The role of data in anti-corruption efforts

Digital technology is a vehicle to enhance transparency in public services and allow civil society to monitor service delivery. The power of digitalisation coupled with other reforms to enhance transparency and accountability in health and other public services is being tested in several ongoing initiatives. In 2017, Transparency International Ukraine developed an ehealth system, eZdorovya, to support the restructuring of health financing and contribute to better public spending. eZdorovya was later transferred to the state and expanded to include patients’ medical records, which became easily accessible to patients, providers, and administrators. In 2012, the Indo-Dutch Project Management Society compiled data on physician absenteeism and set up a user-friendly SMS/online platform in the Karnataka region in southern India where citizens could report and monitor absenteeism. Recently, the Nigerian NGO Connected Development, under its initiative Follow the Money, has begun tracking and visualising data on donations, loans, procurement processes, food packages, and cash transfer programmes to improve transparency and accountability of the Covid-19 response in Africa.

When managed and disseminated properly, health data becomes a strategic resource that can be used for better policy choices, which could lead to better health outcomes. The data from health management information systems (HMIS) specifically supports decision-making processes of health facilities and organisations. Governments use this data in ways that reflect their political agendas. Access to data stored in HMIS can also be of immense value for other stakeholders, who can use the information to keep governments accountable for their performance and provision of health services. However, when there is no transparency, this same data can potentially be co-opted by powerful groups for private gain. Therefore, the linkages between HMIS, corruption, and anti-corruption are worth exploring.

This U4 Issue examines how corruption manifests within HMIS and assesses the potential of these systems to advance anti-corruption and integrity in the health sector, especially in developing countries. Our main case study is the District Health Information Software 2 (DHIS2) platform, which is used by ministries of health in dozens of low- and middle-income countries. DHIS2 is an open-source HMIS, released under the BSD 3-clause license and free of license fees.c463f1a1d98e Our analysis explores whether DHIS2 can play a role in promoting more effective anti-corruption interventions in the health sector to improve public health outcomes. In addition, the study reviews other examples of using data analytics to advance integrity, transparency, and accountability. The paper ends with recommendations to governments, donors, and civil society organisations on how to use HMIS effectively in the fight against health sector corruption.

HMIS in the digital age

Access to timely, relevant, and reliable information is a cornerstone of effective decision making about health strategies, policies, and programmes. The actions governments take to collect, analyse, and use data affect their ability to identify problems, prioritise interventions, find solutions, monitor performance, and allocate resources to improve health outcomes. Equally important, citizens can use this information to choose healthy behaviours, demand better services, and keep governments accountable. Internationally, sharing health-related information is essential to detect and counter the effects of epidemics and infectious diseases, contribute to results-based management of development assistance programmes, and provide evidence to advocate for more funding in health.

An HMIS is a ‘data collection system specifically designed to support planning, management, and decision making in health facilities and organisations’. By identifying, collecting, synthesising, analysing, and reviewing health data, HMIS can provide the information needed to make better health policy choices. This in turn may enhance the quality and delivery of health services, taking us a step further towards achieving universal health coverage. In addition to being essential for monitoring and evaluation, HMIS data can be used to support and stimulate health research, conduct health situation analysis, contribute to global reporting, support patient and health facility management, enable planning, track health issues and outcomes, and provide an alert and early warning of priority health needs.

According to the World Health Organization (WHO), important sources of health data include ‘population-based surveys, civil registration systems, health facility surveys and routine facility data systems’. There are different types of health data, which can be collected and stored within and outside of health systems. For example, societal-level data can be stored in electronic health records (EHR) to be shared among health care networks to minimise duplication between providers and improve timeliness of care. More types of health data are shown in Table 1.

The benefits of HMIS can only be realised if information is properly communicated and disseminated, reaching all relevant stakeholders such as policymakers, planners, managers, health care providers, communities, and individuals. Dissemination and communication can also lead to more transparency and accountability in the design, implementation, and performance of health plans, policies, and programmes. Health data made public and easily accessible can help communicate priorities, identify gaps, and signal what health facilities should be accountable for.

The World Health Organization emphasises three HMIS functionalities that can make information more accessible: routine collection and management of data on health indicators; data storage and aggregation; and data synthesis and visualisations.

Nonetheless, HMIS are complex and costly systems to operate. Many low- and middle-income countries still struggle to use health data to its full potential because of technical and organisational barriers. For example, data usage is often limited by lack of a data-sharing culture and absence of system interoperability across ministries and agencies. This makes it difficult for decision makers to fully abide by realistic performance standards that address population health needs effectively. These barriers can impede the demand for and use of health data, with data used only for ad hoc decision making. Often, such ad hoc decisions favour short-term solutions that lead to quick political gains over long-term strategic planning that can improve public health outcomes. For example, the culture of decision making at the national level of the health sector in Pakistan was described by one provincial health manager as short-sighted and not concerned with the future. When data was demanded it was for personal benefit, rather than for the benefit of the people.

Additionally, it has proven difficult to measure the cost-effectiveness of long-term infrastructure investments in HMIS. This is especially the case in countries that face complex health challenges yet have limited financial and human resources to collect, standardise, and analyse health data. Moreover, many developing countries need to report data to global, regional, and bilateral funding agencies such as the Global Fund to Fight AIDS, Tuberculosis and Malaria, placing a further demand on local health systems.

DHIS2, which is a free and open-source health data platform, was designed to respond to these challenges. DHIS2 also benefits from capacity-building initiatives funded by the Norwegian Agency for Development Cooperation (Norad), ensuring that users are well equipped to manage the platform. While there are still concerns about documentation and adaptability, its use has been of immense value in low-resource settings.

