Trends Analysis (2021-2025)
Health
We dive into the five-year performance trajectories (2021–2025) of the evaluated companies and entities in the Health Sector. By analysing historical trends and core metrics, this section reveals key patterns, competitive advantages, and priority improvement areas providing actionable insights into compliance drivers and hurdles to empower better decision-making and forward-thinking planning.
Trends in performance of assessed companies over time in the Health Sector
Performance Trends for Assessed Hospitals over the Years (2024-2025) in Rwanda
An assessment of data protection and privacy compliance performance among selected public health institutions in Rwanda, namely CHUK (University Teaching Hospital of Kigali), King Faisal Hospital, Ruhengeri Referral Hospital, and Rwanda Military Hospital, reveals generally low and uneven levels of compliance maturity between 2024 and 2025. Given the highly sensitive nature of health and patient data processed by these institutions, the findings underscore significant risks related to data protection and privacy.
CHUK (University Teaching Hospital of Kigali) recorded a static score of 4% in both 2024 and 2025, indicating no measurable improvement in data protection and privacy practices. This stagnation suggests persistent gaps in governance, limited implementation of privacy controls, and inadequate staff awareness. Considering CHUK's central role in providing tertiary healthcare services and handling large volumes of sensitive patient data, the lack of progress presents elevated compliance and reputational risks.
King Faisal Hospital experienced a decline in performance, dropping from 37% in 2024 to 30% in 2025. While the hospital continues to demonstrate relatively stronger compliance compared to other assessed facilities, the downward trend indicates challenges in sustaining previously established privacy practices. This regression may reflect gaps in continuous monitoring, policy enforcement, or adaptation to evolving data protection requirements within the health sector.
Ruhengeri Referral Hospital showed a significant deterioration, falling from 6% in 2024 to 0% in 2025. This result indicates the absence of effective data protection and privacy controls during the reporting period. Given the sensitivity of medical records and personal health information, this decline highlights critical vulnerabilities and the urgent need for foundational interventions to establish basic data protection frameworks.
Rwanda Military Hospital recorded a marginal improvement, increasing from 4% in 2024 to 5% in 2025. Although the increase is minimal, it suggests some effort to improve compliance. Nevertheless, the overall performance remains very low, indicating that existing measures are insufficient to adequately safeguard patient and staff data.
Overall, the data points to systemic weaknesses in data protection and privacy compliance across public health institutions in Rwanda. With the exception of King Faisal Hospital, which despite a decline remains comparatively more advanced, the institutions exhibit either stagnation or regression in compliance maturity. These findings highlight the urgent need for sector-wide strengthening of data protection practices, including the establishment of clear governance structures, routine compliance assessments, staff training on handling health data, and investment in secure health information systems. Failure to address these gaps exposes institutions to heightened risks of data breaches, regulatory non-compliance, and erosion of patient trust. Strengthening data protection and privacy practices is essential to protecting sensitive health information and supporting safe and ethical healthcare delivery.
Performance Trends for Assessed Hospitals over the Years (2024-2025) in Tanzania
An assessment of data protection and privacy compliance performance among selected health sector institutions in Tanzania, Muhimbili National Hospital, Regency Medical Center, CRBT Tanzania, and LyfPlus, reveals uneven levels of compliance maturity between 2024 and 2025. Given the highly sensitive nature of health and personal data processed by these institutions, the results highlight varying degrees of institutional commitment and capacity to meet data protection and privacy obligations.
Muhimbili National Hospital recorded a marginal improvement, increasing from 7% in 2024 to 8% in 2025. While the increase suggests some progress in strengthening data protection practices, the overall score remains very low. This indicates that privacy controls, governance structures, and staff awareness mechanisms are still underdeveloped. Considering the hospital's role as a national referral facility handling large volumes of sensitive patient data, the low compliance level presents significant privacy and regulatory risks.
Regency Medical Center maintained a static score of 4% across both years. The absence of improvement suggests stagnation in data protection and privacy efforts, potentially reflecting limited prioritization of compliance initiatives. The consistently low score indicates substantial gaps in safeguarding patient data and highlights the need for foundational improvements in data governance and security practices.
CRBT Tanzania recorded no change, maintaining a score of 6% in both 2024 and 2025. While the institution demonstrates slightly stronger performance than some peers, the lack of progress indicates that existing privacy measures have not been strengthened. Given CRBT's handling of sensitive health and personal data, the static performance suggests exposure to compliance and data security risks.
In contrast, LyfPlus demonstrated relatively strong and improving performance, increasing from 40% in 2024 to 43% in 2025. This improvement indicates a more mature approach to data protection and privacy compliance, likely supported by clearer governance structures, stronger data handling practices, and greater organizational awareness. LyfPlus stands out among the assessed institutions as having made meaningful progress toward aligning with data protection requirements.
Overall, the data highlights significant disparities in data protection and privacy compliance maturity within Tanzania's health sector. Public and traditional healthcare institutions show persistently low or stagnant performance, suggesting systemic challenges in implementing effective privacy frameworks. In contrast, LyfPlus demonstrates that targeted investment and institutional commitment can lead to measurable compliance improvements.
