AI-powered healthcare: How Muhimbili is using smart technology

Abstract
The increasing integration of Artificial Intelligence (AI) into Tanzania's healthcare sector, exemplified by initiatives at Muhimbili National Hospital, presents both transformative opportunities and complex legal and ethical challenges. While the recently enacted Personal Data Protection Act, 2022 (PDPA) provides a comprehensive framework for data privacy, significant gaps remain concerning AI-specific regulation, accountability for algorithmic errors, and ensuring ethical deployment. This article explores the existing legal landscape, including the PDPA, the Cybercrimes Act, and healthcare-specific regulations, alongside the nascent Policy Framework for Artificial Intelligence in the Health Sector. It highlights the urgent need for tailored guidelines to address issues such as data bias, informed consent for AI-driven interventions, and liability, drawing parallels with international best practices from the World Health Organization.
Introduction
Artificial Intelligence (AI) is rapidly reshaping global healthcare, offering unprecedented capabilities in disease diagnosis, patient monitoring, and enhancing the overall quality of care. In Tanzania, leading institutions like Muhimbili National Hospital are embracing these smart technologies, signaling a significant shift towards digitally-driven medical practices. This technological advancement, while promising to detect illnesses earlier and provide real-time data support to health workers, simultaneously introduces a complex array of legal and ethical considerations that demand urgent attention from legal professionals and policymakers. The World Health Organization (WHO) acknowledges AI's immense potential but also stresses the imperative of embedding ethics and human rights at the core of its design and deployment.
The integration of AI into the Tanzanian health sector, as highlighted by the initiatives at Muhimbili, necessitates a thorough examination of the existing legal and regulatory framework. Practitioners must navigate a landscape where general data protection laws intersect with specific healthcare mandates, often without explicit provisions for AI. This article will delve into the current legal instruments governing data privacy, healthcare, and technology in Tanzania, analyze their applicability and limitations in the context of AI-powered healthcare, and identify critical areas requiring further legislative and regulatory development to ensure responsible, equitable, and accountable AI deployment.
Background
Tanzania's legal framework for technology and healthcare has evolved, albeit with the recent significant addition of a comprehensive data protection law. Historically, data protection provisions were fragmented across several statutes. The Constitution of the United Republic of Tanzania, 1977, enshrined the right to privacy, while the Electronic and Postal Communications Act, 2010 (EPCA), and its Consumer Protection Regulations, provided some safeguards for subscriber data confidentiality within the communications sector. The Cybercrimes Act, 2015, criminalized unauthorized access, interception, and interference with computer systems and data, offering a layer of protection against digital malfeasance.
A pivotal development occurred with the enactment of the Personal Data Protection Act, 2022 (PDPA), which came into force on May 1, 2023. The PDPA establishes a comprehensive regime for the collection, processing, and protection of personal data, aligning Tanzania with international data protection standards. It created the Personal Data Protection Commission as the supervisory authority and outlines core principles for lawful data processing, data subject rights, and obligations for data controllers and processors, including requirements for registration and breach notification. For the healthcare sector, the National Health Policy (2017) envisions a healthy population supported by accessible, equitable, and high-quality services, emphasizing robust Health Management Information Systems (HMIS) for data-driven decision-making. The Medical, Dental and Allied Health Professionals Act, 2017 (Cap. 152 R.E. 2023), regulates medical professionals and includes a code of ethics, while the Tanzania Medicines and Medical Devices Authority (TMDA) is responsible for regulating the safety, quality, and effectiveness of medical devices, which would encompass AI-powered diagnostic tools.
Analysis
The advent of AI in healthcare, as seen at Muhimbili, introduces nuanced legal challenges that stretch the interpretation and application of existing Tanzanian laws. While the PDPA provides a robust foundation for general data protection, its application to complex AI systems processing sensitive health data requires careful consideration. Key issues include the scope of informed consent for data used in AI training and deployment, especially when algorithms learn and evolve, and the implications for patient autonomy. The PDPA mandates explicit consent for data processing and restricts transborder data transfers to jurisdictions with adequate protection, which is crucial given the often international nature of AI development and cloud-based data storage.
Accountability and liability for AI-driven errors present a significant regulatory gap. Traditional medical malpractice frameworks typically assign liability to human practitioners or institutions. However, when an AI system contributes to a misdiagnosis or treatment error, determining whether the fault lies with the AI developer, the deploying clinician, the hospital, or the AI itself becomes complex. Tanzania's Medical, Dental and Allied Health Professionals Act, 2017, focuses on human professional conduct, and current laws do not explicitly address liability for autonomous or semi-autonomous AI systems. This necessitates a re-evaluation of liability doctrines to ensure patient protection and foster trust in AI technologies.