DHIS2: A possible HMIS solution for low- and middle-income countries

DHIS2 came into being to address the many difficulties developing countries face in setting up strong HMIS. It is a free, open-source platform that collects, analyses, visualises, and shares health data. It supports aggregate and individual-level data, with online and offline data entry through the DHIS2 web portal, mobile apps, SMS, or direct import. The platform is managed by the Health Information Systems Programme Centre at the University of Oslo and is endorsed by WHO as a global public good. It is currently used in 73 low- and middle-income countries that are home to 2.4 billion people.

To create a global standard and avoid duplication, DSHI2 has collaborated with WHO to compile national learnings, which have helped inform global data standards. These data standards cover health areas and programmes, including infectious diseases, maternal and reproductive health, mortality reporting and mapping, and data quality. In addition, DHIS2 is being used to respond to Covid-19 data challenges. As of November 2021, 42 countries have used the platform for Covid-19 surveillance and 40 countries for Covid-19 vaccine delivery.

Among the benefits of DHIS2 are its adaptability to different contexts; its user-friendly technical features; its ability to standardise data collection processes; its capacity to collect and manage various sources of health data,including clinical and non-clinical HIV, malaria, and tuberculosis data, among others; and its potential to track health programme outcomes, such as vaccination coverage and tracking of vulnerable groups. Such data can be used to monitor the quality of health service provision in line with the principles of equity, transparency, and efficiency.

As an open-source, free platform, DHIS2 can foster innovation, promote co-production, and enhance social accountability. First, DHIS2 is a generic tool with a preconfigured database application and open metadata model, which means that users can innovate and choose the content they want to focus on without the need for programming. Second, the open-source format allows multiple users/countries to adopt it, share their experiences, and learn from one another. A recent study concluded that DHIS2 was an appropriate tool to strengthen HMIS at the regional level in the Eastern Mediterranean, suggesting that countries could use DHIS2 to coordinate technical support and capacity-strengthening processes. Lastly, DHIS2 users can access their own data, increasing their feeling of responsibility to produce data of good quality. The platform’s openness also means that anyone with access to the software can have access to the data and use it to keep governments accountable, promoting a culture of evidence-based decision making. In low-income, low-resource settings, where HMIS are not well established, DHIS2 can be an effective and cheaper alternative means to start building and/or strengthening a country’s capacities to collect, use, and manage health data more effectively.

Multiple studies show how useful DHIS2 platforms have been across different health areas. In Bangladesh, use of the platform helped improve the timeliness and completeness of data reporting, especially for reproductive, maternal, newborn, child, and adolescent health services. Likewise, in Uganda, DHIS2 helped improve the timeliness and completeness of reporting of routine outpatient, inpatient, and health service usage data from the district to the national level. In Lebanon and Pakistan, the DHIS2 platforms proved so useful that their application was expanded from specific health programmes – non-communicable diseases in Lebanon and tuberculosis in Pakistan – to other health areas. In El Salvador, DHIS2 was used to track access to and delivery of HIV testing and sexual and reproductive health services. Given the free, open-source, flexible nature of DHIS2, similar approaches were easily replicated in Guatemala, Honduras, Panama, and the Dominican Republic.

Preliminary results have also indicated that DHIS2 can foster a better decision-making culture around user-provided data and strengthen transparency. The use of dashboards, for example, enabled health practitioners and policymakers in the Democratic Republic of Congo (DRC) and Indonesia to visualise the data they had collected, understand its patterns, evaluate progress towards targets, and identify priorities and gaps. In the DRC more specifically, DHIS2 data enabled health facility staff to better prepare for supervisory visits, retrieving reports from the dashboard to account for their performance. Understanding DHIS2 data also helped them better address supervisors’ recommendations.

In response to the current pandemic, DHIS2 developed its Covid-19 vaccine delivery toolkit, which helps countries operationalise WHO guidance on national deployment and vaccination plans for the Covid-19 vaccines rollout. This toolkit can be used to measure wastage, uptake, and coverage by risk groups; trace vaccines down to the point of service delivery; monitor and follow up for second doses; provide verifiable vaccine certificates; and support supplementary immunisation activity monitoring and vaccine safety.

For instance, a DHIS2-based electronic immunisation registry in Rwanda is intended to make the Covid-19 vaccination process paperless, efficient, and more effective. Uganda uses DHIS2 to track and approve truck drivers entering the country, allowing important trade routes to be open and spread of cross-border disease to be contained. Palestine built on their national as well as global DHIS2 expertise to develop a Covid-19 surveillance package, which is the first in the world to track information at the case level. Sri Lanka has also used DHIS2 to track immunisations based on individual-level data, monitor stocks by using aggregate data, and produce verifiable vaccination certificates. They also combine immunisations and stock data in a joint dashboard to inform decision-making processes. In all these cases, DHIS2 proved to be a low-cost, user-friendly platform that addressed different health information needs.

Despite its strengths, the use of DHIS2 comes with a set of challenges. The studies from Bangladesh and Uganda noted above highlighted that the successes of DHIS2 were limited by lack of human resources, slow internet connectivity, inadequate technical support, and frequent changes to the DHIS2 version. An assessment of the health impact of DHIS2 in low-resource settings identified similar obstacles: ‘It seems likely that a combination of suboptimal reporting rates, persisting data inaccuracies and insufficient local expertise for data cleaning, analysis and visualization contribute to a self-reinforcing cycle constraining both the reporting and use of quality health data.’ If not addressed, these difficulties might ‘impede the development of a culture of data use’. Worryingly, they might also provide a fertile ground for corruption in HMIS.

