ICT Policy | IGI Global (igi global.com)
28 Retrieved from: IT Strategy (Information Technology Strategy) CIO Wiki (cio wiki.org)
AIDS Acquired Immunodeficiency Syndrome
ANC Antenatal care
API Application Programming Interface
ART Antiretroviral therapy
BHT Baobab Health Trust
BMGF Bill and Melinda Gates Foundation
CAC Community AIDS Committee
CDC Centers for Disease Control and Prevention [USA]
CHAI Clinton Health Access Initiative
CHAM Christian Health Association of Malawi
CMED Central Monitoring and Evaluation Division
CRVS Civil Registration and Vital Statistics
CS Cooper / Smith
DC District Commissioner
DDC District Development Committee
DDE Demographics Data Exchange
DHA Department of HIV and AIDS
DHAMIS Department of Nutrition, HIV and AIDS Management Information System
DHD Digital Health Division
DHIS2 District Health Information System 2
DHMT District Health Management Team
DHO District Health Officer
DNHA Department of Nutrition, HIV and AIDS
DPPD Directorate of Planning and Policy Development
DQA Data quality audit
DUP Data Use Partnership
EGPAF Elizabeth Glaser Paediatric AIDS Foundation
EHR Electronic Health Record
EMR Electronic Medical Record
GDHI Global Digital Health Index
GFATM Global Fund to fight AIDS, TB and Malaria
GoM Government of Malawi
HIE Health Information Exchange
HIV Human Immunodeficiency Virus
HMIS Health Management Information System
HMIS Health management information system
HSA Health surveillance assistant
ICT Information Communication Technology
IFMIS Integrated Financial Management Information System
IHRIS Integrated Human Resource Information System
IP Implementing Partner
I TECH International Training and Education Center for Health
ITU Information Technology Unit
KII Key Informant Interview
LAHARS Local Authority HIV and AIDS Reporting System
LHT Lighthouse Trust
LIMS Laboratory Information Management System
LIN Luke International, Norway
LMH Last Mile Health
LMIC Low and Middle Income Country
LMIS Logistic Management Information System
M&E Monitoring and evaluation
MoH Ministry of Health
MACRA Malawi Communications Regulatory Authority
MoLG Ministry of Local Government
MM Mott MacDonald
NAC National AIDS Commission
NGO Non Governmental Organisation
NRB National Registration Bureau
NRIS National Registration and Identification System
ONSE Organised Network of Services for Everyone’s Health
OPC Office of the President and Cabinet
OPD Outpatients Department
PDD Principles for Digital Development
PEPFAR President’s Emergency Plan for AIDS Relief [USA]
PHIM Public Health Institute of Malawi
PIA Privacy Impact Assessments
PIU Programme Implementation Unit
POC Point of Care
QMO Quality Management Office
RAID Redundant Array of Independent Disks [coding device to prevent permanent loss of data]
SOP Standard Operating Procedure
TA Technical Assistance
TWG Technical Working Group
UBR Universal Beneficiary Register
UHC Universal Health Coverage
UNAIDS (Joint) United Nations Programme on HIV and AIDS
UBR Universal Beneficiary Register
UIC Unique Identification Code
UNDP United Nations Development Programme
UNICEF United Nations Children’s Fund
USA United States of America
USAID United States Agency for International Development
WHO World Health Organization
Funded by the Bill and Melinda Gates Foundation (BMGF), the Kuunika Project (2016 2021) aimed to establish a strong base of high quality digital health data for decision making in the Malawi health sector. Malawi’s HIV/AIDS programme was the first ‘use case’.
Special Study 2 is part of Mott MacDonald’s final independent evaluation of the Kuunika Project. This study addresses digital health governance themes, with a focus on four questions relating to: delivery of a Demographic Data Exchange (DDE); implementation and aid effectiveness issues; the policy and regulatory environment; and lessons learnt.
The study methodology included a comprehensive desk review, eight key informant interviews and two group discussions with the Kuunika team. An extensive formative literature review supported benchmarking against global standards. Limitations of the study (e.g. remote data collection and the small number of key informants available for interview) are acknowledged. These limitations have partly been mitigated by intensive triangulation against secondary data sources.
Key points from the triangulated data analysis were:
● The DDE was part of the early vision for the digital health architecture: The DDE was conceived as one modular component (or ‘building block’) of the digital health architecture for the HIV/AIDS programme (the ‘use case’). The DDE was intended to prevent duplication / loss of Electronic Medical Record (EMR) records when clients moved between health facilities. The DDE formed one component of an Expanded Health Data Exchange that would allow client demographic data (only) to be shared ‘horizontally’ across EMR modules.
● A shifting ecosystem: Since the initial design phases of Kuunika, there have been significant ‘shifts’ in the digital health and operational ecosystem that have disrupted implementation. These ‘shifts’ have included: technological advances and changes in the Malawi’s wider digital landscape; shifts in donor EMR investments; changes in political and institutional leadership; reconfiguration of the Kuunika consortium, and a shift in Kuunika’s focus to the Digital Health Division. In addition, the global COVID 19 pandemic has presented both challenges and opportunities.
● Contributions to the Expanded Health Data Exchange: Despite the shifting ecosystem, Kuunika has made significant contributions to the Expanded Health Data Exchange and related system components in keeping with a building blocks approach. These contribution have included registry services (such as the Terminology Service and Facility Registry) and domain services (such as the Logistics Management Information Service and the Health Management Information Service).
Global standards benchmarking
Principles of Digital Development: Overall, evidence points to good efforts by Kuunika to promote the nine global principles of digital development which focus on: the end user, data quality, scale, sustainability, collaboration, ecosystems; open standards / sources, reuse and data quality, privacy and security. However, timely delivery of a DDE was hampered by a shifting ecosystem, challenges of designing for scale and sustainability (e.g. lack of system maturity, evolving technology competing operational priorities, alignment challenges), and difficulties in collaborative working.
Data privacy and security considerations are likely to need additional prioritisation as the modular OpenHIE framework is rolled out.
1. Why the Demographic Data Exchange step was not completed
● Advancing a new digital health vision: Since 2019, Kuunika has supported development of a National Digital Health Strategy, 2020 2025. Alongside this, Kuunika’s role in the national Digital Health Division has involved consensus-building on an updated vision for the digital health architecture based on a modular OpenHIE framework. Under this vision, the DDE feature would over time be replaced by a master Client Registry and an Electronic Health Record (EHR) system; EMRs would then become one ‘point of care’ input to a common Interoperability Layer. Kuunika is now systematically advancing realisation of this digital health vision through collaborative working, while keeping government in the ‘driving seat’.
Key points from the triangulated data analysis were:
● Stakeholder mappings point to a complex and dynamic Kuunika stakeholder landscape (see Annex 2). A rapid ‘force field’ analysis reveals potential ‘fault lines’ within and across key stakeholder groupings, including: the Kuunika consortium; key international donors; the Government of Malawi; and other Implementing Partners. Narrative analysis suggests Kuunika Project progress can be mapped against how well these ‘fault lines’ have been negotiated over time.
● A fragmented digital health landscape: Successive situation analyses29 have shown Malawi’s digital health landscape is / remains highly fragmented. Available evidence suggests digital health investments primarily serve the disease focus of donors and their reporting systems. Commentaries indicate that, among donors and government, there has also been a lack of harmonised Supplier procurement, weak digital health curation and, hitherto, lack of buy in to a shared interoperability infrastructure
● New opportunities: Kuunika’s role in the Digital Health Division is generally seen as positive for improving the technical leadership, capacity and credibility of government. The Digital Health Strategy, 2020 2025, along with mapping of a coherent digital health architecture (based on the OpenHIE framework), and contributions to key building blocks (such as the Interoperability Layer) are also reported to provide opportunities for improved partner collaboration and alignment. Kuunika suggests this has been demonstrated by recent work on digital platforms and analytics for the COVID 19 response.
● Some concerns: Although Kuunika’s role in the Digital Health Division is widely seen as catalytic, there are some concerns about a potential conflict of interest if Kuunika partners continue to compete for implementation resources. Some observers suggest Kuunika’s role should be translated into a formal capacity development plan and exit strategy to ensure sustainability is not compromised by ‘capacity substitution’.
29
Principles of aid effectiveness: Donors supporting the HIV/AIDS programme broadly adhere to aid effectiveness principles of country ownership and strategy alignment. However, key informants suggest there is now scope for donors to strengthen adherence to aid effectiveness principles (including those relating to harmonisation, managing for aligned results and mutual accountability) by working through existing partner forums to advance the new Digital Health Strategy and roadmap. But this would need to be accompanied by a greater focus on systems thinking and substantial investments in institutional strengthening and governance capacity.
Key points from the triangulated data analysis were:
● The Department of e-Governance under the Ministry of Information and Communications Technology (ICT) leads on the development of ICT legislation, policies, strategies and standards for the Government of Malawi. The Department of e Governance seconds specialist staff to the MoH’s ICT Section and has particular responsibility for guiding digital health governance at MoH. Key informants suggest there is scope for closer collaboration between the Digital Health Division and the Department of e Governance at national and sub national levels especially as digital health initiatives are scaled up.
● Key digital legislation and policies are in place in Malawi. These include the eTransactions and Cyber Security Act (2016); the Access to Information Act (2017), the National Registration Act (2009), the National ICT Policy (2013) and, for MoH, the National Health Information Systems Policy (2015). Malawi is also a signatory to several international and regional instruments for protecting data privacy. In addition, the new Data Protection and Privacy Bill, 2021, aims to provide a comprehensive legislative framework for the protection and security of personal data although there are stakeholder concerns about the ambiguity of some terminology, the autonomy / capacity of key regulatory authorities, and implications for the National Registration and Identification System (NRIS).
● Intellectual property regulation: Malawi has five main intellectual property laws covering trademarks, patents and copyright. Existing legislation and policies also cover issues of data sovereignty and the transfer of data across borders. Key informants suggest this legislation is rarely harnessed restrict data reporting to donors, although the requirement of national health research ethics committees (e.g. the National Health Sciences Research Committee) are increasingly stringent.
● Standard Operating Procedures (SOPs): In keeping with Kuunika’s listed deliverables, 12 SOPs relating to digital health governance are in progress. Drafts are in place for nine key SOPs (see Annex 5), but three important SOPs on data security, data review meetings and quality management approaches have not yet been drafted. Drafted SOPs have been awaiting finalisation and ratification since 2020.
● Governance capacity in the Digital Health Division: Governance positions on policy and standards compliance in Digital Health Division have been identified, but these positions have not yet been filled.
Global Digital Health Index: Overall, available evidence suggests Malawi’s regulatory environment is now reasonably good when measured against standard global indicators on leadership, governance and policies. However, weaknesses remain in resource allocations for implementation and enforcement, operational guidelines tailored to each system level, and policies on cross border data security and data sharing.
Key lessons by question theme were:
• Sustainability of digital health building blocks is likely to be enhanced when there is reference to an updated digital health and information system architecture, and when there is wider stakeholder buy in on the shared vision, strategy and roadmap.
• Elements involving exchange of personal health records must be aligned to the wider governance, regulatory and standards environment especially with respect to data privacy, security and access.
• An understanding of the ecosystem requires a focus on the stakeholder, governance and political economy ecosystem, as well as the digital ecosystem. Seconded technical assistance (TA) can be on the front line of mediating the stakeholder ecosystem distinct skill sets are required
• There is scope to build on existing partner forums to convene diverse stakeholder groupings and build consensus around implementation of a joint digital health roadmap
• Investments in a patient centred ‘use case’ are likely to be more sustainable & scalable if partners retain a system focus and there are complementary investments in effective digital health governance at all system levels
• Particular attention needs to be given to data protection and cybersecurity threats. New digital health solutions should be accompanied by key assessments, such as threat risk and privacy impact assessments. There is scope for working more closely with the ICT Ministry, international collaboration, and contributing to legislative dialogue e.g. on Malawi’s Data Protection & Privacy Bill
• Sound digital health governance requires long term investment, and needs to extend to effective mechanisms for implementation, staff capacity building and oversight, and standards compliance at each system level Finalisation / roll out of key SOPs could be a relatively quick win, but this is a process heavy task area that needs focused leadership.
