Skip to content
PHB/Public Health Bureau
ENEnglishSign inCreate an HPN →
About / Trust & sovereignty

Your data stays in Nigeria. Every access is logged. You can read the log.

This page explains exactly how PHB protects your data, enforces sovereignty, and gives you visibility of every access — in plain language, with no over-claiming.

Your data stays in Nigeria

Sovereignty Gateway — enforced at the network edge.

Every storage call in PHB routes through a Sovereignty Gateway before it leaves the application layer. The gateway inspects the destination and rejects any attempt to write health data outside Nigeria — this is enforced at the network layer, not just declared in policy.

Primary storage is in Lagos (NG-WEST). A hot mirror sits in Abuja (NG-NORTH) with automatic failover in under 90 seconds. Sovereign backups are kept in-country.

Primary storage: NG-WEST · Lagos — active reads and writes
Mirror: NG-NORTH · Abuja — hot standby, failover under 90 seconds
Egress border-locked at network layer — not just policy
Sovereign backups retained in-country
NDPC-licensed data controller — DPA available on request
Sovereignty Gateway — data flow
App layer (read / write request)
Sovereignty Gateway
inspects destination → blocks if outside NG
            ↓ (blocked)
NG-WEST · Lagos
Primary · active
NG-NORTH · Abuja
Mirror · hot standby
Egress outside Nigeria → BLOCKED + logged
Consent, even offline

Real-time by default. Humane fallbacks for every situation.

PHB’s default is real-time consent: a provider requests access and you approve it on your phone or via USSD. But Nigeria’s reality demands fallbacks for when you are offline, unreachable or unconscious.

Real-time consent
Default
Provider requests access. You approve via app, web or USSD *894#. Access is granted immediately and logged.
Offline consent code
Fallback
If you are unreachable, a time-boxed code is issued at the facility. You are notified and can revoke it at any time.
Time-boxed treatment basis
Fallback
For ongoing care where continuous consent is impractical — access is granted for a defined period you set.
Break-glass
Emergency only
For genuine emergencies. Requires a mandatory recorded reason from the clinician. You are force-notified immediately after.
Transparency hub

See every access. Raise a query. Pull consent.

The audit log is append-only and Merkle-hashed — entries cannot be altered or deleted without detection. It is retained for 7 years per NDPA requirements.

You can view the log from the app, web, USSD or IVR. You can pull access from any provider at any time, with immediate effect.

Transparency Hub · access logAppend-only
READ
Lab results · FBC panel
Dr A. Bello · LUTH · consented
14:22 today
WRITE
Prescription added · amlodipine
Alpha Pharmacy · Yaba
11:05 today
SHARE
Record shared · cardiology subset
By you — secure link, 24hr expiry
Yesterday
BREAK-GLASS
Emergency access · A&E Lagos
Dr U. Eze · reason logged
3 Jun 2026
CLAIM
NHIA pre-auth · approved
NHIA · Abuja
1 Jun 2026
How we protect it

Security measures, stated plainly.

Encryption in transit and at rest
All data is encrypted in transit over TLS 1.3. Storage encryption uses AES-256. Keys are rotated on a schedule and managed in a dedicated secrets service.
MFA — hardware WebAuthn for admins
Administrative access requires hardware security key (WebAuthn). Patient and clinician accounts require TOTP or SMS OTP.
Append-only, Merkle-hashed audit log
The audit log cannot be edited or deleted without detection. Each entry is hashed into a chain. Retained for 7 years.
Tested backups and disaster recovery
Backups are tested on a defined schedule — not just taken. Disaster recovery runbooks are maintained and exercised. RTO and RPO targets are documented.
Vulnerability management
A defined vulnerability management programme with SLAs for severity levels. PHB operates a responsible disclosure programme — contact security@phbhealth.com.
NDPC DSAR-ready
Data Subject Access Requests are handled within NDPA statutory timelines. The in-app and email paths are both operational. See the DSAR page for details.

Questions about your data?

Read the privacy notice, make a DSAR or contact the Data Protection Officer directly.

Privacy notice →Your rights (DSAR)