Corruption risks affecting HMIS

Using health data from HMIS, including DHIS2, can contribute to enhancing transparency and accountability in decision-making processes in the health sector. Nonetheless, corruption can also be found in HMIS, especially in the forms of data manipulation and misuse of health data.

Manipulation of data

Data manipulation thrives in environments characterised by insufficient local expertise on data management, suboptimal reporting rates, and persistent data inaccuracies, weaknesses found in many countries where DHIS2 operates. Data manipulation in HMIS can also be deliberate, especially in contexts where fraud is widespread and corruption is considered endemic.

For example, data manipulation is quite common in the context of pay for performance (P4P) schemes in the health sector. P4P programmes work by rewarding medical actions, thus providing health workers an incentive to do their often-difficult jobs and achieve better health outcomes for the population. Incentives may be directed to service providers, programme beneficiaries, or both. P4P schemes are believed to have the potential to strengthen health systems and improve health outcomes, assuming the data on health performance is valid. However, data collection and recording are vulnerable to manipulation, distortion, and fraud, as data entrants and health workers may falsify the numbers in order to increase the pay they receive. P4P schemes are also subject to gaming, that is,fraudulent strategies health providers can adopt in order to reach or exceed performance targets on rewarded indicators and thereby maximise their gains.

In Rwanda, a study found that health workers sometimes distorted data on performance through the arbitrary and retrospective filing of forms. Health providers inflated performance figures to achieve pre-set targets in Cambodia’s GAVI-funded programme and in a conditional cash transfer scheme for mothers in Nepal.

In addition to data manipulation by frontline staff, perverse political incentives may interfere with data quality and use in many low- and middle-income countries. In several instances, operating partners have manipulated data indicators and entries to meet donor expectations in order to receive more funding. A 2014 study found that ‘development partners can also inadvertently create pervasive incentives for officials or front-line providers to misreport on their country’s progress through tying performance incentives to meeting certain targets as reported via administrative data the government collects’. A case in point comes from the polio programme in Pakistan, where health managers manipulated and inflated the number of people eligible for the programme to get more funding from donors and pocketed the excess for themselves by tampering with the recorded numbers.

Misuse of data

The large-scale surveillance and storage of personal data by HMIS is controversial, as such information can be used for purposes other than medical ones. It may also amount to a breach of human rights, including the right to privacy, freedom of expression, and protection of vulnerable groups.

There is growing evidence that governments sometimes make health data available to other stakeholders, putting at risk patients’ right to be forgotten. For instance, plans in the United Kingdom to gather patient data in a central database and make it available to third parties have triggered protest from both the medical community and civil society. Such sharing of data could severely damage patients’ trust in doctors and lead them to avoid disclosing their health needs. There is also the risk that government officials and academic and commercial third parties who can access the data could misuse their power in order to profit from sharing it, just as Facebook and other social media giants do.

The collection, sharing, and trading of datasets is of particular concern during the Covid-19 pandemic. Dashboards showing cumulative near real-time data on the disease have become a huge global industry. DHIS2 is among the many tools being used to harvest data on case surveillance, tracking, and responses. For example, Uganda is collecting personal data of long-distance truck drivers through DHIS2, as they are one potential path for cross-border spread of the virus that causes Covid-19. Through its open application programming interface, DHIS2 exchanges data with the Regional Electronic Cargo and Driver Tracking System, an app that has been downloaded by 72,000 truck drivers in East Africa. The tracking app now holds information on drivers’ Covid-19 status and reduces the need for them to be tested in multiple countries.

Despite their benefits, tracking apps have compromised people’s right to privacy in several countries. In Norway, for example, the first version of the contact-tracing app Smittestopp was halted after a warning from the Data Protection Authority. The app was considered too invasive, collecting GPS data to track users’ locations and contacts. User data was automatically shared with third parties for research, and users were not able to opt out. The architecture of other contact-tracing apps allows them to track people through Bluetooth without collecting their location data. As a result of poor ad hoc development, Smittestopp violated the General Data Protection Regulation principle of data minimisation, which states that personal data shall be ‘collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes’. The regulation further provides that the collections should be ‘adequate, relevant and limited to what is necessary in relation to the purposes’ of the data collection.

Similar findings were uncovered in Latin America. The Covid-19 Observatory of the Al Sur Coalition is an initiative of 11 civil society organisations (CSOs) that work to assess whether and how local technological responses to Covid-19 comply with basic principles of data protection and access to information. The coalition analysed 16 technological initiatives developed in 14 Latin American countries and found that most of them processed personal and sensitive data without due guarantees: ‘Most initiatives were not subject to an assessment of legality, necessity, and proportionality in their impact on human rights before or during the implementation.’

Covid-19 case surveillance, contact tracing, and tracking of individuals is happening worldwide through platforms connected to DHIS2, including countries where data is not as closely regulated as it is in Norway and other European countries. Fingerprints, facial recognition, eye scans, mobile phone registration, and location data have been collected and analysed with the aim of curbing the pandemic.Acknowledging these risks, the WHO interim guidance on contact tracing calls for those conducting contract tracing to ‘adhere to the ethical principles of handling personal information, to ensure responsible data management and respect for privacy throughout the process’.

Challenges in using HMIS for transparency and accountability

The biggest obstacles to using HMIS as an anti-corruption tool, especially in developing countries, concern policies and practices around the entry, storage, and use of data. These include the limited pace in digitising health data, political and administrative incentives to keep information undisclosed, and lack of or weak open data policies. Several broader contextual factors also can limit the potential of HMIS. These include lack of political incentives to address corruption and promote integrity as well as shrinking space for progressive civil society and for citizen engagement in monitoring service delivery. We look at each of these factors in turn.