These findings underscore the urgent need for strengthened data protection governance across the health sector, including regular compliance assessments, staff training on handling sensitive health data, and investment in secure health information systems. Institutions with persistently low compliance levels remain vulnerable to regulatory non-compliance, data breaches, and loss of patient trust. Enhancing data protection and privacy practices is essential to safeguarding personal health information and supporting safe, ethical, and compliant healthcare delivery.
Performance Trends for Assessed Hospitals over the Years (2024-2025) in Mauritius
An assessment of data protection and privacy compliance performance among selected health sector institutions, namely Wellkin Hospital, Clinique Darne, Aegle Clinic, and Dr. Agarwal's Eye Hospital, shows varied levels of compliance maturity and progress between 2024 and 2025. Given the sensitive nature of health and personal data processed by these institutions, the results provide important insights into their ability to meet data protection and privacy obligations.
Wellkin Hospital demonstrated a significant improvement in compliance performance, increasing from 45% in 2024 to 61% in 2025. This notable rise suggests strengthened data protection governance, improved handling of patient information, and greater institutional awareness of privacy requirements. The 2025 performance indicates a maturing compliance framework and positions the hospital as one of the stronger performers among the assessed institutions.
Clinique Darne similarly recorded substantial progress, improving from 45% in 2024 to 61% in 2025. This parallel increase suggests targeted efforts to enhance privacy controls, possibly through updated policies, improved staff training, and strengthened security measures. The improvement reflects a growing commitment to safeguarding patient data and aligning with data protection standards.
In contrast, Aegle Clinic maintained a consistently low score of 5% in both years. The lack of improvement indicates persistent deficiencies in data protection and privacy practices. This stagnation highlights significant vulnerabilities in the handling of patient data and underscores the urgent need for foundational interventions to establish basic privacy governance and compliance mechanisms.
Dr. Agarwal's Eye Hospital showed clear progress, increasing from 33% in 2024 to 48% in 2025. This improvement reflects strengthened privacy practices and growing compliance maturity, although the 2025 score suggests there remains room for further enhancement to reach higher compliance levels comparable to leading institutions.
Overall, the data reveals a divergent compliance landscape within the health sector. Wellkin Hospital and Clinique Darne demonstrate that sustained investment in data protection frameworks and organizational capacity can yield significant compliance gains. Dr. Agarwal's Eye Hospital also shows positive momentum, though continued efforts are required to consolidate progress. Conversely, the persistently low performance of Aegle Clinic presents serious compliance and reputational risks, particularly given the sensitivity of health data. These findings underscore the need for sector-wide prioritization of data protection, including clear governance structures, regular compliance reviews, staff training, and investment in secure health information systems. Strengthening data protection and privacy practices is essential to ensuring regulatory compliance, protecting patient confidentiality, and maintaining trust in healthcare service delivery.
Performance Trends for Assessed Hospitals over the Years (2024-2025) in Zimbabwe
An assessment of data protection and privacy compliance performance among Zimbabwe's Karanda Mission Hospital, Mpilo Central Hospital, Baines Avenue Clinic, and Parirenyatwa General Hospital (PGH), indicates persistently low levels of compliance maturity between 2024 and 2025. Given the highly sensitive nature of health and patient data handled by these institutions, the findings raise serious concerns regarding the adequacy of data protection and privacy safeguards.
Karanda Mission Hospital maintained a score of 8% in both 2024 and 2025, indicating no measurable improvement in data protection and privacy practices. While the hospital demonstrates some minimal level of compliance, the stagnation suggests limited progress in strengthening governance structures, implementing privacy controls, or enhancing staff awareness. The consistently low score highlights ongoing vulnerabilities in the handling of patient data.
Mpilo Central Hospital recorded a score of 0% in both 2024 and 2025, indicating a complete absence of measurable data protection and privacy controls during the period under review. This persistent lack of compliance presents significant risks, particularly given the hospital's role as a major public referral facility managing large volumes of sensitive patient information. The findings suggest an urgent need for foundational interventions to establish basic data protection frameworks and safeguards.
Baines Avenue Clinic maintained a static score of 4% across both years. The absence of improvement points to persistent gaps in data protection practices and a lack of prioritization of privacy compliance. The low score indicates that existing measures, if any, are insufficient to ensure the confidentiality and security of patient data.
Parirenyatwa General Hospital (PGH) recorded a consistent score of 5% in both 2024 and 2025. While marginally higher than some peers, the unchanged performance suggests stagnation and limited advancement in privacy compliance maturity. Given the scale and complexity of operations at PGH, the low score highlights significant exposure to data protection and regulatory risks.
Overall, the data reveals systemic weaknesses in data protection and privacy compliance across the assessed health sector institutions. The absence of improvement over the two-year period suggests that data protection has not been adequately prioritized within institutional governance and operational frameworks. These findings underscore the urgent need for sector-wide reforms, including the establishment of clear data protection governance structures, regular compliance assessments, targeted staff training, and investment in secure health information systems. Institutions with persistently low or non-existent compliance levels remain highly vulnerable to data breaches, regulatory non-compliance, and erosion of patient trust. Strengthening data protection and privacy practices is critical to safeguarding sensitive health information and supporting ethical, secure, and compliant healthcare delivery.