Findings from the four study questions, suggest the Kuunika team has been highly adaptive to the dynamic programme context and has built constructively on the experience and lessons of the early project phases. Recommendations from this study include specific recommendations and general recommendations for BMGF and the Government of Malawi. The general recommendations are also relevant to other development partners.
Specific recommendations:
● Support the Digital Health Division. Recognise the strategic benefits of a knowledgeable and trusted team embedded in the Digital Health Division that can respond to digital health opportunities and priorities. Seconded TA needs to be high calibre with distinct skill sets. Ensure there are clear guidelines on preventing conflict of interest.
● Prioritise governance capacity. Support efforts to ensure the Digital Health Division has appropriate capacity on digital health governance, standards and compliance governance officers should work closely with the ICT Ministry and prioritise finalisation of the digital health SOPs.
● Support Kuunika to develop a capacity development plan that includes skills transfer approach and an exit strategy.
General recommendations:
● Promote the principles of responsible ‘global digital health citizenship’ and partnership among all key role players. This means convening around a single shared digital health vision, strategy and roadmap. These should be based on a modular digital architecture and be consistent with open source and open standards principles
● Invest for scale and sustainability from the outset. This means thinking beyond the programme ‘use case’ to consider each solution’s horizontal and vertical linkages within a wider systems architecture. Consider complementary investments in digital health governance capacity at all system levels, including longer term investments / collaborations to protect data privacy and security.
This report on Special Study 2 is one of three ‘deep dive’ studies for the final evaluation of the Kuunika Project in Malawi The study focuses on the governance, regulatory and policy aspects of the initiative.
The Kuunika Project: Data for Action is funded by the Bill & Melinda Gates Foundation (BMGF) It commenced in 2016 and was implemented in partnership with the Government of Malawi (GoM). The Kuunika Project aimed to establish a strong base of high quality, routinely available data and a culture of data use in the health sector, using the HIV/AIDS programme as a first use case. There was a particular focus on addressing the range of technological innovations, knowledge translation, and health system strengthening needs of the Ministry of Health (MoH) in Malawi.
BMGF contracted Mott MacDonald to provide independent evaluation services to the Kuunika Project over the course of programme implementation (2016 2021) These evaluation services have included baseline, midline and endline evaluations. This Special Study (2) is one of three ‘deep dive’ special studies being conducted as part of Mott MacDonald’s final, endline evaluation.
Special Study 2 aims to surface the governance, regulatory and policy achievements, challenges and barriers associated with the Kuunika initiative. In particular, the study focuses on Kuunika’s efforts to upgrade the electronic medical records (EMRs) system for HIV patients in Malawi and establish a central database and Demographic Data Exchange (DDE) The study also intends to make recommendations for:
● GoM for next steps to enable progress with the EMRs/DDE in the future
● BMGF for similar programmes elsewhere
● Global health donors involved in establishing regulatory frameworks for personal medical data exchange.
This Special Study Report begins with an overview of the Kuunika Project and the ‘essentials’ of the governance components. This, in turn, provides the context for the specific questions underpinning this study enquiry. The wider context of digital health governance in Malawi and a review of global standard in digital health governance are summarised in Chapters 3 and 4 respectively. Chapter 5 of this report describes the study methodology, including data collection methods, the analytical framework and efforts made to mitigate methodological limitations. Chapter 6 presents a synthesis of evidence based findings from the study enquiry these findings are presented systematically against each of the study questions. The final chapter of this report (Chapter 7) presents a summary of lessons arising from the study findings, along with our conclusion and recommendations for key stakeholders.
The annexes to this report provide more detailed background information and presentations of evidence from the enquiry process.
This section presents an overview of the Kuunika Project and the ‘essentials’ of the governance components. This, in turn, provides the context for the specific questions underpinning this study enquiry.
The Kuunika Project has aimed to establish a strong base of high quality, routinely available data and a culture of data use in the Malawi health sector, using HIV as a first use case. Together with the Government of Malawi (GoM), the Project has sought to strategically and efficiently strengthen the data systems architecture, while simultaneously evaluating targeted methods to increase data use for decision making at facility, district and central levels.30
Notably, Kuunika has been characterised by an adaptive project design approach from the outset. Delivery of the Kuunika Project was based on a multi phase implementation plan to allow for innovation, evaluation, and iterative responses Phase I (scheduled for 2016 2019) included formative research and mapping of the ‘enterprise architecture’ This informed the design of a full package of support to five districts including Lilongwe, Blantyre, Zomba, Thyolo and Mangochi and three facilities in Mulanje. It was expected that Phase II would be based on scale up to additional districts and sites, prior to a final phase of sustaining programme gains and translating lessons learned into policy and further roll out
The Kuunika Project was initially set up to be implemented by a consortium of four organisations: Lighthouse Trust (LHT); Baobab Health Trust (BHT), Luke International, Norway (LIN); and International Training and Education Center for Health (I TECH); additional technical support has been provided by Cooper Smith.
In practice, Phase I delivery proved slower than expected. The Kuunika team, therefore, agreed with BMGF to undertake a ‘project pivot’ to prioritise activities that would more rapidly ‘unlock defined key capabilities’ in HIV services From November 2018, this involved a tighter focus on existing sites (rather than rolling out to new ones), accelerated delivery of specific data products to encourage data use, and a revised training approach. There were also new targets for improving the underlying system architecture, including the Health Facility Registry, the Demographic Data Exchange and the interoperability layer. On the back of this project pivot there was a significant reconfiguration of the consortium This resulted in LIN becoming the sole Implementing Partner (drawing on consultant support from the original consortium partners), with additional technical assistance provided by Cooper Smith.
Annex 1 shows the Kuunika theory of change developed by the evaluation team in 2019 which incorporates the 2018 / 2019 project pivot. This version of theory of change updated the baseline theory of change and shows the priority activities / deliverables agreed at each system level This version of the theory of change shows that, by 2019, intended governance deliverables included: a) contributions to the National Standards Registry through Standard Operating Procedures (SOPs) and approval procedures and b) inclusion of data quality assessment tools within DHIS2.
The 2019 theory of change also included the evaluation team’s review of the activity pathways underpinning the theory of change These activity pathways indicated key outputs for successful
30
delivery of intended Kuunika outcomes would be the establishment of a Master Health Facility Registry and a Demographic Data Exchange (to support data sharing and patient mobility)
A further iteration of the Kuunika theory of change is under development for the final project evaluation. However, this Special Study will reference the 2019 theory of change (Annex 1) to track further evolutions in the project design, focusing, in particular on digital health governance themes in the final phase of implementation.
Figure 131 below shows a reconstructed timeline of key project milestones relevant to review of Kuunika contributions to digital health governance themes in Malawi since 2016
Figure 1: Key Kuunika milestones with implications for digital health governance
Figure 1 shows that in Phase 1 (2016 2018) there was a focus on formative research, with particular emphasis on opportunities to improve data use for decision making at all system levels. This, in turn, was accompanied by efforts to improve access to timely, quality data through roll out of EMRs, with the HIV programme as the use case.32
As indicated above, in Phase 2 there was a rationalisation and restructuring of the project, initially to refocus efforts on systems strengthening and accelerated delivery of key data products to support data use.
Around this time, CDC which was using PEPFAR resources to co fund BHT’s EMR activities, transferred its investment to the Elizabeth Glaser Paediatric AIDS Foundation (EGPAF) to ensure more timely reporting of age and sex disaggregated HIV data (a condition for PEPFAR fund releases). Also in 2019, Vital Wave conducted an assessment of EMRs in Malawi to inform the governments new National Digital Health Strategy. This highlighted wider issues of: fragmented EMR initiatives that limited holistic patient care; a disproportionate focus on HIV; variability of EMR data quality; lack of a coherent interoperability framework: lack of standard
31 Adapted from Kuunika’s timeline in: Cooper Smith. (2020). Kuunika: Data for Action Investment Overview, Successes, Lessons, and Thoughts for the Future.
32 Lighthouse Trust International. (2016). Grant Proposal Narrative for the Bill and Melinda Gates Foundation.
protocols for sharing patient records; ongoing issues of patchy use of EMRs; limited interconnectivity and intermittent power supplies across the country; and some fundamental concerns about sustainability and government ownership.33The convergence of these events had implications for Kuunika’s design focus on EMRs.34
A further significant milestone occurred at the end of Phase 2 when the GoM requested Kuunika to become the lead implementing partner for its new Digital Health Division this ongoing role includes support to some 26 staff in the Division. A key initial task area was technical assistance for development of the National Digital Health Strategy, 2020 2025. Although a robust Strategy was produced, the period 2019 2020 was associated with two national elections, leadership changes in MoH, and the outbreak of the COVID 19 pandemic all of which have had consequences for operationalising the Strategy.
Mott MacDonald conducted independent evaluations of the Kuunika Project in 2017 (baseline) and 2019 (midline).
The 2017 baseline evaluation report used a theory-based, mixed method approach to generate a baseline for the Kuunika design objectives relating to: core information technology (IT) infrastructure; strengthening and scaling up EMR systems; training, mentoring and incentivising target users; and - importantly for the purposes of this study - assisting in the establishment of MoH data governance structures and support use of quality for data driven decision making. The baseline evaluation confirmed the presence hybrid electronic and paper based systems for collection of HIV data, and highly fragmented and parallel systems for registering and providing HIV (and other primary health care services) at facility level It was noted that, at baseline, there were mixed stakeholder perceptions of HMIS data quality, and there was little use of electronic data for decision making at each system level. Key baseline findings relating to digital health governance are summarised in Box 1 below.
Box 1: Key baseline evaluation findings on digital health governance
• Data extraction: Both EMR and DHIS2 data were perceived to ‘funnel up’ data from facilities and districts to the national level; zonal health teams in particular felt cut out of data use loops.
• System time lags: There were concerns at national, zonal and district levels about the time lag between data collection and feeding into the DHIS2 system.
• Donor priorities: There was a widespread perception that donor interests and priorities had led to multiple vertical reporting systems including those relating to antiretroviral therapy (ART) and HIV services.
• Standard Operating Procedures: Knowledge of health data Standard Operating Procedures (SOPs) and guidelines appeared to be low at health facility level; there was little coherent supervision on the application of the SOPs and guidelines. There was also lack of clarity among district level respondents as to how the DHIS2 and EMRs would apply governance systems, instructions and guidance.
33 Vital Wave. (2019). Assessment of EMR Systems in Malawi: Initial Landscape Assessment. Prepared for the Ministry of Health, Republic of Malawi. February 2019.
34 We note these challenges are typical of EMR projects in low income settings (i.e. a disease / indicator focus, a donor lens, lack of harmonised Supplier procurement, lack of digital health curation and lack of interoperability infrastructure). See Jawhari, B et al. (2016). Benefits and challenges of EMR implementations in low resource settings: a state of the art review. BMC Med Inform Decis Mak 16, 116 (2016).
The midline evaluation found that by 2019 paper based data systems continued to predominate. The extent of use of an EMR to enter data had remained largely unchanged at just over one in three (38%) respondents with power and connectivity issues being a key factor in consistent EMR use There was some evidence of a stronger, more active‘data culture’ by 2019; however, the enabling environment for using data within the larger health system remained weak. Very few respondents at facility and district levels had knowledge of the key technology deliverables relating to Unique Identifiers, the Health Facility Registry and the Demographics Data Exchange (DDE). Key midline findings on progress relating to digital health governance are summarised in Box 2 below:
Box 2: Key midline evaluation findings on digital health governance
• Progress on governance objectives: Progress against Kuunika’s governance objectives remained unclear. At facility level, few respondents mentioned issues of data governance, data protection or institutional responsibilities for data safeguarding although there was some concern about potential breaches of data privacy in the use of EMRs, especially in busy facilities. At district level, some respondents requested more consultation with them on key performance indicators and clearer guidance from Kuunika on data governance themes. At national level, one respondent observed:
“Oversight [or its lack] and overall data governance are a big issue and a Kuunika weakness. Kuunika still hasn't got a clear, strong oversight structure to and from the MoH, and I just don't know what it is doing in terms of assuring data protection.” (National Senior Health Manager)
• Standard Operating Procedures: Although 10 SOPs had been drafted there was concern about the lack of stakeholder consultation in the drafting process, and the possible implications for SOP technical quality and relevance. For example, only one SOP on Data Access and Release made substantive reference to data governance and data confidentiality and was technically weak on issues of data sharing and requirements for informed patient consent. Similarly, the Guidelines on Privacy, Security and Service Continuity of HMIS in Malawi focused on ICT personnel only, and made little reference to the responsibilities of other stakeholders.