Restrictive data policies and practices

First, entering health data digitally requires internet connectivity and available computers, tablets, or smartphones at each health clinic. Yet paper forms and carbon copies remain the norm at many frontline health clinics, and internet and electricity access remains a challenge in many low-income countries.

Second, information is a source of power. Once data is given meaning in a context, this information becomes a strategic resource for organisations. To keep its value, governments may decide not to share their information widely. A 2020 study found that governments are selective in releasing open government data (OGD), with ‘harmless’ domains being shared more easily than others. To understand government’s commitment to transparency and OGD, it is helpful to assess the value of different types of datasets and policy domains.

Third, lack of or weak open data policies limit who can demand transparency and accountability. For instance, in Peru the lack of a unified open government policy led to a fragmentation of open government initiatives and poor implementation.

Limited political and institutional incentives

Anti-corruption, transparency, and accountability interventions are most impactful and feasible when they have political backing. This raises the question of how to secure political incentives in authoritarian regimes, where transparency and accountability are broadly lacking, or even in democracies, where electoral changes can lead to changes in plans, policies, and programmes. Although power holders are supposed to act for the common good, they may also be the greatest beneficiaries of corruption, as they can use their power to advance their own interests.

Studies have shown that some bureaucracies in low- and middle-income countries where DHIS2 is deployed are inefficient and have a hierarchical culture that undermines accountability and transparency. For instance, many African states have bureaucracies characterised by limited technical capabilities, authoritarian decision-making processes, and patron-client relationships that permeate most institutional structures. In these contexts, the role of digital technologies in enhancing transparency and accountability is hindered.

The culture of impunity may be even worse among information technology (IT) professionals working in the public sector, as the limited IT skills of other officials mean that the specialists can work in relative isolation and face little scrutiny in their work. For instance, it is commonplace to have code peer-reviewed either by members of the IT team themselves or by external programmers. Comments are then either integrated or rejected by the code author, without much transparency.

Limited political incentives may also threaten the robustness of HMIS. Insufficient political backing can translate into fewer resources allocated to the collection, analysis, and monitoring of data; less investment in hiring competent staff and equipping public servants with the knowledge and skills to operate HMIS; and fewer spaces for non-state actors, such as the media and CSOs, to co-produce, assess, and monitor the quality of health data and governments’ performance across health indicators. All these scenarios lead to HMIS being ill-equipped to support health systems in identifying critical areas for health interventions.

Shrinking civic space and limited citizen monitoring of service delivery

HMIS thrive in contexts where state and non-state actors collaborate in the co-production, management, and monitoring of health data. Ample, unrestricted civic space and strong HMIS go hand in hand, as CSOs can actively contribute to the co-production, analysis, and monitoring of health data, strengthening the quality and reach of HMIS. With access to more accurate, open, and relevant health data, citizens can also exert pressure on their governments for better delivery of health care services. Overall, the involvement of CSOs and the wider public can lead to progress in three areas: the dissemination of information, which supports a feedback loop between the government and the governed; improved legitimacy of public sector interventions; and broadened democratisation of decision-making processes.

Unfortunately, global trends reveal a change in progressive civic space. In many developing countries, legal barriers restricting the freedom of the media and CSOs are emerging and changing the operational environment for civil society through increased licensing and reporting requirements as well as surveillance. Reducing CSOs’ autonomy in this way threatens their ability to verify health data and keep governments accountable.

The existence of new digital health systems alone does not secure more equitable access to information and stronger participatory mechanisms. Societies may still suffer from health data poverty, which is ‘the inability for individuals, groups, or populations to benefit from a discovery or innovation due to a scarcity of data that are adequately representative’. Without free civic space, it is less likely that marginalised groups will participate in the co-production of health data, leading to the collection of data that underrepresents segments of the population.

Despite these challenges, integrating anti-corruption indicators in HMIS such as DHIS2 could enhance ongoing efforts to address health sector corruption and improve CSOs’ ability to monitor health services. The next section outlines factors and enabling conditions that would enable HMIS to play this role.

Strengthening data governance for health system integrity

Data governance is important to building trust. With the proper regulations and policies in place, data governance processes ensure that data collection, management, and use is ethical, equitable, does not cause harm to vulnerable populations, and helps promote better decision making in the health sector. Among the decisions that shape data governance processes are deciding which types of data to open and share, how to share it, and whom to share it with. To enhance transparency and accountability, it is important to think about the conditions behind interoperability, data sharing, and data quality.

Interoperability and data sharing

Digitalisation and egovernance across all functions of government could enable better interoperability and data sharing between different datasets, which could in turn help to triangulate data and flag anomalies and discrepancies. This would enhance the role of HMIS in addressing corruption in the health sector. For instance, interoperability between HMIS and other public service delivery management information systems such as the World Bank’s Service Delivery Indicators, which provide benchmarks to assess service delivery performance in various countries, can be useful for addressing different problems, including health worker absenteeism and sufficient drug and equipment stocks.

Interoperability is especially important in pandemics and health emergencies. Precise and timely information is fundamental for planning, budgeting, and targeting disease outbreaks. Information management and the tracking of aid flows is important to ensure transparency and accountability in relief efforts. For instance, surveillance and contact tracing became important elements of the campaign to combat Ebola outbreaks in West Africa between 2014 and 2016. The United States Agency for International Development (USAID) has documented a range of tools developed to monitor the spread of Ebola, share information, and compile test results. One of them was mHero, a mobile phone–based communication system that connects ministries of health and health workers. During Ebola, mHero was used to share information and test results, monitor supplies, and train staff. The tool interacted with established health information systems such as the DHIS2, RapidPro, and Data Coordination Platform, as well as with the health workforce platform iHRIS. In August 2020, global health non-profit IntraHealth International deployed mHero in the Democratic Republic of Congo and Liberia to monitor the health of health workers and ensure they were protected.

