Veona Veona Trust Center veonahealth.com ↗
Compliance

Compliance and standards

Veona is built for African healthcare, governed by the law of the market it serves and engineered to recognised clinical standards. Here is where we stand, stated plainly.

Data protection by market

Local law, local accountability

Patient data is processed under each facility, which is the data controller. Veona acts on documented instructions and aligns to the data-protection regime of the country where the deployment operates.

Nigeria

NDPA 2023 and NDPR

Regulator: Nigeria Data Protection Commission (NDPC)

We align to the Nigeria Data Protection Act 2023 and the NDPR, support registration with the NDPC, and appoint a Data Protection Officer (DPO) as required.

Kenya

Data Protection Act 2019

Regulator: Office of the Data Protection Commissioner (ODPC)

We align to Kenya’s Data Protection Act 2019 and the supervisory role of the ODPC for deployments serving Kenyan facilities.

Ghana

Data Protection Act 2012 (Act 843)

Regulator: Data Protection Commission

We align to Ghana’s Data Protection Act 2012 (Act 843) for the lawful processing of personal and health data.

South Africa

POPIA

Regulator: Information Regulator

We align to the Protection of Personal Information Act (POPIA) and its conditions for lawful processing.

African Union

Malabo Convention

Regulator: African Union

We track the AU Convention on Cyber Security and Personal Data Protection (Malabo Convention) as the regional framework for data protection.

Clinical and laboratory standards

Standards we build to

These standards are reflected in how Veona codes, exchanges, and assures clinical and laboratory data.

ISO 15189

Quality and competence for medical laboratories. Our laboratory and diagnostics suite is built to this lab-quality standard.

WHO ICD-11

International Classification of Diseases for consistent clinical coding and reporting.

DHIS2

Export to national health information systems for public-health reporting.

FHIR R4

Modern interoperability for exchanging clinical resources with other systems.

HL7 v2

Established messaging for orders, results, and clinical events across hospital systems.

DICOM

Imaging interoperability for radiology and PACS.

Certification roadmap

Targets, stated honestly

The following are published trust milestones we are working toward. They are targets, not certifications we currently hold. We will update this page if and when status changes.

ISO 27001

Target / in progress

Information security management. A published milestone we are working toward. Not currently held.

SOC 2

Target / in progress

Trust services controls for security and availability. A published milestone we are working toward. Not currently held.