• Interoperability: The evaluators observed interoperability was as much an organisational and political challenge as a technical one largely because it required complex, detailed and continuous agreement and enforcement across multiple organisations in the health system. By 2019, there was little evidence of progress on the non technical aspects of the interoperability investment.
• Greater focus on data governance: The evaluators concluded that data governance remained a weak area in terms of Kuunika delivery and that, “data protection and governance [would] definitely require further attention, e.g. in terms of clear guidance and SOPs that speak to the importance of protecting what are both very personal and potentially commercially valuable data”.
Based on the findings from the baseline and midline evaluations, and a preliminary desk review for the endline evaluation, the evaluators have identified a number of topics for ‘deep dive’ special studies. The topics and the specific questions for enquiry have been agreed with BMGF, GoM and the Kuunika leadership. They are informed by the Kuunika team’s own progress review in December 202035 key points from this review are summarised in Figure 2 below.
Special Study 2 will focus on ‘Privacy, Data Sharing, and Intellectual Property the Regulatory and Policy Essentials for Kuunika’. The specific questions agreed for this study are summarised in Box 3 below. By addressing these specific questions, we will aim to address the study objectives of: a) surfacing the governance, regulatory and policy challenges / barriers to EMR based data integration and sharing in Malawi and b) identifying specific recommendations for GoM, BMGF and other global health donors
Box 3: Specific questions identified for Special Study 2
• Why has the important step of establishing a Demographic Data Exchange not yet been completed as a core technology deliverable?
• What role did implementation and aid effectiveness issues, such as project design, project management and donor co ordination play?
• How useful would intellectual property regulation, data privacy & global digital governance standards have been in creating a more propitious context?
• What are the lessons for future BMGF programmes?
Digital health in Malawi is part of a complex and dynamic governance ecosystem. Malawi’s Digital Health Strategy (2020 2025) aims to provide coherent strategic direction in an evolving digital health environment
Annex 2 shows our formative stakeholder mapping for Special Study 2. As shown in this mapping, there are multiple, overlapping government structures and satellite institutions that are involved in digital health, health information systems, health service delivery (including HIV services) at national and subnational levels. The EMR stakeholder landscape in Malawi is also complex and dynamic. Over the course of the Kuunika Project, there have been significant changes in government leadership and MoH institutional arrangements (following national elections in 2019 and 2020), changes in project leadership, as well as changes in the donor landscape.
Health services in Malawi are provided by public and private (for profit and not for profit) providers. The major not for profit provider is the Christian Health Association of Malawi (CHAM) which delivers almost 30% of all health services. Malawi’s health system is organised over four levels namely: community, primary, secondary and tertiary. Community, primary and secondary level care falls under district councils under the leadership of a District Health Officer (DHO) who reports to the District Commissioner (DC).
The Ministry of Health performs the central level functions of policy making, standards setting, quality assurance, strategic planning, resource mobilisation, technical support, monitoring and evaluation and international representation. The Ministry is organised around 14 directorates, with responsibility for HIV/AIDS services falling under the Directorate of Nutrition and HIV/AIDS. Five Zonal Quality Management Offices (QMOs) are an extension of the central level and provide technical support to districts.36
By 2020, the principal government institutions responsible for digital health governance in Malawi were the Ministry of Information, Communication and Technology (ICT) and the Ministry of Health. Table 1 below summarises the respective roles and responsibilities of these ministries and the relevant structures under them.
Role in digital health
The lead ministry on technology development and implementation. It has a decentralised structure, with staff seconded to support other ministries and government At MoH, the Ministry of ICT is represented by an ICT Section headed by a Deputy Director. At the district level, there is at least one Systems Analyst and Programmer at central hospitals and a Programmer stationed at each District Health Office.
The Ministry of ICT’s Department of e Governance leads on the development of ICT legislation, policies, strategies and standards for the government. It works closely with the MoH’s ICT Section and has particular responsibility for guiding digital health governance at MoH.
Provides strategic leadership on the delivery of quality health services for the population of Malawi this includes strategic leadership on digital health and health data governance. MoH Departments and Programmes have provided programmatic and subject matter leadership for the design and deployment of digital health solutions in Malawi.
● Directorate of Planning and Policy Development
Central Monitoring and Evaluation Division (CMED)
o CMED Technical Working Groups (TWG) and sub groups
Provide strategic direction through Short, Medium and Long term Plans for the health sector at National and Council level. It has particular responsibility for: health sector budget development and capital investment planning; coordination of donor funded programmes; and health sector monitoring and evaluation.
CMED sits under the DPPD and is responsible for monitoring and evaluation of progress in delivering health sector policies and strategies. It aims to generate high quality information for evidence based decision making, planning and management in the health sector. Its responsibilities extend to the Health Management Information System (HMIS) and data governance. CMED is the key department to provide data standards, SOPs and policy suggestions regarding M&E tasks and HIS development.
The M&E TWG is the key instrument of CMED to bring various government, non government and donor stakeholders together to align on different aspects of the M&E work. It oversees several sub TWGs including: the National Health Data Standard Sub TWG (covering data standards, architecture and security); the mHealth Sub TWG (covering mHealth coordination): and the Equity and Access Sub TWG (covering inclusion and universal health coverage themes).
Digital Health Division (DHD)
● Directorate of Quality Management (QMD)
● Directorate of Nutrition and HIV/AIDS
DHD is a new structure under CMED that provides strategic and operational guidance and technical leadership on digital health initiatives. It works hand in hand with the departments and programmes of MoH to ensure support alignment and integration of digital health interventions most recently this role included data aggregation and analytics for responding to the COVID 19 pandemic.
QMD was established under MoH in 2016 to provide strategic leadership and coordinate quality management and improvement initiatives across the health sector. From 2019 2020 it was the lead directorate for digital health governance and coordination; however, this role was transferred to DPPD in late 2020.
This directorate provides leadership, guidance and strategic direction for the implementation of the national response to nutrition disorders, HIV and AIDS in the country. The Department of HIV/AIDS under this directorate collaborates with the National HIV/AIDS Commission (NAC) under the Office of the President to support multisectoral implementation of the National HIV and AIDS policy and strategic plan.
The other directorates under the MoH cover: finance, human resources, clinical services, nursing and midwifery, preventive health, technical support services, health research, reproductive health and safe motherhood. They also include the National Public Health Institute of Malawi. Each of these directorates may be custodians or clients for particular components of the digital health system.
The primary custodian for digital health governance in MoH is now the Directorate of Planning and Policy (DPPD). This directorate works collaboratively with the cross cutting ICT Section.
Planning and decision making under DPPD depends on timely flows of data from across the health information system architecture to enable side by side comparison of information on health service delivery, drug and commodity consumption, finances and human resources 37 Mappings of the digital health architecture thus extend to: the District Health Information System 2 (DHIS2); the Laboratory Information Management System (LIMS); the Logistic Management Information System (LMIS); the Integrated Human Resource Information System (IHRIS); the Integrated Financial Management Information System (IFMIS)
Under the Ministry of ICT, the government has developed the eTransactions and Cyber Security Act (2016, the Access to Information Act (2017), the National ICT Policy (2013), and various standards and guidelines. In addition, the Ministry of ICT is implementing a flagship ICT Infrastructure improvement project known as ‘Digital Malawi’ Table 2 below provides an overview of the key government policies and strategies most relevant to digital health in Malawi.
37 See Annex 4 for a 2019 MEASURE Evaluation review of the strength of the Malawi HIS as a source of HIV data.
Description
eTransactions and Cyber Security Act (2016)
Access to Information Act (2017)
National ICT Policy (2013)
Provides a framework for digital transactions and for the investigation, collection and use of electronic evidence. Part IV of the Act covers data protection and privacy. The Act makes provision for criminalising offences related to computer systems and information communication technologies. Responsibility for implementation of the Act lies with the Malawi Communications Regulatory Authority (MACRA).
Provides for access to information that is in the custody of public bodies and private bodies. It also describes the compliance with access to information obligations of information holders. The Malawi Human Rights Commission is designated as the oversight institution for implementation of the Act provided by the Bill.
Aims to support the national goal of wealth creation and reduction of poverty through sustainable economic growth and infrastructure development. Policy should be operationalised through the National ICT Master Plan and the ICT Standards & Guidelines.
Malawi National Registration Act (2009)
Data Protection and Privacy Bill (2021)
Legislation covering records of births, deaths, and marriages at the village, traditional authority, district, and national levels. Also establishes a registry of everyone in Malawi who is 16 years or older and is a Malawian citizen or has a permanent residence permit, a temporary employment permit, or a business residence permit
This Bill seeks to provide a comprehensive legislative framework for the protection and security of personal data, consolidate data protection provisions currently found in various Acts of Parliament, and protect the privacy of individuals Recent concerns raised about the Bill include: unclear definitions regarding legitimate data access and cross border data transfers; the autonomy / enforcement capacity of regulatory authorities such as MACRA, and implications for the National Registration & Identification System.
Health Sector Strategic Plan (HSSP) II, 2017 2022: Towards Universal Health Coverage
National Health Information Systems Policy (2015)
Monitoring, Evaluation and Health Information Systems Strategy (MEHIS), 2017 2022
HSSP II contributes to the national development strategy under the Malawi Growth and Development Strategy (MGDS III). HSSP II is supported by policies and governance tools, and is complemented by the national Community Health Strategy which focuses on improving service delivery at the community level.
Guiding policy for the effective and efficient management of health information systems in Malawi.
This Strategy aims to support a sustainable, integrated national health information system capable of generating and managing quality health information for evidence based decision making by all stakeholders at all levels of the health system. The Strategy focuses on two objectives relating to monitoring of HSSP II delivery and improved capacity for data use in decision making.
National Digital Health Strategy, 20202025
This Strategy is the successor to the Malawi eHealth Strategy (2011 2016). It aims to improve the delivery of health services by providing digital health solutions that are harmonised, sustainable, reliable, interoperable, secure and comply with standards to increase efficiency and enable provision of quality services at the point of service. The Strategy focuses on six main objectives relating to: reliable ICT infrastructure; sector capacity for using digital technology to improve service delivery; health data security; improved system interoperability; and improved sharing and accessibility of data across information systems.
Kuunika’s support to the Digital Health Division since 2019 is reflected in the National Digital Health Strategy. This Strategy is well aligned to HSSP II, with a focus on universal health coverage (UHC). The National Digital Health Strategy explicitly aims to support the harmonisation of investments in digital health for improved efficiency and effectiveness. It also adopts a ‘human centred’ approach with a primary focus on the needs of service providers and adoption of the global principles for digital development 38
The National Digital Health Strategy is also referenced in Malawi’s new five year Digital Economy Strategy (2021 2026). This Strategy sets new targets for the digital economy and creation of a strong digital ecosystem. Under this strategic framework, the World Bank and other development partners are supporting the GoM with a number of digital initiatives. This has included assistance for a nationwide smart, biometric identity system the National Registration and Identification System (NRIS) 39 Over 9.1 million Malawian citizens have now been issued with a new biometric identification card.40 The GoM is now aiming to establish secure links between the NRIS with other identity registers to improve citizens’ access to relevant services. The intention is to link: birth registration; the voter registry, the Malawi Business Registration database; the Universal Beneficiary Register (UBR) covering social protection, and health (EMR) registries 41 The World Bank has recently highlighted the need for such initiatives to be supported by a highly robust legal and regulatory framework on data privacy, data protection, data sharing and data safeguarding.42,43We note it is likely that key areas of Malawi’s national legislation (e.g. the Access to Information Act and the National Registration Act) would need to be updated to protect health data if these system advances proceed (see Figure 5 )
Malawi’s Ministry of ICT has defined a set of ICT standards to be used in deployment and use of all ICT products. In addition, MoH has adopted various standards to support the implementation and use of health information systems. These standards are reflected in the National Health Indicators Handbook, the Master Health Facility Registry and the Terminology Registry. MoH also requires adherence to a set of software standards (e.g. HL7, FHIR, SOAP etc)
In addition, steps have been taken towards a set of Standard Operating Procedures and Guidelines to support implementation of digital health solutions (see Annex 5 for a summary of the status of these SOPs) MoH is also seeking to standardise data collection and reporting tools (e.g. a new set of revised selected registers was released in 2018, and CMED is finalising definition of diagnosis coding for reporting purposes)
With regards interoperability, MoH is now following a standards based approach with the development of key interoperability components based on an Open Health Information Exchange (OpenHIE) framework. Within the Digital Health Division, the Kuunika team is reported to have been playing an important role in developing the Interoperability Layer (including development of the Terminology Registry which comprises definitions for both disease diagnosis and treatment).