Aggregate data is important to inform interventions that aim to counter health emergencies. The Covid-19 pandemic has further emphasised the importance of disease monitoring locally, nationally, and internationally. For instance, the West African Health Organisation (WAHO) aggregates data from member states of the Economic Community of West African States (ECOWAS). WAHO stores national DHIS2 databases in a regional data warehouse. Its outbreak dashboard is currently following the Covid-19 pandemic, sharing near real-time data for the ECOWAS region.

Interoperability and data sharing with platforms collecting data from other sectors is also fundamental to advance public health outcomes. In Haiti, for example, the World Bank, UNICEF, and USAID supported the Haitian Directorate of Potable Water and Sanitation (DINEPA) to develop a national integrated management information system for water and sanitation, called SIEPA. This system is based on a digital platform called mWater. Local operators and water and sanitation agents can upload information to mWater using their mobile phones. The platform is also geo-tagged and can be used to conduct digital surveys. SIEPA allows the authorities to collect information on water access, quality, availability, and sanitation. Decision makers can analyse actionable information and indicators on maps and dashboards. During Covid-19, a console was added to enable the country to track handwashing facilities and water availability across the country.

Lastly, interoperability helps secure the quality of HMIS data. For instance, in August 2020 Nigeria became the last African country to be declared free from polio. The delay was largely due to the vaccination teams’ earlier failure to collect data on all polio cases. In a few districts in the northeast of the country, cases of the disease continued, even though official documentation showed full vaccination coverage. The National Primary Health Care Development Agency (NPHCDA) later discovered that vaccination teams were using faulty maps. The vaccination teams collected names and location data from settlements and compared them with freely available satellite imagery from Google Earth. The investigation uncovered several settlements that were not showing on the vaccination maps. By using the correct maps, the vaccination teams were able to reach all villages and achieve full coverage.

Data protection, security, and regulation

Since DHIS2 is built on the foundation of open data, securing data is a challenge. To uphold the principle of ‘do no harm’, decisions about whether to publish health data must strike a balance between openness and the right to privacy. This is especially difficult in low- and middle-income countries, as many of them lack extensive data protection and privacy regulations.

Without strong regulations in place, open access to personal information can be used for criminal purposes. For example, Karnataka State in India published personal information about women and girls online to improve allocation of funds in its welfare services. Although their names were not made public, other vital data were, including their ages, locations, and contact details. This led many to experience phone harassment. As a result, the government had to delete the data. Women utilise health care services more frequently than men do because of their caregiving and reproductive roles, and they are therefore more likely than men to have their personal data collected by HMIS. Since open health data is not gender-neutral, data protection policies should be more gender-responsive and avoid exacerbating gender disparities.

In a 2016 survey across 48 developing nations, 43% of parliamentarians and 47% of police and law enforcement bodies pointed to a lack of understanding of data protection laws as a reason for the slow adoption and enforcement of new data privacy legislation. It is no surprise that concerted action to guarantee data protection is lacking in most countries. A 2019 study by the Organisation for Economic Co-operation and Development (OECD) found that most Members ‘lack a coordinated public policy framework’ to ensure that the use and sharing of health data protects people’s right to privacy, promotes data quality, and contributes to innovative research. In most low-income countries, limited data governance structures have resulted in poor data collection. A 2019 study by MEASURE Evaluation in Kenya and Tanzania pointed to weak or non-existent legal frameworks for data protection, no dedicated unit in charge of data ethics, and limited capacity to implement secure information systems as some of the reasons why these countries struggle with issues of data security, privacy, and confidentiality.

Another fundamental aspect of a health data governance framework is cybersecurity, which relates to a set of techniques that protect the digital architecture and its data from being manipulated, damaged, or stolen. To ensure the minimum security requirements, a risk assessment is performed to examine the confidentiality, integrity, and availability of data, also known as the CIA triad. This risk assessment enables state actors to gain a better understanding of the value of their data and how to protect it. As digital development progresses in low- and middle-income countries, so does the need for stronger data protection and regulations within and between sectors. This is especially important for the health sector.

Nonetheless, most countries do not consider health sector data in the development of national cybersecurity plans. While generic national strategies exist, few directly mention the health sector. This is unfortunate, since health is one of the sectors most vulnerable to cybercrime. At the start of the Covid-19 pandemic, the health sector saw a150% increase in cyberattacks, with hospital and health centres being the main targets. As the value of all data increases, so does the need to re-evaluate and revise national cybersecurity policies to integrate sectoral approaches.

Cybercrime in the health sector can undermine the trust between patients and health care institutions. For example, in 2016 São Paulo experienced a data breach, releasing the personal data of 650,000 patients and their medical information on pregnancy and abortion care. Since abortion is illegal in Brazil, women and doctors affected by this data breach were exposed to potential criminal charges. Their data could also be used to extort or defraud these women and the health care professionals who facilitated the procedures. Cybersecurity in data governance, especially in the health sector, needs to consider the gendered dimensions of the data it aims to protect so as to maintain trust and avoid exacerbating social inequities and gender disparities.

The digital architecture in low- and middle-income countries is diverse and young, especially in the health sector. This offers these countries an opportunity to innovate and build digital architectures that consider the value of health data and its security risks right from the design phase. Appropriate health data governance frameworks are essential to protect individuals, foster trust in health data, and ensure that the delivery of health services responds to the population’s health needs.

Data quality

According to DHIS2 core staff at the University of Oslo, some countries struggle to collect accurate data through the DHIS2 platform. The challenges include, among others, insufficient training, time constraints, and lack of incentives to report on a regular basis. Nonetheless, the quality of data can be improved through better supervision, training, capacity building, and community participation. The following cases from Guinea and Tanzania serve as evidence.