Ethical considerations, central to WHO guidelines, also demand specific attention. Algorithmic bias, stemming from unrepresentative training data, can lead to discriminatory outcomes in diagnosis or treatment for certain demographic groups. Ensuring transparency and explainability of AI decisions, often referred to as the “black box” problem, is vital for clinicians to understand and trust AI recommendations and for patients to give truly informed consent. While Tanzania has a "Policy Framework for Artificial Intelligence in the Health Sector" (2022) that emphasizes ethical AI use and data protection, recent analyses indicate it lacks specific guidelines for generative AI and regulatory clarity, particularly concerning its integration into Electronic Health Record (EHR) systems.
Furthermore, the regulation of AI as a medical device falls under the Tanzania Medicines and Medical Devices Authority (TMDA). The TMDA's mandate includes registration and post-market surveillance of medical devices. However, the dynamic, learning nature of many AI algorithms poses challenges for static registration and approval processes. Continuous monitoring and re-evaluation mechanisms are needed to ensure the ongoing safety and efficacy of adaptive AI systems. The WHO's regulatory considerations for AI in health highlight the need for a holistic, risk-based approach throughout the entire product lifecycle, including pre- and post-market deployment, and emphasize documentation and transparency to guard against data biases and manipulation.
Conclusion
The integration of AI into Tanzania's healthcare system, as championed by institutions like Muhimbili, marks a pivotal moment for advancing medical care. However, for this transformation to be truly beneficial and sustainable, it must be underpinned by a robust, adaptive, and ethically sound legal and regulatory framework. While the Personal Data Protection Act, 2022, provides a strong foundation for data privacy, it is clear that specific, detailed regulations are needed to address the unique challenges posed by AI in healthcare, particularly concerning accountability, algorithmic bias, and the nuances of informed consent for AI-driven interventions.
Legal practitioners in Tanzania must proactively engage with these evolving issues, advising healthcare providers, technology developers, and policymakers on compliance and risk mitigation. This includes advocating for the development of AI-specific ethical guidelines, clarifying liability frameworks for AI-induced errors, and ensuring that regulatory bodies like the TMDA are equipped to assess and monitor dynamic AI medical devices. The ongoing dialogue, informed by international best practices and the WHO's guidance, will be crucial in shaping a legal environment that fosters innovation while safeguarding patient rights and public trust in the era of AI-powered healthcare.
Citations
- 1.The Constitution of the United Republic of Tanzania, 1977
- 2.The Electronic and Postal Communications Act, 2010 (Cap. 446 R.E. 2022)
- 3.The Electronic and Postal Communication (Consumer Protection) Regulations, 2011
- 4.The Cybercrimes Act, 2015
- 5.The Electronic Transactions Act, 2015
- 6.The Personal Data Protection Act, 2022 (Act No. 11 of 2022)
- 7.The National Health Policy, 2017
- 8.The Medical, Dental and Allied Health Professionals Act, 2017 (Cap. 152 R.E. 2023)
- 9.Tanzania Food, Drugs and Cosmetics Act, Cap 219 (2003)
- 10.Executive Agencies Act, Cap. 245
- 11.Policy Framework for Artificial Intelligence in the Health Sector (Tanzania, 2022)
- 12.World Health Organization (WHO) guidance on Ethics & Governance of Artificial Intelligence for Health (June 2021)
- 13.World Health Organization (WHO) Regulatory Considerations on AI for Health (October 2023)
- 14.CIPESA, Privacy and Personal Data Protection in Tanzania
- 15.Data Protection Africa, Tanzania Fact Sheet
- 16.Bowmans, Tanzania: Privacy and Data Protection (part 1)
- 17.Bowmans, Tanzania: Privacy and Data Protection (part 2)
- 18.Victory Attorney's, DATA PROTECTION REGIME IN TANZANIA (ARTICLE 6)
- 19.Arazy Group, Tanzania Medical Device Registration
- 20.Tanzania Medicines and Medical Devices Authority (TMDA) website/documents
- 21.PubMed/PMC: Ethical and privacy challenges of integrating generative AI into EHR systems in Tanzania: A scoping review with a policy perspective (May 2025)
How does this affect your business?
Get an AI analysis of this article grounded in your jurisdictions, practice areas, and any policy documents you've uploaded to Wansom.