38 Principles of Digital Development. Retrieved from: https://digitalprinciples.org/
39 This initiative started in 2017.
40 World Bank. (2021). Malawi Economic Monitor: Investing in Digital Transformation. June 2021
41 See also: GSM Association. (2019). Digital Identity Country Report: Malawi, London: GSMA
42 World Bank. (2021). World Development Report 2021: Data for Better Lives. Washington, DC: World Bank.
43 World Bank. (2020). Digital Regulation Handbook: Geneva: International Telecommunication Union and the World Bank.
This chapter summarises common standards and approaches used to address digital health governance in LMICs. We include standard definitions, country case studies and approaches used for appraisal of digital health systems and practice. We will use these global standards for benchmarking in the Findings section of this report.
Digital health is recognised by the World Health Organization (WHO) as a key building block for universal health coverage and the health related Sustainable Development Goals. However, WHO also acknowledges that, as countries implement a range of digital health solutions (such as, digital disease surveillance systems, electronic medical records, and social health insurance payment processes), there is a need for robust governance oversight.
WHO defines digital health governance as: directing and coordinating digital health systems development, achieving consensus on policy, protecting individuals and groups and assuring oversight and accountability in the various aspects relating to use of information and communication technologies to promote health for all.44 WHO puts effective leadership at the heart of this governance concept, with a focus on ensuring a strategic and investment framework, infrastructure and systems oversight, legislative compliance and workforce development.45
In its Global Strategy on Digital Health, 2020 2025, WHO emphasises the importance of an integrated approach that situates digital health within the wider public and private health system. This means giving due attention to the “digital determinants of health” by creating an enabling environment with sufficient resources for digital transformation and human capacity development, while ensuring new initiatives consider legacy infrastructure, technology ownership, privacy, security, and adapting and implementing global standards and technology flows.46 Central to this approach is the concept of human-centred design This means
44 Retrieved from: https://www.who.int/ehealth/governance/en
45 World Health Organization (WHO) and International Telecommunication Union. (2012). National eHealth Strategy Toolkit. Geneva: WHO/ITU.
46 WHO. (2020). Global Strategy on Digital Health, 2020 2025. Available at: https://www.who.int/docs/default source/documents/gs4dhdaa2a9f352b0445bafbc79ca799dce4d.pdf
developing technology solutions with accountability structures, cultural contexts, available resources, and implementation capabilities of key users in mind.47
There is also recognition that digital initiatives can themselves become vehicles for enhancing good governance, inclusion, voice and accountability, and thereby contribute to human and social capital. For example, responding to a growing gender gap in internet access and online participation,48 the Mozambique development finance institution, GAPI, is lowering barriers to women’s mobile access by providing offline Internet browsing, rent to own options, and tailored training in micro entrepreneurship.49 However, it is also acknowledged that use of technology to enhance democratic dialogue can be associated with risks and dangers and these, too, need to be mitigated through united leadership and stakeholder engagement (Case Study 1) 50
The nine Principles for Digital Development (PDD) aim to provide common standards for integrating best practices into ICT initiatives for international development programmes. They have been endorsed by over 200 organisations51 - including BMGF and several non-state actors in the Kuunika landscape. Since 2016, stewardship for Principles of Digital Development has resided with the United Nations Foundation's Digital Impact Alliance. The nine principles can be summarised as: design with user; understand the existing ecosystem; design for scale; build for sustainability; be data driven; use open standards, open source and open innovation; reuse and improve; address privacy and security; and be collaborative.52Each of these principles is associated with a number of core tenets that have governance and / or policy implications (see example below).
47 WHO. (2020). Young people and digital health interventions: working together to design better. Available at: https://www.who.int/news/item/29 10 2020 young people and digital health interventions working together to design better
48 EQUALS Global Partnership. (2019). EQUALS Research Group: Taking Stock: Data and Evidence on Gender Equality in Digital Access, Skills and Leadership”. Available at: https://www.itu.int/en/action/gender equality/Documents/EQUALS%20Research%20Report%202019.pdf
49 USAID. (2020). Digital Strategy, 2020 2024. Retrieved from: https://www.usaid.gov/usaid digital strategy
50 Case Study 1 sourced from USAID. (2020). Ibid.
51 See: https://digitalprinciples.org/endorse/endorsers/
52 Principles of Digital Development. Retrieved from: https://digitalprinciples.org/
Principle Key tenets
Use Open Standards, Open Data, Open Source, and Open Innovation
• Adopt and expand on existing open standards to enable sharing of data across tools and systems.
• Share non sensitive data after ensuring that data privacy needs are addressed
• Use existing open platforms where possible to help to automate data sharing; build in flexibility to adapt to future needs.
• Invest in software as a public good.
• Develop new software code to be open source, which anyone can view, copy, modify and share, and distribute the code in public repositories.
Example of policy application
An open approach to digital development can help to increase collaboration and avoid duplication of effort
• Enable innovation by sharing freely without restrictions, collaborating widely and co creating tools.
This principle extends to open data access. Since January 2021, the Bill & Melinda Gates Foundation has adopted an Open Access Policy that enables the unrestricted access and reuse of all peer reviewed published research funded, in whole or in part, by the Foundation, including any underlying data sets. See: Open Access Policy | Bill & Melinda Gates Foundation Bill & Melinda Gates Foundation
The Principle of Digital Development on addressing privacy and security has particular relevance for Special Study. The key tenets of this principle are summarised in the figure below.
Principle Key tenets Example of policy application
Addressing privacy and security
• Define data ownership, sovereignty and access before any data are collected or captured.
• Keep the best interests of end users and individuals whose data are collected at the forefront of planning especially for those who have not had a say in how their data will be used
Addressing privacy and security involves careful consideration of which data are collected and how data are acquired, used, stored and shared.
• Perform a risk benefit analysis of the data being processed that identifies who benefits and who is at risk. Assess the risks of unauthorised access or leakage of any stored data.
• Minimise the collection of personal identifiable information Agree a timeframe for destruction of unnecessary data. Be transparent, obtain consent and explain how data will be protected to all those providing data
• Protect data by adopting best practices for securing and restricting access to data.
Malawi does not have a comprehensive data protection law, but the Electronic Transactions and Cybersecurity Act No. 33 of 2016 replicates some provisions seen in data protection laws. Under the Act individuals have the right to: obtain all of their personal data in an understandable form; oppose, for legitimate reasons, the processing of their personal data concerning them; rectify or erase erroneous or outdated personal data concerning them. There is no data protection regulator in Malawi but the Communications Regulatory Authority is responsible for implementation of the Act and can impose penalties. There are no data transfer restrictions in Malawi, and no data breach notification protocols stipulated in Malawian law. See https://dataprotection.africa/wp content/uploads/2020/03/Malawi Factsheet updated 20200331.pdf
Under this PDD, it is emphasised that securing data and devices are paramount for protecting user privacy and ensuring organisational data is not compromised. Accordingly, national and international regulations for data security and privacy particularly around health infrastructure and personally identifiable information are an increasingly important consideration for many
organisations. These regulations include the African Union Convention on Cyber Security and Personal Data Protection, the European Union General Data Protection Regulation and the Asia-Pacific Economic Cooperation Privacy Framework.
Under the PDD on privacy and security, particular attention is given to the theme of cloud computing and hosting services that stores and processes end user data while providing data management services over the internet. Cloud storage can reduce the financial and human resources needed within organisations to back up data and maintain server access. While these networks can pose significant challenges for front end security in the cloud computing environment, there can be opportunities to standardise, replicate and deploy robust data security processes across networks and the benefit from the extensive security frameworks that reputable cloud service providers implement. Unlike typical user organisations, third party cloud services employ thousands of security workers and enforce security safeguards that are sophisticated and well resourced.
PDD guidance on protecting sensitive data in the cloud recommends that users need to apply stringent front end technical, administrative and physical security assessments and safeguards. Assessments include Privacy Impact Assessments (PIA) and Threat Risk Assessments. Safeguards include: aligned organisational data security policies; network risk management strategies; regular user and provider compliance audits; and compliance with best practice on managing and protecting highly sensitive and private data.53Notably, countries such as Malawi and Kenya recognise the challenges of guaranteeing these safeguards, so have opted to expand server and hosting capacity in country especially with respect to personal health data.
The World Bank’s World Development Report 202154 gives particular attention to the challenge of optimising the benefits of digital technology, while protecting data privacy and systems security. The report emphasises that responding to the challenge of ‘digital safety’ requires national and international collaboration across infrastructure policies, laws and regulation, sectoral policies and institutions (Figure 6).55
This milestone World Development Report suggests that an effective data regulatory framework requires an appropriate balance of enablers (e.g. public and private intent data and e transactions) and safeguards (e.g. for personal and non personal data, cross border data flows, and cybersecurity/ cybercrime). It notes that around the world just 40% of recommended digital safeguards are in place with Malawi ranking in the lower third, along with most of sub Saharan Africa.
The World Development Report observes that, globally and regionally, there has been uneven progress in regulatory frameworks for personal data protection. There are also glaring gaps in regulatory requirements for cybersecurity, while little attention has been paid to regulatory regimes for private intent data and cross border data flows. It is important to note, however, that comprehensive data protection has multiple components and a coherent approach, even at national levels (Figure 7).56 This, in turn, requires high levels of technical and political collaboration within and across sectors, and balancing of multiple stakeholder agendas on data use, privacy and security and transparency and accountability.57
54 World Bank. (2021). World Development Report 2021: Data for Better Lives. Washington, DC: World Bank.
55 Source: World Bank. (2021). Ibid.
56 Adapted from: What is Data Privacy? Available at: https://www.snia.org/education/what is data privacy
57 USAID. (2020). Digital Strategy, 2020 2024. Retrieved from: https://www.usaid.gov/usaid digital strategy
An expert review of digital health practice58 identified three general models of governance arrangements found globally. These include:
● MODEL 1: Health Ministry Mechanism: The MoH drives digital health and mobilises technical capacity and skills from other ministries, agencies, firms and organisations to deploy digital health systems e.g. Rwanda, South Africa, the Philippines
● MODEL 2: Government-wide Digital Agency Mechanism: the MoH drives digital health, but is a client to a government wide technology agency/ministry that provide significant ICT infrastructure and capacity e.g. Malaysia and Estonia
● MODEL 3: Dedicated Digital Health Agency Mechanism: The MoH Leads on the health strategy, while a designated third party agency or directorate drives digital health strategy and implementation through its own technical capacity and resources e.g. Mali, Norway.
This review noted that governance arrangements for digital health evolve within the wider historical and institutional systems landscape. Some countries may be a hybrid of more than one model (e.g. Malawi shows elements of Model 1 and 2). While there are strengths, opportunities and limitations associated with each model, the review concluded there are three common factors in success. These are: i) sustained senior government leadership and committed long-term financing (covering ongoing support and improvement, as well as implementation); ii) effective governance mechanisms that engage stakeholders with clearly defined roles; and iii) a national ICT framework that facilitates alignment between health and ICT sectors to promote connectivity and interoperability, establish common standards and harmonise digital health policies and regulations.