In 2015, the US Centers for Disease Control and Prevention (CDC) established an office in Guinea to support the fight against Ebola. Health information data in Guinea was previously stored on multiple servers or in paper-based hospital archives. The epidemic exposed the need for a nationwide unified system, and DHIS2 was introduced as part of the solution. In close collaboration with the Guinean Ministry of Health and partner NGOs, the CDC provided support in emergency management, disease surveillance, laboratory systems, and workforce development. In addition, the CDC introduced the Field Epidemiology Training Program (FETP), which helped build the capacity of the health workforce to collect and interpret data and respond to the outbreak. Since 2016, FETP graduates have conducted 43 investigations.

Tanzania has also adopted several strategies to enhance the quality of health data stored in DHIS2. A study found inconsistencies between the data that was registered at the local health clinic and the data in the DHIS2 platform. The research also revealed instances in which reports were manipulated before they were entered in DHIS2, and data found in the registries sometimes was not registered in the tally sheets or DHIS2. However, improved supervision, training, and feedback routines for health staff entering data to the platform helped improve local data quality, timeliness, and reporting. It also helped prevent data manipulation and reduced mismatches in the registration and accumulation processes.

Additionally, artificial intelligence and machine learning can be applied to develop chatbots for training and data quality improvement at the district level. This technology has come a long way in commercial applications, with chatbots serving as virtual assistants or Q&A managers in financial institutions and e-government portals. In the context of health services, chatbots are being utilised as virtual nurses. Accordingly, the DHIS2 team are currently investigating how machine learning and chatbots can be used for training health staff.

Crowdsourcing can be another way to promote high-quality data. An example is the Nyss application, which was developed by the Norwegian Red Cross (NorCross) to provide early warning of potential outbreaks of contagious diseases. The platform collects data through bounded crowdsourcing, in which members of a predefined ‘crowd’ provide the data. The crowd in this case consists of volunteer members of the Red Cross network in local communities, who are trained to recognise symptoms of diseases that can trigger epidemics. They report their observations via a coded SMS to the Nyss platform, which responds with advice and suggested first-aid measures. Health authorities and the Red Cross/Red Crescent Society can access aggregated reports, visualised on a dashboard. The platform automatically triggers alerts, informing supervisors and public authorities about potential disease outbreaks. It offers incentives for correct reporting: if cases are correctly reported, the chances for a response increase, and if false cases are reported, the contributor is discredited. The reliance on trained community volunteers is a model that could be useful in countries with a scarcity of professional health workers.

HMIS and DHIS2: The potential

The WHO guidance on integrating anti-corruption, transparency, and accountability in health systems assessments highlights the potential of HMIS to improve health data and promote integrity in health systems. This section focuses on three main outcomes, namely the potential of HMIS to enhance social accountability, detect fraud and corruption through data analytics, and improve public expenditure tracking.

HMIS can enhance social accountability

Social accountability is an important component of anti-corruption efforts in the health sector. It is a ‘participatory process’ in which ‘citizens are recognized as service users who are ultimately impacted by health care decisions and thereby can affect change in health policies, health services and/or health provider behaviour through their collective influence and action’. Tools include social audits, scorecards, and report cards, all of which have been used in various settings to improve health service delivery.

Experiences from the Latin American Open Data Initiative (ILDA) in Peru, Mexico, and Uruguay show that civic engagement in open data initiatives contributes to better health services. In Peru, ILDA engaged with Ojo Público, a non-profit data journalism network. Ojo Público developed Cuidados Intensivos (Intensive Care), a website where users could find information about the performance of the Peruvian health system. In Mexico, ILDA collaborated with two CSOs, Sonora Ciudadana and Cívica Digital,to explore the impact of open data on accountability in health service delivery. Within this framework, Sonora developed the platform La Rebelión de los Enfermos (Rebellion of the Sick) to provide a channel for grievances and demand accountability. Lastly, ILDA engaged with the Uruguayan Ministry of Health and DATA, a civic tech and open data association, to develop a programme that could publish and use performance data. This led to the creation of the web-based tool A Tu Servicio (At Your Service).

A 2018 study by U4 demonstrated that these information technology projects have enabled civil society to better monitor health service delivery (Peru), engage in the collection of grievances and provide a space for citizens to denounce corruption (Mexico), and co-produce data to inform users about the performance of health providers (Uruguay). Although Uruguay’s project is the only one still active, Peru’s and Mexico’s experiences are also worth reflecting on. All three prove that civil society’s active participation in the co-production, analysis, and monitoring of health data can foster more transparent and accountable health systems.

HMIS could also help strengthen social accountability efforts. Their data could be used to verify prior social audit reports and facility report cards, providing an important feedback loop, and their data collection and verification processes can help monitor the performance of current social accountability efforts. Likewise, social accountability initiatives can provide an important means to verify the accuracy of HMIS data. If data is made open and accessible, CSOs and citizens could compare HMIS periodic reports with their own.

HMIS, including DHIS2, could support downward transparency through their dashboards and analytics function, which enable the visualisation of large amounts of data. For example, dashboards and maps could make it easier for CSOs and citizens to compare data and identify discrepancies in datasets, which could point to problems such as drug stock-outs, health workforce absenteeism, and the prevalence of ghost workers. When health data and information is made accessible to CSOs and service users, they could gain insight into decision makers’ performance and use this information to hold officials accountable, as happened in Uruguay.