Performance Trends for Assessed Hospitals over the Years (2024-2025) in Kenya
An assessment of data protection and privacy compliance performance among selected Kenyan hospitals, namely Nairobi Hospital, Nairobi Women's Hospital, Karen Hospital, and Aga Khan University Hospital, reveals varied levels of compliance maturity and mixed trends between 2024 and 2025. Given the highly sensitive nature of patient and health data handled by these institutions, the findings provide important insight into their alignment with data protection and privacy obligations.
Nairobi Hospital recorded a consistently low score of 4% in both 2024 and 2025, indicating no measurable improvement in data protection and privacy practices. This stagnation suggests persistent gaps in governance structures, limited implementation of privacy controls, and insufficient staff awareness. The unchanged low performance highlights significant vulnerabilities in safeguarding patient data and exposes the institution to elevated compliance and reputational risks.
Nairobi Women's Hospital demonstrated notable improvement, increasing from 4% in 2024 to 18% in 2025. This upward trend indicates deliberate efforts to strengthen data protection practices, potentially through policy development, improved data handling procedures, and increased institutional awareness of privacy requirements. While the improvement is encouraging, the 2025 score remains moderate, suggesting the need for continued investment to achieve higher compliance maturity.
Karen Hospital experienced a slight decline, decreasing from 20% in 2024 to 18% in 2025. Although the reduction is marginal, it suggests challenges in sustaining previously established privacy practices. The hospital maintains a moderate level of compliance; however, the downward trend underscores the importance of continuous monitoring and reinforcement of data protection controls to prevent further regression.
Aga Khan University Hospital recorded a decline in performance, falling from 50% in 2024 to 44% in 2025. Despite the decrease, the hospital remains the strongest performer among the assessed institutions. The regression may reflect evolving compliance expectations or gaps in maintaining consistency across privacy controls. Sustained effort will be required to preserve its relatively advanced compliance posture and align with best practices.
Overall, the data indicates uneven data protection and privacy compliance maturity among Kenyan hospitals. While Nairobi Women's Hospital demonstrates meaningful progress, Nairobi Hospital continues to lag significantly, and both Karen Hospital and Aga Khan University Hospital show signs of regression. These trends underscore the need for sustained and systematic investment in data protection governance across the health sector. Hospitals handling sensitive patient data must prioritize continuous compliance assessments, staff training, and strengthening of technical and organizational safeguards. Institutions that fail to address persistent gaps remain exposed to regulatory sanctions, data breaches, and erosion of patient trust, while those that maintain or improve compliance are better positioned to support ethical, secure, and compliant healthcare delivery.
Performance Trends for Assessed Hospitals over the Years (2021-2025) in Uganda
An assessment of data protection and privacy compliance among Case Hospital, IHK Uganda, Nakasero Hospital, and Lubaga Hospital reveals a generally positive trajectory since 2021, though varying levels of maturity are evident across institutions.
Case Hospital maintained a score of 11% in 2025, unchanged from 2024. This stability suggests that while initial steps to establish privacy measures have been sustained since its rise from 0% in 2021, progress remains modest. The institution continues to have significant gaps in governance, technical safeguards, and staff awareness, highlighting the need for continued investment in privacy and data protection frameworks.
IHK Uganda showed a slight improvement, increasing from 55% in 2024 to 56% in 2025. This steady high score demonstrates that the hospital has developed a relatively mature approach to data protection, with robust privacy policies and practices likely in place. IHK Uganda remains the leader in the group, reflecting a strong commitment to safeguarding patient information, reducing legal and compliance risks, and enhancing patient trust.
Nakasero Hospital experienced a decline from 47% in 2024 to 38% in 2025, indicating potential challenges in sustaining previously implemented privacy measures. While still performing above Case and Lubaga Hospitals, the drop suggests a need for renewed focus on maintaining and strengthening data protection governance, staff training, and monitoring mechanisms.
Lubaga Hospital showed a notable improvement, rising from 20% in 2024 to 35% in 2025. This increase reflects significant progress in implementing privacy and data protection practices, signaling the hospital's commitment to strengthening compliance and safeguarding patient data. However, despite the improvement, there is still room to enhance maturity to meet industry best practices.
Overall, the data illustrates a sector in gradual improvement, with some institutions like IHK Uganda achieving relatively mature compliance, while others remain at early stages of data protection implementation. The variation highlights the importance of continuous investment in privacy governance, staff training, and technical safeguards to maintain and improve compliance levels. Hospitals that demonstrate consistent improvement, such as Lubaga Hospital, signal growing readiness to protect patient data and align with regulatory standards. Conversely, institutions with stagnant or declining scores, like Case Hospital and Nakasero Hospital, remain vulnerable to data breaches, regulatory penalties, and reputational damage. Strengthening data protection practices across all hospitals is critical to ensure patient confidentiality, regulatory compliance, and trust in the healthcare system.