WHO’s Global Strategy on Digital Health59 emphasises that effective digital governance requires a commitment to working with different sectors and stakeholders at all levels. This can include multilateral and bilateral donors and international development partners, especially in LMICs. Many donors and international development partners now have their own digital strategies for development assistance 60 Many refer to their endorsement of the PDD,61including the tenets of ecosystem working and collaboration 62There is also common reference to the principles of aid
58
2017.pdf
59 WHO. (2020). Ibid.
60 See, for example, the digital / digital health strategies of USAID, UK Aid, WHO.
61 See list of PDD endorsers at: Endorsers | Principles for Digital Development (digitalprinciples.org)
62 See links under: https://digitalprinciples.org/principles/
effectiveness (Box 4) and development cooperation to promote the Sustainable Development Goals 63
For this study, we will be assessing the involvement of international development partners against the concept of aid effectiveness. Since 2002 there has been a global movement in the name of aid effectiveness to tackle issues such as aid fragmentation, duplication of effort, unpredictability and tying of aid budgets. Since 2002, the UN has convened four high level global forums on aid effectiveness. The principles set out in the 2005 Paris Declaration on aid effectiveness became the foundation for subsequent global dialogue. These refer to the need for development assistance to be based on: country ownership; alignment and harmonisation to country policies and procedures; management for results; and the mutual accountability of all parties.
More recently the movement has become part of the Global Partnership for Effective Development Co operation to ensure international development partners and countries maintain a focus on the Sustainable Development Goals.
International donors and development partners can offer LMICs significant financial resources, technical know-how and innovative technology solutions. However, successive studies have shown they can also perpetuate short term projects and “pilotitis”, along with information system fragmentation.64 This, in turn, raises fundamental questions relating to data sovereignty, ownership and intent 65Experience from Data Use Partnership and enterprise architecture approaches confirms the importance of strong government and agency leadership based on a shared vision and systems thinking. 66,67
There are now a number of toolkits available for assessing maturity of digital health systems to plan for investment, and track and maintain progress over successive strategic cycles For example, the Digital Square68 Navigator offers six maturity model based tools 69 These are: i) Early Stage Digital Health Investment Tool; ii) Global Digital Health Index; iii) Health Information Systems Interoperability Maturity Toolkit; iv) Information Systems for Health Toolkit; v) Survey, Count, Optimize, Review, Enable Essential Interventions; vi) Health Information System Stages of Continuous Improvement Toolkit. Several of these toolkits emphasise the importance of sound digital health governance and provide useful tools and templates for assessing the maturity of the policy, institutional and stakeholder landscape, the digital ecosystem, the resource environment, and the data privacy and security context.70
63 GSMA. (2020). 2020 Mobile Industry SDG Impact Report. Available at: https://www.gsma.com/betterfuture/2020sdgimpactreport/sdg 3 good health and well being/
64 Neumark T & Prince R J. (2021). “Digital Health in East Africa: Innovation, Experimentation and the Market.” Global Policy (2021) 12:Suppl.6. Available at: https://onlinelibrary.wiley.com/doi/epdf/10.1111/1758 5899.12990
65 Cooper A. et al. (2016). Africa’s Health Challenges: Sovereignty, Mobility of People and Healthcare Governance. London: Routledge.
66 PATH. (2016). Data Use Partnership: The Journey to Better Data for Better Health in Tanzania. Available at: Data Use Partnership: The Journey to Better Data for Better Health in Tanzania | PATH
67Jonnagaddala J. et al. (2020). “Adoption of enterprise architecture for healthcare in AeHIN member countries”. BMJ Health Care Inform 2020;27. Available at: https://informatics.bmj.com/content/bmjhci/27/1/e100136.full.pdf
68 The OpenHIE framework that underpins Kuunika’s digital health approach is a Digital Square initiative: https://applications.digitalsquare.io/content/advancing instant openhie
69 See: https://wiki.digitalsquare.io/index.php/Navigator_for_Digital_Health_Capability_Models. The Navigator was developed by the University of North Carolina at Chapel Hill and Digital Square, with funding and technical advisory support from the United States Agency for International Development (USAID). UNICEF’s Digital Health Center of Excellence (DICE) and Digital Public Goods Alliance, and WHO’s “digital health clearing house” are closely related developments. CDC is also taking a strong interest in “global goods”.
70 Some experts consulted criticised some of the tools for being subjectively scored and not peer reviewed for accuracy.
Of note is the Global Digital Health Index (GDHI). This is an interactive digital health tool and maturity model that enables countries to track, monitor, and evaluate the use of digital technology for health within and across countries GDHI is the result of a multi-partner initiative that builds on the WHO/ITU eHealth Strategy Toolkit and the Principles for Digital Development The seven GDHI indicators include a specific indicator on ‘Leadership and Governance’ this indicator reflects whether digital health has been prioritised at the national level through dedicated governance bodies/mechanisms and planning processes. There is also an indicator on ‘Legislation, Policy and Compliance’ which to assess whether there are laws and regulations in place covering data protection (security), privacy, certification of digital health devices and services and cross border data sharing. In addition, an indicator on ‘Standards and Interoperability’ reflects whether there is a national digital health architecture and/ or information exchange, along with health information standards.
GDHI’s report ‘State of Digital Health 2019’71 presents assessment findings from 22 countries across the world, with Africa represented by six countries (Benin, Ethiopia, Mali, Nigeria, Sierra Leone and Uganda). The case study below summarises the GDHI assessment for Uganda.
Uganda’s scores appear typical of the other countries in Africa. However, it is notable that across the sample of 22 countries, nearly all were doing relatively well on Leadership and Governance in terms of prioritising digital health planning. Most countries now have some laws on data security and privacy, confidentiality, and access to health information, although they are at different stages of implementation, while protocols for regulating and certifying digital health devices and services, as well as cross border data security and sharing are lacking. Almost half of the countries assessed do not have national digital health (eHealth) architectural framework and/or health information exchange (HIE) established; however, most countries are now implementing data standards.
71 Global Digital Health Index. (2019). The State of Digital Health 2019. Available at https://www.digitalhealthindex.org/stateofdigitalhealth19
This chapter describes the methodology used for this Special Study. In this chapter, we describe our data collection methods, analytical framework and efforts made to mitigate methodological limitations.
As indicated in previous sections, this study aims to surface the governance, regulatory and policy challenges / barriers to EMR based data integration and sharing in Malawi and generate recommendations for key stakeholders by focusing on four specific questions relating to: factors preventing delivery of the Demographic Data Exchange; implementation and aid effectiveness issues; the wider regulatory and governance context; and lessons learnt.
These retrospective and contextual enquiries required a qualitative study based on triangulation of the following methods:
● Document review to establish Kuunika project history over the course of design and implementation.
● Wider literature review to create a set of short comparative case studies from secondary sources to establish the current status of international legal and advisory conventions and standards for creating and sharing digital personal health data (especially in LMICs).
● Key informant interviews to (i) supplement the project document review and (ii) elicit lessons and recommendations.
Participants in the study were drawn from national and international health sector actors and commentators. These included: Kuunika Project staff; MoH and other GoM officials; and International Development Partners.
Selection of study participants began with purposive sampling amongst the categories. Some convenience (i.e. dependent on availability and accessibility of the interviewee) and ‘snowballing’ sampling was also employed. The target sample size was 40 key informants. In practice, there was very slow take up of invitations over the timeframes of the study, despite repeated follow ups. Consequently, it was only possible to conduct eight interviews (Annex 6). However, these interviews proved rich and informative and triangulated well with the findings from the extensive desk review and a group discussion with the Kuunika team.
Key informant interviews were conducted using a semi structured topic guide developed following the project document and literature reviews. Interviews were not recorded to encourage full and frank responses. Due to COVID 19 travel restrictions, interviews were conducted remotely using Teams or Zoom platforms
The review of project documents and the literature base was conducted using a standardised rapid literature review template developed for the purpose. Secondary data was sourced from:
● Kuunika project files, supplied by Project and BMGF Staff
● Mott MacDonald Kuunika evaluation document archive
● Internet searches and KII recommendations of publicly available material
● Grey literature provided by KII participants
Interview notes were recorded by the interviewer using a coded notes template. The notes were then transferred to an Excel spreadsheet matrix organised around key study themes. This allowed a simple thematic analysis, as well as a searchable record during writing up. Original notes were archived so they could be revisited if more detailed records were needed. All respondents were assured of confidentiality. In keeping with the study consent form, no respondent was cited or quoted without prior permission.
Interview records were stored on a Mott MacDonald SharePoint site, and were managed in line with Mott MacDonald/ Microsoft Teams data privacy and protection protocols. The Mott MacDonald SharePoint site was only accessible to named project management staff and permitted viewers.
In keeping with Mott MacDonald procedures, a Data Protection Impact Assessment72will be completed before contract closure to ensure compliance with Mott MacDonald’s Privacy and Data Protection Group Policy Statement73 and the Group’s General Data Protection Regulation (GDPR) Framework guidance. 74
Analysis of documentary and interview data was continuous and iterative. Based on the study questions, review of the literature base and standard approaches to digital health governance, we developed a thematically based analytical framework using Microsoft Excel worksheets and Word template. The interview guide and notes template for the KIIs was designed and coded on the basis of both.
As interviews are conducted and new evidence became available, the thematic framework was filled out with active triangulation and evidence comparisons. Additional columns were added for team reflections, and lessons / recommendations elicited.
The overarching analysis plan for this study is shown in Table 3 below.
1. Formative / inception phase
Rapid review of all secondary literature by document type and theme
Mapping of the project design, timeline and transitions showing implementation story Mapping of relevant stakeholders, relevant policies, regulations, agreements etc to be considered
Rapid review of catalogued secondary literature 2 expert interviews
Excel book: annotated bibliography
Annotated timeline Stakeholder mapping Tabulations of the policy, regulatory and institutional context
Coded data collection toolkit Excel templates for capture of KII and secondary data by theme (coded)
2. Data collection phase
Continuous iterative analysis to adjust data collection tools and analysis templates as lines of enquiry emerged
Document and literature review KII
Populated data analysis templates
Archive of KII topic guides
Documented literature on global digital health standards and case studies
3. Main data analysis phase
Review of completed data analysis templates (Excel matrices aligning analysis theme to data source)
For each study question, evidence synthesis and triangulation, identification of constraints and success factors and benchmarking against global standards
Completed data analysis templates from document / literature review and KII
Excel findings sheet and Word tables based on evidence synthesis from data analysis templates)
Factor analysis and benchmarking against global standards Draft study report
4. Feedback/ verification phase
Preliminary findings and recommendations reviewed by key stakeholders to confirm factual accuracy, relevance and interpretation of study findings
Draft study report
Revisions to produce final study report
Table 4 below summarises the key limitations to the study methodology and the mitigating actions taken
Limitation Impact Mitigating action
Some key informants were unavailable Incomplete findings; small sample size limited information power
• All participants were asked to propose additional interviewees.
• Schedule extended to include more interviews
• Interviews were complemented by reviews of available project literature and evaluation survey evidence.
• Provision made for a group interview with the Kuunika team
• Desk review extended and evidence triangulation intensified to confirm and test validity of findings
Events explored in interviews proved sensitive
Interviewees limit or moderate their responses
• Interviews were handled sensitively, with issues depersonalised
• No recordings were made and respondents were assured of confidentiality / anonymity.
A standard consent statement was prepared and shared with all key informants. The consent statement explained the background and purpose of the study and how findings would be used. All key informants were: a) assured of confidentiality and anonymity (unless formally agreed otherwise); b) informed they were under no obligation to answer any question that made them feel uncomfortable; and c) informed they were free to terminate the interview at any time.
No respondents under 18 years old or in any way infirm were interviewed as key informants. As far as possible, interviews took place in workplace or populated environments for safeguarding purposes.
As indicated above, all interview notes and evidence documents were securely stored in line with GDPR requirements and Mott MacDonald’s data privacy and protection protocols.
The study design and methodology was subject to ethical approval by GoM authorities.
In this section the findings for Special Study 2 are presented systematically against each of the main study questions. Lessons learnt will be summarised in the next chapter
6.1.1
This section combines findings from our review of programme records and documents, with information from key informants mostly Implementing Partners who had some involvement with this specific component. The findings below are based on a synthesis and triangulation of evidence. Overall, there was strong consistency across evidence sources; however, we have also tried to reflect a range of perspectives on the factors influencing outcomes.