Data analytics to detect fraud and corruption

HMIS data can complement qualitative approaches, providing a better understanding of corruption risks. In particular, HMIS can play a role in promoting data-driven risk assessments, which are a useful complement to corruption risk assessments that rely merely on opinion surveys and informant interviews. HMIS data can be mined to detect fraud and corruption in health systems, provided that appropriate indicators are monitored.

DHIS2 health data could be mapped against specific health-related corruption risks identified in a situation analysis. These risks should account for the types of corruption that represent the biggest threats to the country’s health outcomes. For instance, ghost workers on health sector payrolls constitute a significant challenge in the Democratic Republic of Congo. With DHIS2 data, practitioners could analyse the ratio of health workers to patients in all 26 provinces; if the data is skewed in any region, this may point to the existence of ghost workers and wastage of resources due to corruption. Indeed, the DRC implemented a similar approach by developing a human resource information system in two states in 2017. This has helped identify ghost workers, resulting in reallocation of approximately US $1.8 million annually. Given the adaptable nature of DHIS2, there is no need to create tailored HMIS for specific health-related corruption risks. Countries can adjust their DHIS2 platforms to integrate indicators that shed light on their most pressing corruption risks in the health sector.

HMIS can also be used to ensure more transparency in health procurement and contracting. Corruption can easily infiltrate these processes and can be very lucrative. Researchers have identified proxy indicators to detect corruption within the context of procurement and contracting. These include, among others, the difference between the quantity (stock) of infrastructure and the related public spending (flow); single bidding; and reliance on exceptional procedures and the political connections of winning companies. The use of big data methods has facilitated the development of these indicators. Although they do not capture corruption directly, they do serve as valid proxies and invite further scrutiny.

Big data on contracting and procurement has expanded rapidly thanks to the Open Contracting Data Standard and contracting datasets, such as the one from Digiwhist, which accounts for over 17 million government contracts for 32 European countries and the institutions of the European Union. Digiwhist aims to compile and evaluate micro-level data on public procurement transactions and on the finance and ownership structures of winning firms. The data is then linked to data from asset and income declarations in order to detect potential conflicts of interests and identify systemic vulnerabilities in procurement systems. The World Bank Group recently launched ProACT, the first global tool that brings together open data on the award of public procurement contracts.

Combining technological tools such as artificial intelligence and eprocurement may also help reduce procurement corruption in the health sector. For example, ProZorro in Ukraine uses artificial intelligence (AI) to detect and flag corruption risks and expose tender irregularities such as conflicts of interests in the bidding process for medical products.

DHIS2 can be deployed in many countries where the health information system has a high level of interoperability across regions and districts. This means that there are opportunities to use AI and machine learning (ML) to detect fraudulent or ‘cooked’ data entries by comparing datasets from similar districts. AI and ML can be used to predict the likelihood of a particular pattern of data and trigger alerts in case of outliers or suspected fraudulent data. Statistical tools to capture outliers already exist, but machine learning could check the natural variations in a dataset and evaluate the likelihood of poor or false entries.

See Table 2, which outlines several proxy indicators to identify potential corruption risks across five of the six WHO health system building blocks.

Enhancing participatory budgeting and public expenditure tracking

DHIS2 is being used to track health financing, which is especially susceptible to corruption. Financial management information systems (FMIS) are deployed globally to improve government efficiency and increase participation, transparency, and accountability in public finances, including health finances. For example, in Nigeria the private sector developed and connected the APTMIS budget, income, and expenditure tracker to the national DHIS2 system to address fraud in health sector finances. In Afghanistan, a pilot Expenditure Management Information System (EMIS) for the health sector was deployed to harmonise reporting, improve health care planning, and promote transparency. The data collected in the EMIS is transactional, recording the expenses of the Ministry of Health and its partners based on a unified chart of accounts. To triangulate different data sources the Ministry identified basic indicators to inform data standards of financial aggregation, which were linked to the DHIS2 warehouse.

The DHIS2 system’s ability to deal with financial indicators is currently limited to aggregate data, including simple financial overview reports such as unspent budgets. FMIS, on the other hand, track the entire financial transactions process from budget formulation to accounting and reporting. Strengthening interoperability between DHIS2 and FMIS can help promote greater transparency and accountability in health financing.

Recommendations for government officials, donors, and civil society

HMIS are a foundation of evidence-based decision making in the health sector. The collection, analysis, and reporting of data are critical steps necessary to deliver sound and reliable information that can be used to identify health priorities and needs. Data, when used transparently, can also serve to monitor performance and keep health policymakers, professionals, and providers accountable. Despite corruption risks, such as manipulation and misuse of data by those with power, HMIS can also be a fundamental tool in the fight against health sector corruption. For this to happen, it is important to ensure an enabling operational environment and to include appropriate anti-corruption proxy indicators in DHIS2 platforms. This section provides recommendations to governments, donors, and civil society organisations on how to make this happen.

