Artificial Intelligence in the health sector
Artificial intelligence is already reshaping healthcare, but it raises hard questions on privacy, consent, liability, safety and bias. This article outlines Kenya’s evolving legal framework, including the Health Act, the Data Protection Act and emerging digital health laws. It also highlights practical safeguards for deploying health AI responsibly and accountably.
Author : Ambrose D.O. Rachier, SC
- [email protected]
- Rachier & Amollo LLP, Mayfair Center 5th Floor
Artificial Intelligence in the health sector
Ambrose D.O. Rachier, SC
Article Overview
This insight introduces Artificial Intelligence in healthcare, outlining how AI systems use models and algorithms to learn and support prediction and decision-making, and how this intersects with Kenya’s evolving e-health ecosystem. It highlights Kenya’s early policy direction through the Blockchain and AI Task Force, then focuses on the practical barriers to adoption in healthcare, including low digitisation of medical records, limited connectivity, cybersecurity risks, and gaps in sector-specific regulation.
The article also maps key ethical and legal concerns such as privacy, bias, safety, accountability for AI-assisted decisions, and the protection of human dignity, and proposes a compliance lens anchored in the Constitution (privacy), the Data Protection Act, and emerging digital health legislation.
Key takeaways
- Definitions matter: the article references UNESCO’s description of AI systems as information-processing technologies that learn and perform cognitive tasks, and WHO’s definition of e-health as the combined use of electronic communication and IT in the health sector.
- Kenya’s policy entry point: the Blockchain and AI Task Force (set up in February 2018) identified health and research benefits including record integrity, supply chain traceability, anti-counterfeit gains, and consent management.
- Major implementation barriers: limited digitisation and accessibility of medical records, skills gaps, weak regulation, limited internet coverage, underinvestment in AI research, and cybersecurity exposure.
- Privacy and lawful processing: health AI depends on collecting and processing data, raising Article 31 privacy issues and strict Data Protection Act requirements around purpose, necessity, retention, and sharing controls.
- Accountability question: where AI supports clinical or research decisions, the key concern is where liability attaches if harm occurs and how to ensure safety, reliability, and context sensitivity.
- Bias and “AI stupidity”: the article warns that AI inherits errors and bias from training data, creating discrimination risks and undermining trust, especially in sensitive contexts like health.
- Kenya’s relevant legal framework: includes the Constitution, Health Act 2017, Digital Health Bill 2023, Health Records and Information Managers Act 2016, Data Protection Act 2019, AU cybersecurity and data protection convention, UNESCO ethics recommendation, and Kenya eHealth policy instruments.
- Health Act direction on e-health: section 104 required development of an e-health law, with proposed Bills intended to address interoperability, disclosure controls, privacy protection, telemedicine, and related system governance.
- DPA compliance test (practical checklist): the article proposes questions such as whether personal data is used, whether it can be anonymised, whether decisions are specific or trend-based, whether data is repurposed, whether third-party data is used lawfully, and whether new personal data is generated.
- Reform proposals: ethical impact assessments, stronger governance and remedies, robust data policy, international cooperation, and alignment with UNESCO ethical principles including do no harm, fairness, transparency, accountability, and human oversight for high-impact decisions.
About the author
Ambrose D.O. Rachier, SC is a Partner at Rachier & Amollo LLP. In this insight, he outlines the opportunities and legal guardrails for deploying AI in healthcare and research, with emphasis on privacy, accountability, safety, and ethics.