In Malawi, a health passport is used to access health services. The health passport is also used to record all diagnoses and treatments/interventions given. Our desk review confirmed that, at facilities with access to an electronic medical record, health passports may be labelled with a unique identification code (UIC) and associated barcode.
In the field of HIV, key populations75often move across borders, along the line of rail and between points of service. UICs can help authorised service providers protect anonymity, while providing access to longitudinal records over subsequent visits, and avoiding record duplication. UICs are also valuable to programmes for analytics on the HIV cascade of care 76In Malawi, UICs are also being extended to other services (and EMR modules), such as ANC and OPD registration, to further the anonymity of HIV clients at designated points of care.
Box
77
UICs can perform the following functions for key population members, programme implementers, and M&E specialists:
• Create a confidential service recognition system that uniquely identifies individuals without disclosing personal information
• Improve health information management for highly migratory populations
• Improve assessment of mobility of key populations through outreach services and health facilities
• Avoid duplication in the counting of key populations attending services
• Identify new individuals engaging with prevention through treatment services
• Conduct analysis of the HIV cascades through continuum of care indicator data
• Help facilities follow up with patients who have missed referrals, are lost to follow up, or who lack treatment adherence
As shown in Figure 8 below (from Kuunika’s 2016 proposal), 78 the Kuunika team saw the DDE as one element of a system architecture that would optimise the functioning of EMRs. Using the system of UICs, the DDE would prevent duplication of records when patients moved between health facilities.
75 Key populations can include sex workers, drug users, men who have sex with men.
76 USAID et al. (2016). Unique Identifier Codes: Guidelines for Use with Key Populations.
77 Ibid
78Lighthouse Trust International. (2016). Grant Proposal Narrative for the Bill and Melinda Gates Foundation.
In the 2016 proposal, the Kuunika team described the scale up of the DDE to target districts as a key project activity under the leadership of BHT. The DDE had already been piloted by BHT (using CDC funding) in three facilities to identify inputs and processes needed. The proposed scale up would allow health sector partners using different types of EMRs to connect to the DDE and request UIC for HIV clients. BHT would also undertake a number of component activities to establish the DDE platform and ensure its functionality within the wider system.
More recently, Kuunika project documents have captured a clearer articulation of the shared ambition to progress from EMRs to a system based on secure shared Electronic Health Records (EHR) This ambition is also reflected in the National Digital Health Strategy, 2020 2025 Figure 9 below shows Kuunika’s vision for this progression within the wider digital health architecture 79 Figure 9 also shows the implementation progress made by December 2020 using a ‘building blocks’ approach to developing the digital health architecture (see Annex 3 for Cooper Smith’s summary of progress in terms of building blocks).
As shown in Figure 9, EMRs are now expected to form one ‘point of service’ for health data entry into an integrated digital health system. Under this vision, data from points of service would be interlinked via an Interoperability Layer to registry services and other key national databases, including DHIS2. Within this vision, the DDE would be replaced by a secure Client Registry 80
79 This diagram is sourced from the Cooper Smith presentation, Kuunika: Data for Action Investment Overview, Successes, Lessons, and Thoughts for the Future (December 2020). Supporting text suggests that, for the foreseeable future, the main points of service for roll out will continue to prioritise the HIV use case.
80 Client Registries usually require establishment of a Master Patient Index see, for example, https://www.ihs.gov/hie/masterpatientindex/
Notably, our desk review highlights some concerns about EHRs, not least because of the increased risk of cybersecurity threats and breaches of data privacy in immature system settings see Figure 10 below 81 In keeping with these concerns, the National Digital Health Strategy, 2020 2025 acknowledges the transition to EHRs needs to be gradual and go hand in hand with advances in governance, regulations, data/technology standards and system interoperability.82
81 Derived from Menachemi, N. & Collum, T. H. (2011). Benefits and drawbacks of electronic health record systems. Risk management and healthcare policy, 4, 47 55. Also based on inputs from expert consultations.
82 Vital Wave’s Gap Analysis for Malawi’s Data Use Partnership also emphasises the need to support this digital health initiative with a distinct Sustainability Plan and improved governance measures, such as better coordination among/within ministries; and a focus on development of common standards for interfacing of data systems.
As described in Chapter 2, implementation progress in the first phase of the Kuunika Project was slow. 2019 saw the reconfiguration of the consortium, with the core membership reduced to LIN, with TA support provided by Cooper/Smith. CDC transferred its EMR investment to EGPAF to ensure timely access to sex and age disaggregated HIV data for performance reporting to PEPFAR.
The country based key informants interviewed for this study (Annex 6) referred to these events to explain Kuunika’s apparent lack of progress in establishing the DDE component in accordance with its 2016 proposal They also emphasised the dynamic and shifting ecosystem in which the Kuunika Project has been implemented. The following points were made:
● Loss of BHT: Although some BHT technical staff were sub contracted as consultants to Kuunika post 2019, the loss of BHT within the consortium (and its subsequent disbanding) meant technical knowledge and experience were lost. The task areas for which BHT was the lead implementing partner (such as the DDE) were deprioritised at least in terms of Kuunika’s original plan of work. However, as explained below some BHT technical staff have progressed this task area under EGPAF.
● Donor sensitivities: There was an additional stalling of progress because CDC believed Kuunika’s initiative to scale up EMRs and the DDE component effectively “hi jacked” the work they had been funding through BHT and there was insufficient acknowledgment of CDC’s contribution Some observers suggested this perception was fuelled by the implicit criticism of earlier, rather fragmented EMR initiatives in the 2019 Vital Wave review83 (see Chapter 2).
● EGPAF’s role: Since 2019, PEPFAR / CDC have transferred their investment in EMRs in Malawi to EGPAF EGPAF’s work in this area extends to some DDE functionality LIN acts as a subcontractor to EGPAF in the northern region. Key features of EGPAF’s recent EMR related activities are as follows:
Since 2020, EGPAF has deployed EMRs across 726 ART clinics This includes 520 sites that use a basic eMaster Card system and 206 sites that use a more advanced Point of Care (POC) EMR system. In moving to scale, EGPAF has built on existing systems, including the BHT system (although loss of data from the BHT server during the transition has slowed progress).
EGPAF has extended DDE functionality to a proxy server, usually at district hospital level where connectivity is generally more reliable. This supports a local client registry and is expected to become operational from October 2021. There have been discussions with Kuunika, government and other key stakeholders about scaling up this DDE platform to support a national client registry, EGPAF has been reluctant because this step would have implications for its own agreements with the Department of HIV and AIDS, and contractual obligations.84
EGPAF is now supporting the development of a central data repository or “Data Lake” for the MoH Department of HIV and AIDS. This system aggregates and manages data to allow MoH and key stakeholders to access data visualisations and dashboards for decision making.
EGPAF is assisting the National Registration Bureau with the development and deployment of the electronic system that supports birth and death registration. As of
83
84
Wave.
2021, the Civil Registration and Vital Statistics Systems (CRVS) is deployed in 28 district registration offices, 28 district hospitals, and three central hospitals.
● Earlier consultations with the Department of HIV and AIDS had already limited information exchanges via the DDE to demographic data to protect the anonymity of HIV patients and ensure confidential service delivery.
● The changing role of Kuunika: Since 2019, Kuunika has shifted its focus to digital health governance activities through its support to the Digital Health Division (most recently under MoH’s Policy and Planning Directorate). Here the emphasis has been on strengthening the Division’s operational capabilities and strategic focus (most notably through development of the National Digital Health Strategy) and, more recently, in establishing interoperable platforms for COVID 19 analytics. Kuunika’s new role at the governance level (and its Phase 3 pivot) means its primary focus is now on a coordinated approach to building a sustainable digital health systems architecture. For example:
Kuunika is currently conducting a mapping exercise to identify custodians and clients of each system component to allow better definition of roles and responsibilities and more rationalised engagement of key stakeholders.
Kuunika has led on the development of a generic API for linking any system to the Interoperability Layer this will allow continued expansion of a central repository
● Maintaining wider system alignment: There is recognition that work on a Master Client Registry and shared EHR system needs to remain aligned with wider initiatives, such as National Registration Bureau’s efforts to establish a National Registration and Identification System. The Kuunika team has been providing technical inputs for this dialogue In recognition of the need to ensure full alignment of standards, systems and governance measures across sectors, the MoH leadership has requested the Digital Health Division to temporarily pause work on the Master Client Registry.
For this study question on delivery against the DDE task area, the global Principles for Digital Development provide a useful benchmark for assessing good practice. Table 5 below presents the investigators’ assessment of the extent to which implementation of this task area was consistent with these principles.
Overall, the available evidence points to good efforts by Kuunika to promote the nine global principles of digital development. However, timely delivery of a DDE was hampered by a shifting ecosystem, challenges of designing for scale and sustainability (e.g. lack of system maturity, evolving technology competing operational priorities, alignment challenges), and difficulties in collaborative working. Data privacy and security considerations are likely to need additional prioritisation as the modular OpenHIE framework is rolled out.
1.
● Evidence of initial piloting of DDE by BHT and iterative design with end users at facility level this informed EGPAF deployment. Scope for better definition / alignment of primary end ‘users’ at each system level as solutions evolve
● Useful successive effort to map the digital health system architecture, but scope for better analysis / monitoring of the wider operational, stakeholder and governance ecosystem.
● Early recognition that usefulness and scale up of DDE would depend on progress in system interoperability, an Expanded Health Data Exchange, and governance / regulatory alignment. Scale up more challenging than anticipated mostly due to a highly dynamic operational and institutional context, and the evolving digital health architecture
● Earlier vision for digital health architecture (including the DDE component) appears to have been superseded by a more sustainable vision based on an Open HIE framework that is referenced in the new National Digital Health Strategy However, there has been relatively little attention to the overarching governance / regulatory aspects, and its acknowledged governance aspects need to keep pace to ensure system safety & sustainability 5. Be Data Driven
● DDE intended to support data driven decision making. Design will be adapted to OpenHIE framework but needs to reflect system maturity and governance context
● Design documents point to general adherence to open source, open data principles Since 2019, Kuunika has sought to build consensus on adoption of a modular OpenHIE framework to support open source / open standards working around a shared digital health vision. However, this remains a key area for better partner collaboration and ‘global goods’ thinking 7.
● DDE design has built on BHT technology BHT server data was lost in transition to EGPAF, leading to loss of continuity There have since been significant technological developments and shifts in the digital health ecosystem.
● Dialogue on DDE and an Expanded Health Data Exchange prompted discussion on some key issues of health data governance, privacy and security these discussions need to continue for development of the Client Registry and EHR system within the OpenHIE framework.
● Still concerns about a fragmented digital health landscape in Malawi There are now opportunities for better partner alignment / collaboration around a shared vision for a DDE / Client Registry (including the role of UICs) within the OpenHIE approach
6.2.1
This section on the role of implementation and aid effectiveness issues combines findings from our desk review and stakeholder mapping exercise (Annex 2) with information from key informants. The findings below are based on a synthesis and triangulation of evidence.
We acknowledge that a key limitation of this study is that we have not been able to interview donor representatives (especially BMGF, CDC, PEPFAR, CHAI etc) within the timeframes of the study. Any findings referencing donor perspectives are, therefore based on secondary sources.
As shown in the stakeholder mapping for this study (Annex 2), there are multiple stakeholders who have a primary or secondary stake in the activities of the Kuunika Project. These stakeholders can be categorised into four main groups:
● Government of Malawi including MoH, the Ministry of ICT, along with a range of substructures and related ministries/institutions see Chapter 3.
● Donors including BMGF and other donors directly involved in improving digital health systems for HIV programming (the joint use case), along with donors and multilateral agencies who have indirect involvement through their participation in the wider digital ecosystem.
● Implementing Partners including those who are (or have been) directly involved in Kuunika implementation, and related digital health activities including the recent COVID 19 ‘digital surge’
● Other role-players those who play a role in the wider project implementation landscape (such as CHAM, the private sector, other NGOs and EMR providers and independent evaluators).
Since 2017, there have been some significant efforts to support digital health collaboration and alignment in Malawi although these have mostly been around planning and strategy development. For example, in 2017, CMED convened 80 members of the Malawi Health Data Collaborative representing 20 organisations85 to help finalise the new Monitoring and Evaluation/Health Information System Strategy and identify ways to strengthen governance, leadership and coordination of investments.86
Our desk review confirmed that members of the above stakeholder groupings have interests, priorities and strategic objectives that mean they could have been key role players in the Kuunika Project ecosystem. It was clear that sometimes interests converged, but sometimes there was potential for divergence.