Recommendations for government officials

• Openly track and measure investments, lessons learned, challenges, and successes of their HMIS. Provide detailed, transparent, and accessible health data (on both processes and outcomes) for public scrutiny and monitoring. These data should be easy for all segments of the population to understand. Deployments and scale-up of HMIS, including DHIS2, need to be guided by strong monitoring, evaluation, and learning, which can promote transparency, accountability, and integrity in the health system.
• Place the protection of people’s privacy at the centre of open data governance policies. Not all data should be shared, especially when doing so can expose vulnerable groups – such as women, LGBTQIA+, poor people, and children, among others – to discrimination. Decisions about which data to share openly should consider the benefits of sharing versus the potential harms.
• Strengthen the capacity of all data stewards,0eb50266a9f8 including national statistics institutes, academic institutions, and civil society organisations, to provide more granular, standardised, and regionally disaggregated data on specific outcomes to promote transparency and equity in health care service delivery. When data is disaggregated, it reveals local health needs, mostly among marginalised groups such as women, rural populations, and the poor. This information can go missing if service allocation and decision making is based only on aggregate data. Nonetheless, data disaggregation should not come at the expense of data privacy regulations. Data stewards must work with data protection agencies to ensure that they can identify local health needs without putting at risk people’s identities and private information.
• Support capacity-building initiatives for health care workers, especially in rural areas, which focus on data literacy, data collection, data management, ethics, and gender. To address the digital divide, it is important to include women and other marginalised groups in all capacity-building initiatives. If health care workers and all other data stewards can see the value of collecting disaggregated data and the benefits it brings through tangible action, they will be more likely to collect, manage, and share data in a manner that upholds integrity.
• Have policies in place to encourage data sharing/interoperability between health datasets and other sources of data, on topics such as gender, income, and geographic locations, to facilitate the identification of different population groups and their health needs.
• Strengthen the regulatory environment to ensure a free civic space, such as through whistleblowing regulations, and work alongside the media, CSOs, and the wider public to co-produce and analyse health-related data and indicators. In addition, provide relevant trainings to non-state actors so they can fulfil their watchdog roles more effectively. Multi-stakeholder collaborations are also needed to mitigate the issue of health data poverty.
• Conduct gender risk assessments as part of the design and deployment of HMIS and corresponding cybersecurity strategies. This will help build more transparent and accountable digital health systems that respond to the needs of vulnerable population groups.

Recommendations for donors

• Align donor incentives and investments with national health digital plans and data-producing initiatives, favouring openness, integration, interoperability, and data sharing among regions, national sectors, civil society organisations, think tanks, academia, and private institutions.
• Promote corruption risk assessments based on reliable and standardised health indicators. Linking data analytics to broader corruption risk management objectives can help improve data governance, data infrastructure, and the institutionalisation of a data analytics function to manage corruption risks.
• Support the creation, evaluation, and standardisation of national digital policies along with privacy and data protection regulations to make sure that national plans consider the sensitivity of health data and the confidentiality of individuals. This will further protect health data from capture and prompt sanctions and other legal measures if data is mismanaged.
• Include, as part of their programmatic work, different remedies for challenges in data protection. These may include, among others, investments in computer ethics education and training among users; support for cross-border harmonisation of laws on data protection and of enforcement procedures; and provision of technical and policy support to help countries develop response preparedness plans for power blackouts/power failures and hardware failures.
• Invest in research studies that aim to identify corruption-related indicators affecting health systems, and/or in studies that explore the benefits of mapping health data against specific health-related corruption risks to identify which of these risks are the most pervasive.
• Help governments build national technical capacity among public officials, policymakers, national statistics offices, and health care managers on how to evaluate and use data to inform decision-making processes. This can include extensive training in management issues and statistical methods.
• Promote a more holistic approach to data use by sharing critical insights with the communities and organisations that helped collect the data at the local level. This can create an effective feedback loop, which in turn encourages a more transparent data culture. Citizens and CSOs that are involved in data collection will have greater ownership of the data, feel more obligation to collect accurate data, and use this data to keep governments and health service providers accountable. This will also enable governments to use the data more effectively to address local health needs.
• Support capacity development on cybersecurity for health sector professionals and government representatives. This will equip them with the skills and knowledge to respond to the rising cybersecurity threats in the health sector. Such learning and training activities will help raise awareness about the need to integrate cybersecurity in HMIS and to make the health sector part of the national core security agenda.
• Contribute to fostering a culture of evidence-based decision making, both in donors’ internal practices and in their relationships with partner countries. This can be done in two ways: through a bottom-up approach, in which local programme staff and data experts collaborate to generate evidence and use research, and through a top-down approach, where leaders encourage the use of health-related indicators and data and put in place institutional policies to secure the use of evidence in decision-making processes. Having a strong evidence-based decision-making culture can secure the sustainability of anti-corruption projects, even in the face of political turnover and/or changes in management.
• Publish information about all HMIS-related interventions in evaluation reports to contribute to knowledge sharing among donors, development partners, and health and anti-corruption communities.
• Encourage research on how other technological tools, such as machine learning and artificial intelligence, can support HMIS in identifying different corruption risks in the health sector, such as data manipulation, data misuse, health worker absenteeism, and falsification of medical products, among others.

Recommendations for civil society organisations

• Expand the role of CSOs as validators and co-creators of national health data to expose discrepancies in official health data and improve public awareness of government data sources and use. As co-creators, CSOs should not substitute for national HMIS but should complement government efforts and use the data collected to hold government accountable. For example, by collecting mortality data in rural and remote areas, CSOs can help uncover the most pressing needs of these communities and promote service allocation in accordance with local needs.
• Partner with data producers, such as district health facilities, to help monitor the raw data being collected and compare data collection. CSOs can do this by repackaging and disseminating the data offline (e.g., through radio, print publications, and community meetings) and online (e.g., through social media, mobile and web-based applications). Service users and providers will then be able to hold officials accountable for their actions.
• Engage the community by providing trainings on how to use open data to keep health officials accountable, and how to engage with DHIS2 and other relevant HMIS platforms to access and analyse health data.
• Disseminate all findings regarding the performance, successes, challenges, and setbacks of HMIS. These should be communicated in formats that can reach the wider community, especially the most marginalised groups. Examples include radio programmes, local community forums, and social media platforms, among others.
• Advocate for regulations that let citizens know when and what part of their health data has become compromised by cyberattacks and cyber-enabled crimes, such as corruption. CSOs can raise public awareness about the impact of cybercrimes in health and empower citizens to demand better health data protection and stronger cybersecurity frameworks.