This community innovation has been accepted at the 2025 DHIS2 Annual Conference
Data Encryption at Rest for DHIS2
THE NEED: Health Authorities are responsible for protecting the data of the people they serve. Many countries are also enacting Data Protection Regulations including hefty fines for failure to protect personal data. This is added to the ongoing risks of cyberattacks trying to monetize system’s vulnerabilities or damage public trust. DHIS2 offers a rich user management model that makes it possible to define and enforce access rules on data elements. However, data elements are always saved in clear text inside the database which makes it possible for malicious actors to break into it and access the clients’ data. THE CHALLENGE: Data encryption is the proven standard for protecting sensitive information at rest. However, encrypted data must be decrypted before it can be used, this poses an additional step that may be resource intensive and impractical. To search for records, build reports, etc, data must be accessible and visible from the database. Not all the data needs to be encrypted. There are instances where only a portion of the data element is sufficient (i.e. last four digits of a person’s national ID). In other cases, sensitive data must be saved in full to be useful (i.e. HIV status). PROPOSED SOLUTION: We will conduct a study of industry standards and recommendations for encryption at rest and conduct high level testing to understand the potential impact on the DHIS2 system using the sample Sierra Leone database. We will also take into consideration DHIS2 exiting development environment and tooling to propose a possible way forward for implementing an “encryption at rest” feature in future DHIS2 releases.
Primary Author: Eric Ramirez
Keywords:
encryption, security, GDPR, HIPPA
3 Likes
Great to see this innovation @Eric_Boyd_Ramirez.
I remember you had questions in the CoP about the current encryption and I’m glad to see that the inquiry developed into the above 
Thank you for sharing!
2 Likes