The desk review of programme documents and stakeholder publications showed there was generally strong stakeholder convergence around the common objective of building an effective, efficient and sustainable digital health information system ultimately for the benefit of healthcare users, especially those affected by HIV. Since 2019, there has also been strong stakeholder convergence around accessing real time data to respond to the COVID 19 pandemic.
85 These included: Alliance for Public Health; BMGF; CDC; Cooper/Smith; Data for Health (Bloomberg Philanthropies); DFID; GiZ; Johns Hopkins University; Luke International; Palladium; Partners in Health; Partnership for Maternal, Newborn & Child Health; PEPFAR; Population Services International; The Global Fund; UNICEF; University College London; and USAID.
86 See: https://www.healthdatacollaborative.org/where we work/malawi/2/progress updates/
However, a rapid ‘force field’ analysis also points to three potential fault lines for stakeholder divergence in the Kuunika operational landscape. These potential fault lines (or divergent ‘leanings’) fall across government and donors, the Kuunika consortium and (post-2019) Kuunika and other Implementing Partners (Figure 11).
This desk based analysis suggests Kuunika progress may have been considerably influenced by how well these potential fault lines have been negotiated over time.
As described in Chapter 2, the ‘fault line’ across the Kuunika consortium prompted a significant reconfiguration in 2019. Country based key informants (Annex 6) made the following additional points about the role of implementation and aid effectiveness issues in project progress.
● Competing consortium priorities: Some reports indicated a particular challenge for original consortium partners was managing the competing expectations of government, Kuunika and a wider portfolio of donors (e.g. for BHT there were issues regarding acknowledgment of CDC contributions and maintaining a distinction between donor inputs and objectives).
● Government engagement challenges: Successive national elections and changes in leadership within the MoH have made it difficult for some partners to maintain continuous engagement and manage changes in strategic direction, especially when government / MoH positions were themselves divergent (e.g. differences in perspective on prioritising digital health for national planning decisions or local level patient centred care)
● Pulling the purse strings: While many donors and partners fully acknowledge the importance of government ownership and leadership for sustainability, the reality is that Malawi’s health sector remains highly dependent on donor funding, especially with respect to HIV programming. This means donors have considerable power to push an agenda
particularly when they have made large financial commitments.87 GoM is still associated significant “budget credibility challenges” so most donors remain cautious about direct budget support and, in practice, programme ‘ownership’ is a continuous negotiation 88 Moreover, Implementing Partners often have to act as mediators and intermediaries especially when donors have no country presence.
● Differences in ‘donor culture’: Some key informants explained that the BMGF ‘culture’ of learning centred and adaptive approaches to project delivery is distinctive. Other donors in the field of HIV tend to take a more traditional ‘projectised’ approach based on principles of supplier accountability for resources and results. The early tensions in the Kuunika consortium illustrate how Implementing Partners may find it difficult to reconcile the two approaches within standard project delivery arrangements. It can be difficult for Implementing Partners to take ‘delivery risks’ (e.g. protracted district engagement) in a highly competitive supplier landscape.
● Donor coordination challenges: Several key informants indicated there is scope for donors to collaborate and harmonise investments more effectively among themselves especially in the competitive field of digital innovation. While partner forums convened by CMED’s M&E Technical Working Group, such as the Health Data Collaborative, have been productive,89there remain concerns that partner initiatives contribute to a fragmented digital health landscape with duplication of effort Some key informants suggested the ‘three pillars’ conceived under the pre 2019 Digital Health Project Implementation Unit (PIU) for effective harmonisation and alignment remain valid.90The Blantyre Prevention Project was cited as a useful model for demonstrating how improved donor, government and stakeholder collaboration could function at all system levels.
● Kuunika’s governance foothold: Since 2019, Kuunika’s role in seconding staff to the Digital Health Division is widely seen as positive for providing well informed technical guidance, coordination and capacity development support at national level. This, in turn, promotes continuity and government credibility in technical dialogue with external partners. However, there are concerns about a potential conflict of interest if Kuunika is competing with other Implementing Partners for access to government / donor resources. There were concerns too about the possibility of a disproportionate influence in building the shared national vision on digital health.
● Learning from the COVID response: There was emerging consensus that the recent COVID 19 ‘digital surge’ demonstrates how Implementing Partners can, with strong national direction, collaborate effectively around shared priorities within a common systems architecture. However, there were also concerns about the failure to fully involve the Department of eGovernment (compromising sustainability), and failure of some Implementing Partner to be fully open with source codes, server access etc.
For this question on implementation issues affecting Kuunika delivery, we will use the principles of aid effectiveness as the benchmark for assessing good practice. Table 6 below draws on the
87 For example, PEPFAR is reported to have invested US$700 million in Malawi since 2003 see A 15 Year Review of the PEPFAR Support to Malawi: How Has It Succeeded? | AVAC
88 UNICEF. (2019). 2019/20 Health Budget Brief: Towards Full Implementation of the Essential Health Package: Achieving SDG 3 in Malawi
89 See for example: Malawi Ministry of Health. (undated). Data and Digital Priorities: Digital Health for Universal Health Coverage. Developed with the Malawi Health Data Collaborative. Available at: https://www.healthdatacollaborative.org/fileadmin/uploads/hdc/Documents/Country_documents/Malawi/Malawi_Ministry_of_Health.p df
90 These are: a single National Digital Health Strategy; a single ‘investment roadmap’; and a single digital health human resources development plan.
triangulated evidence to present the investigators’ assessment of how Kuunika’s implementation experience measures against the core principles of aid effectiveness. 91
Overall, our assessment found donors supporting the HIV/AIDS programme in Malawi have broadly adhered to the aid effectiveness principles of country ownership and strategy alignment. However, there is now scope for donors to strengthen adherence to aid effectiveness principles (including those relating to harmonisation, managing for aligned results and mutual accountability) by working through existing partner forums to advance the new Digital Health Strategy and roadmap. This will need to be accompanied by a greater focus on systems thinking and substantial investments in institutional strengthening and governance capacity.
Principle of aid effectiveness
Developing countries should be owners of their development
Development assistance should be aligned to country policies, institutions and local systems
Assessment of Kuunika’s implementation experience
● There is good evidence that Kuunika has sought to keep GoM in the driving seat. However, while donor investments have broadly supported MoH strategic objectives, there is evidence of donor driven agendas, vertical HIV programming, parallel reporting systems, and some lack openness in partner practice.
● Good evidence that the Kuunika design and implementation was aligned to the country policy and institutional context within the field of HIV programming. However, some concerns that in Phase 1 of the project some consortium members were not fully engaging district level counterparts
● In Phase 3, Kuunika’s support to the Digital Health Division and development of the National Digital Health Strategy contribute to an enabling environment for improved alignment of development assistance. But, more widely, there are still concerns that donor investments continue to perpetuate fragmented approaches.
3. HARMONISATION: Developing countries and partners should harmonise their action
Developing countries and donors should focus on measurable results
Developing countries and their partners are jointly accountable for development results
● Kuunika’s support to the Digital Health Division, along with the National Digital Health Strategy and mapped digital health architecture provide the foundations for a digital health investment roadmap to support harmonised donor investments. However, to date, there appears to be limited traction on this and donor interests and investments remain siloed.
● Some evidence of divergent expectations of intended results. Some donors place considerable emphasis on timebound results delivery, while others place greater emphasis on adaptive learning to advance strategic goals
● Some evidence of transparency and collaborative working by government, donors and Implementing Partners towards broad strategic objectives. However, primary IP accountability tends to remain with donors. Some residual concerns remain about issues of data sovereignty.
91 Revisiting the principles of aid effectiveness. Available at: www.dandc.eu/en/article/revisiting principles aid effectiveness
6.3.1
This section on the role of the regulatory environment combines findings from our desk review and key informant interviews. The findings below are based on a synthesis and triangulation of evidence. Overall, there was strong consistency across evidence sources.
As described in the Chapter 3, our desk review confirms the overarching legal and policy frameworks for all ICT initiatives in Malawi are set by the Ministry of ICT. The Ministry of ICT includes specialist departments such as the Department of eGovernment. The latter is responsible for ensuring ICT is used to: a) facilitate effective and efficient public service delivery and interaction between public services and citizens, companies, government institutions, cooperating partners and other key stakeholders; and b) enhancing government oversight functions.
Key legislation relating to this study includes the eTransactions and Cyber Security Act (2016) especially Part IV on data protection and privacy. Also of relevance are Malawi’s Access to Information Act (2017), the National Registration Act (2009) and the National ICT Policy (2013) As indicated in Table 2 , the new Data Protection and Privacy Bill (2021) represents a timely and positive development; however, there are stakeholder concerns about ambiguous terminology, and some oversight and enforcement issues several of which have human rights implications
With regards intellectual property rights, Malawi has five main intellectual property laws. These are: the Trademarks Act (2018), Patents Act (1986), Trade Description Act (1987), the Registered Designs Act (1985) and the Copyright Act (2016). These intellectual property laws are designed to create a conducive, but regulated, environment for the development of small and medium sized enterprises (SMEs), thereby promoting local industry and social and economic development. Additionally, these laws cover the transfer of technology to and from industrialised countries (including local digital technology innovation).
The MoH is responsible for the application of national legislation to health data and information systems. The MoH’s foundational document on digital health regulation is the National Health Information Systems Policy (2015) which specifies sectoral roles and obligations relating to: data collection; confidentiality; data compilation/aggregation; data analysis; quality assessment and adjustment; reporting and data transmission; data storage, access and ownership; and information dissemination and use. This policy is referenced for implementation purposes in the Health Sector Strategic Plan (HSSP) II, 2017 2022, as well as the Monitoring, Evaluation and Health Information Systems Strategy (MEHIS), 2017 2022.
Recently, the National Digital Health Strategy, 2020 2025 has replaced the National eHealth Strategy, 2011 2016. The new strategy focuses more directly on priorities relating to: digital health governance and sustainability; digital health coverage; system interoperability; infrastructure and connectivity; and workforce capacity. The National Digital Health Strategy includes a specific strategic objective on protecting data privacy and “improving the security of information and digital health systems”. Priority actions recommended under this objective are summarised in the Box below.
In summary, the Digital Health Strategy’s recommended actions on digital health security are:
• Data loss or damage: Ensure continuity of service delivery in all service delivery points in cases of disasters and loss of property by working with the ICT Section to ensure a risk analysis is conducted annually and Disaster Recovery Sites are operational.
• System security: Develop and deploy standardised security management process in health sector to promote acceptable use of data and related tools, including hardware and software e.g. by implementing security checklists at all service delivery points, and ensuring security breach response systems are operational.
• Ethical concerns: Addressing ethical issues in digital health to promote privacy and security of clients’ data by implementing Data Access and Release SOPs and ensuring a data access tracking system is operationalised.
• Threat protection: Ensure that digital health information and users are protected from undesirable threats, including physical threats (fraud and theft), malwares, breach of privacy, misuse of information by implementing user account management SoPs, and ensuring additional physical access control measures are deployed and operational.
The MoH recently commissioned the Malawi Health Data Collaborative to identify data and digital priorities to support consensus building for the National Digital Health Strategy and promote the principles of universal health coverage. The Collaborative identified improvements to security of information and ICT systems as one of the top priorities.92
We note the Kuunika Project has supported the development of 12 SOPs (Annex 5). These SOPs cover multiple aspects of digital health governance and system security, such as user account management, data access and release and data breach protocols although notably the SOP on ensuring security of data systems has not yet been drafted. Key informants suggest that, with the institutional changes in MoH and the outbreak of COVID 19, progress has stalled. However, we suggest that, given the groundwork done and the importance of SOPs for translating ICT legislation and the Digital Health Strategy into action, there is a strong case for re prioritising this task area
In key informant interviews, the following points were made on project implementation experience relating to the digital health policy and regulatory environment.
