Home Blog Health Data Protection in Cameroon: What the Law Means for Patient Records
Buyer's Guide

Health Data Protection in Cameroon: What the Law Means for Patient Records

OPES Health Systems · 23 Apr 2026 · 4 min read
15 views
0 comments
0 shares

Quick answer: Cameroon does not yet have a single, comprehensive data-protection statute, but patient data is protected through several instruments — chiefly Law No. 2010/012 of 21 December 2010 on Cybersecurity and Cybercrime, the oversight role of ANTIC (the National Agency for ICT), medical-confidentiality duties under the medical code of ethics, and Law No. 2022/008 covering health-research data. A dedicated general data-protection bill is in preparation. Hospitals must protect patient records through access control, confidentiality, and breach reporting.

This article is general information, not legal advice. Confirm specific obligations with a qualified Cameroonian legal adviser.

Key facts

  • Law No. 2010/012 (21 Dec 2010) on cybersecurity and cybercrime sets provisions on privacy, data retention, and the confidentiality of electronic communications.
  • ANTIC (Agence Nationale des Technologies de l'Information et de la Communication) oversees cybersecurity; organisations must notify it of attacks or intrusions affecting their systems.
  • Law No. 2022/008 on medical research involving human subjects protects health-related data of research participants.
  • Medical confidentiality is also enforced through the Medical Code of Ethics and the National Council of Medical Doctors.
  • A comprehensive general data-protection law is reportedly in preparation, so the framework is evolving.

What law protects patient data in Cameroon?

Rather than one law, protection currently comes from a combination of instruments. The 2010 cybersecurity and cybercrime law addresses privacy, the confidentiality of electronic communications, and data retention. ANTIC supervises cybersecurity and expects organisations to report intrusions. Medical confidentiality — a doctor's duty to keep patient information secret — is rooted in professional ethics and enforced by the medical council. And sector-specific rules, such as the 2022 law on medical research, protect particular categories of health data. Because a unified data-protection statute is still in preparation, hospitals should treat the strictest applicable principle as their baseline.

What does this mean for a hospital in practice?

The legal detail matters less than the operational duties it implies. Whatever the precise statute, a hospital handling patient records is expected to:

  • Keep patient information confidential — accessible only to those who need it for care or administration.
  • Control and log access so it is clear who viewed or changed a record, and when.
  • Secure data against intrusion and be able to detect and report breaches.
  • Retain and dispose of records appropriately, not indefinitely or carelessly.

Paper records fail most of these tests quietly: a paper file in an unlocked cabinet has no access log, no breach detection, and no controlled disposal.

How does a hospital management system support compliance?

A hospital management system builds these duties into daily operations:

  • Role-based access control. RBAC ensures a cashier, a nurse, and a doctor each see only what their role requires — the single most important privacy control.
  • Audit trails. Every view and change to a record is logged, so access is accountable and breaches are traceable.
  • Security controls. Encryption, authentication, and the kind of cybersecurity discipline that lets a hospital detect and report intrusions — as ANTIC expects.
  • Retention management. Records are stored, backed up, and retained according to policy rather than left in ageing paper files.

OPES Health Systems is designed with these controls at its core: role-based permissions, audit logging, and secure storage, so patient confidentiality is enforced by the system, not left to chance.

Frequently Asked Questions

Does Cameroon have a data protection law?

Cameroon does not yet have a single comprehensive data-protection statute, but patient data is protected through several instruments — notably the 2010 cybersecurity and cybercrime law, ANTIC oversight, medical-confidentiality ethics, and sector rules such as the 2022 medical-research law. A general data-protection bill is reportedly in preparation.

What is ANTIC's role in data protection?

ANTIC, Cameroon's National Agency for ICT, oversees cybersecurity. It is empowered to monitor and respond to computer- and cyber-related risks, and organisations operating information systems are expected to notify it of attacks or intrusions affecting their networks.

What must a hospital do to protect patient records?

At minimum, keep patient information confidential, restrict and log access to records, secure data against intrusion with the ability to detect and report breaches, and manage retention and disposal responsibly. A hospital management system with role-based access and audit trails makes these duties practical.

While the framework is still evolving, restricting access to patient data to those who need it is a core expectation of medical confidentiality and good data governance. Role-based access control is the most direct way a hospital enforces that principle in practice.

Conclusion

Cameroon's health data-protection framework is a patchwork today — the 2010 cyber-law, ANTIC oversight, medical confidentiality, and sector rules — with a comprehensive law on the way. Rather than wait for the statute, hospitals should adopt the underlying principles now: confidentiality, controlled and logged access, security, and responsible retention. A hospital management system that builds in role-based access and audit trails turns compliance from a paperwork worry into a default state.

OPES Health Systems protects patient records with role-based access, full audit trails, and secure storage — compliance built into the platform. Book a demo to see how.

Comments 0

No comments yet. Be the first to comment!

Leave a comment

Related articles