● System security risks: There are particular government concerns about system security risks and the need to safeguard patient information from unauthorised disclosure, alteration, loss or destruction for example, GoM is now seeking to expand country based server capacity to avoid a dependence on cloud based hosting (in line with the eTransactions and Cyber Security Act) In recent years, there have been experiences of health data being lost, and there is now awareness of the need for multi faceted approaches that combine technical protection measures (including data back up and retrieval) and secure data storage methods (with encryption and access controls etc), with data governance measures (such as legal, policy and regulatory measures).
● Implementation challenges: Key informants emphasise the need to implement and enforce existing data protection measures at all system levels e.g. from the security of shared devices at facility level, to the access permissions granted at higher system levels. This, in
92 Malawi Ministry of Health. (undated). Data and Digital Priorities: Digital Health for Universal Health Coverage. Developed with the Malawi Health Data Collaborative. Available at: https://www.healthdatacollaborative.org/fileadmin/uploads/hdc/Documents/Country_documents/Malawi/Malawi_Ministry_of_Health.p df
turn, requires inclusive training and improvements in digital literacy from the community to the national level. The fragmented nature of health service delivery and information systems across public, private and non-governmental providers makes this challenging. There is recognition that SOPs need to be finalised, but concern that roll out and compliance will be challenging to address.
● Data sovereignty and ownership considerations: While there is legislation in place covering data sovereignty and the transfer of data across borders, and the National Health Information Systems Policy provides clear government statements on data access and ownership, there is limited enforcement with respect to donor / IP reporting systems. Key informants suggest this is due to government’s financial dependence on donors, as well as inconsistent leadership in the digital health space. In recent years, there have been efforts to tighten up on ethical approvals and data sharing permissions for health research;93 however, it has also been reported that weak communication between national and sub national levels on these permissions can fuel operational tensions.
● Governance capacity challenges: The original organograms for the Digital Health Division make provision for both governance positions (with a focus on policy and standards compliance) and technical operations (with a focus on product development and sustainability). While technical operations positions have largely been filled (partly through Kuunika secondments), the governance positions remain vacant. These are acknowledged to be key areas for future recruitment and investment.
For this question on the role of the regulatory environment in Kuunika delivery, we will use the Global Digital Health Index model as the yardstick for assessing good practice. Table 7 below presents the investigators’ assessment of how Kuunika’s implementation experience measures against key indicators of digital health leadership, governance, legislation, policy and compliance 94
Overall, available evidence suggests Malawi’s regulatory environment is reasonably good when measured against standard global indicators on leadership, governance and policies. However, weaknesses remain in resource allocations for implementation and enforcement, operational guidelines tailored to each system level, and policies on cross border data security and data sharing.
93 National Regulatory Requirements, Procedures and Guidelines for Conduct of Research in Malawi. Available at: https://www.ncst.mw/research clearance/
94 Global Digital Health Index. (2019). The State of Digital Health 2019. Available at https://www.ncst.mw/research clearance/ https://www.digitalhealthindex.org/stateofdigitalhealth19
1. LEADERSHIP & GOVERNANCE:
Indicator 1: Digital health prioritised at the national level through dedicated bodies / mechanisms for governance
2. LEADERSHIP & GOVERNANCE:
Indicator 2: Digital health prioritised at the national level through planning, strategies and resource allocation
3. LEGISLATION, POLICY & COMPLIANCE:
Indicator 1: Legal Framework for Data Protection (Security)
4. LEGISLATION, POLICY & COMPLIANCE:
Indicator 2: Laws or Regulations for privacy, confidentiality and access to health
5. LEGISLATION, POLICY & COMPLIANCE:
Indicator 3: Protocol for regulating or certifying devices and/or digital health services
6. LEGISLATION, POLICY & COMPLIANCE:
Indicator 4: Cross border data security and sharing
Assessment of Kuunika context
● Digital health prioritised through relevant structures in place in Ministry of ICT (Department of eGovernment) and MoH (ICT Unit, CMED and Digital Health Division)
● Digital health prioritised at the national level through the National Health Information Systems Policy (2015) and successive health strategies. However, financial and human resource allocations remain insufficient.
● General ICT legislation on data protection in place and reflected in the National Health Information Systems Policy (2015) although some scope for updating.
● Requirement for SOP on data security identified but not yet developed
● General ICT legislation on data privacy in place and reflected in the National Health Information Systems Policy (2015) and strategies.
● Relevant SOPs drafted but not yet finalised or implemented.
● Explicit reference in legislation, policies and strategies limited but SOP on ‘Introduction of New Systems’ available in draft (timeframes for finalisation and implementation uncertain)
● Little explicit reference in health sector policies and strategies but some references made in eTransactions and Cyber Security Act (2016) and legislation on intellectual property.
The table below presents the investigators’ summary of the main lessons emerging for each of the core study questions. These lessons are based on a triangulated synthesis of contributions from key informants and the investigators’ analysis of data from other sources (desk review, round table discussions etc).
Question 1: Why did the important Database and Demographic Exchange step in the development of EMRs for HIV eradication fail?
1. Sustainability of digital health building blocks is likely to be enhanced when there is reference to an updated digital health and information system architecture, and when there is wider stakeholder buy in on the shared vision, strategy and roadmap.
2. Elements involving exchange of personal health records must be aligned to the wider governance, regulatory and standards environment especially with respect to data privacy, security and access.
Question 2: What role did implementation and aid effectiveness issues such as project design, project management and donor co ordination play?
3. An understanding of the ecosystem requires a focus on the stakeholder, governance and political economy ecosystem, as well as the digital ecosystem. Seconded technical assistance (TA) can be on the front line of mediating the stakeholder ecosystem distinct skill sets are required.
4. There is scope to build on existing partner forums to convene diverse stakeholder groupings and build consensus around implementation of a joint digital health roadmap.
5. Investments in a patient-centred ‘use case’ are likely to be more sustainable & scalable if partners retain a system focus and there are complementary investments in effective digital health governance at all system levels.
Question 3: How useful would intellectual property regulation, data privacy & global digital governance standards have been in creating a more propitious context?
6. Particular attention needs to be given to data protection and cybersecurity threats. New digital health solutions should be accompanied by key assessments, such as threat risk and privacy impact assessments. There is scope for working more closely with the ICT Ministry, international collaboration and contributing to legislative dialogue e.g. on Malawi’s Data Protection & Privacy Bill.
7. Sound digital health governance requires long term investment, and needs to extend to effective mechanisms for implementation, staff capacity building and oversight, and standards compliance at each system level. Finalisation / roll-out of key SOPs could be a relatively quick win, but this is a process heavy task area that needs focused leadership.
This final section of the report presents the investigators’ concluding observations and recommendations from Special Study 2.
This special study has focused on the digital health governance experience of the Kuunika Project over the period 2016 2021. The study has focused on four questions relating to roll out of the DDE, implementation process and aid effectiveness themes, the policy and regulatory environment and lessons learnt. The authors have addressed these questions by triangulating evidence from an extensive desk review, key informant interviews and group discussions with the Kuunika team
While the findings presented in this report may not be definitive, they do reflect a range of stakeholder perspectives on a complex initiative that was implemented in a highly dynamic context. From review of findings across the four study questions it is notable that, while progress in the early years of the project was slow, it did provide the Kuunika team with a firm foundation of operational experience and lessons. These, in turn, have enabled significant contributions to digital health systems strengthening and governance in the final sustainability phase of the project.
Recommendations from this study include specific recommendations and general recommendations for BMGF and the Government of Malawi. The general recommendations are also relevant to other development partners.
Specific recommendations:
● Support the Digital Health Division. Recognise the strategic benefits of a knowledgeable and trusted team embedded in the Digital Health Division that can respond to digital health opportunities and priorities. Seconded TA needs to be high calibre with distinct skill sets. Ensure there are clear guidelines on preventing conflict of interest.
● Prioritise governance capacity. Support efforts to ensure the Digital Health Division has appropriate capacity on digital health governance, standards and compliance governance officers should work closely with the ICT Ministry and prioritise finalisation of the digital health SOPs.
● Support Kuunika to develop a capacity development plan that includes skills transfer approach and an exit strategy.
General recommendations:
● Promote the principles of responsible ‘global digital health citizenship’ and partnership among all key role players. This means convening around a single shared digital health vision, strategy and roadmap. These should be based on a modular digital architecture and be consistent with open source and open standards principles.
● Invest for scale and sustainability from the outset. This means thinking beyond the programme ‘use case’ to consider each solution’s horizontal and vertical linkages within a wider systems architecture. Consider complementary investments in digital health governance capacity at all system levels, including longer term investments / collaborations to protect data privacy and security.
The following version of the Kuunika theory of change is referenced in this Special Study. It was developed by the evaluation team at midline (2019). It updates the baseline theory of change and incorporates the project pivot in 2018. Further updates to this theory of change will be presented in the final evaluation report.
The following diagram shows evaluation team’s 2019 reconstruction of the causal pathways underpinning the Kuunika Project design and theory of change.
In December 2020, Cooper Smith presented the following summary of Kuunika’s progress in advancing the digital health architecture through reference to a set of ‘building blocks’ and digital product inputs 95 These building blocks and inputs aimed to advance the digital health vision shown in Figure 9 of this report. Notably, Kuunika reports that its contributions to COVID 19 digital health products have also helped to strengthen the interoperability layer (see also Special Study 1).
The following extract from a 2019 MEASURE Evaluation review of the strength of the Malawi HIS as a source of HIV data shows how the system performs against standard global indicators.96
96 MEASURE Evaluation. (2019). Malawi: Snapshot of the Strength of the Health Information System as a Source of HIV Data. Retrieved from: Malawi_Strength of HIS as HIV Data Source_fs 19 355.pdf
Desk review and key informant evidence suggests that, by 2020, most of the SOPs scheduled for digital health practice were in at the stage of an advanced draft, but institutional changes and COVID 19 priorities had temporarily stalled their finalisation and approval. The 2020 Digital Health Strategy places considerable emphasis on the roll out and full implementation of these SOPs suggesting their finalisation now needs to be prioritised).
Item Name Description Level of Use Current Status
1 SOP for User Support
Procedures involved in raising user support requests and responding to these requests
2 SOP for User Account Management Procedure for managing user account, including request for account creation, update, deactivation or deletion coupled with approvals and access rights managements
3 SOP for revision of health indicators and data collection tools
Procedures involved in revising indicators, tools and cost implications
4 SOP for Data Access and Release Procedures involved in requesting for health data
5 SOP on Collection of HMIS Routine Data, Data Management and Use
6 SOP on Data Quality Assurance (DQA)
Procedures guiding the collection, consolidation, dissemination and use of data for evidence based decision support
Procedures for ensuring quality HMIS data, i.e., complete, timely and accurate data
7 SOP on Integrating sub systems to DHIS Procedures to guide the development, implementation and interoperability evaluation of sub system integration to DHIS
8 SOP for Introduction of New Systems Procedures to guide the introduction of new electronic or manual data systems at national, district and facility level
9 SOP for ensuring security of data systems Procedures to guide data security measures for electronic and manual data systems
10 Data Breach Protocol Procedures to guide response for data breach occurrences
11 SOP for data review meetings
12 SOP for Quality Improvement Management
Procedures and standards to guide data review meetings
Procedures to guide the use of quality management approaches in order to use data for the purpose of program performance, quality planning, control, assurance and improvement
National Draft Available
National District Facility
Draft Available
National Draft Available
National District Facility
National District Facility
National District Facility
Draft Available
Draft Available
Draft Available
National District Draft Available
National District Facility
National District Facility
National District Facility
National District Facility
Draft Available
Not Developed
Draft Available
Not Developed
District Facility Not Developed
Joseph Dal Molin Expert Adviser, President, E cology Corp.
Andrew Likaka Head of Blood Transfusion Unit (formerly of Quality Management Directorate; former Kuunika Principal Investigator)
Hosin yi Lee Technical Advisor, Luke International
Joseph Wu Technical Specialist, Luke International Norway
Martius Joshua Director, Quality Management Directorate, MoH
Mwatha Bwanali Technical Specialist, EGPAF (formerly Baobab Trust)
Rebecca Mthega Country Representative, Luke International Norway
Veena Sampathkumar Country Director, Elizabeth Glaser Paediatric AIDS Foundation
