SHA Compliance12 min read1 July 2026
Share:

How to Become SHA Compliant in Kenya: Complete HMIS & DHA Guide (FY 2026/28)

Step-by-step guide to becoming SHA compliant in Kenya. Learn the new HMIS requirements, DHA certification process, Digital Health Act compliance, and how to integrate your hospital system with SHA for FY 2026/28.

Afya Stack Kenya

Healthcare Technology Experts

How to Become SHA Compliant in Kenya: Complete HMIS & DHA Guide (FY 2026/28)

Purpose: This guide explains exactly how healthcare providers in Kenya can become SHA compliant under the latest directives from the Social Health Authority (SHA) and Digital Health Agency (DHA). It covers HMIS requirements, DHA certification, the Digital Health Act, and step-by-step integration instructions.

Last Updated: July 2026


Executive Summary

The Government of Kenya, through the Social Health Authority (SHA) and the Digital Health Agency (DHA), has initiated the country's largest healthcare digital transformation.

Beginning with the FY 2026/28 SHA Contracting Cycle, every healthcare provider wishing to contract with SHA must operate an accredited Health Management Information System (HMIS) that complies with the Digital Health Act and is capable of integrating with the national digital health ecosystem.

The previous SHA Provider Portal is being phased out. Healthcare providers will now be expected to transact directly from their HMIS.

If your hospital is not SHA compliant, you risk losing your SHA contract and access to SHA-funded healthcare schemes.

Need help getting compliant? Contact Afya Stack Kenya for a free SHA compliance assessment, or learn about our SHA Integration Services.


The Regulatory Bodies

Social Health Authority (SHA)

SHA is responsible for:

  • Healthcare financing
  • Processing claims
  • Provider contracting
  • Patient benefit verification
  • Healthcare payments

SHA requires providers to connect electronically to its centralized digital platform.

Digital Health Agency (DHA)

DHA is responsible for:

  • Digital health regulation
  • HMIS certification
  • National interoperability standards
  • Health Information Exchange (HIE)
  • National health registries
  • Digital health governance

The DHA does not provide hospitals with an HMIS. Instead, it certifies and regulates digital health systems.


What Changed? The Shift from SHA Provider Portal to HMIS Integration

Historically, healthcare providers used the SHA Provider Portal to submit claims manually.

Old Workflow:

Hospital → SHA Provider Portal → Claims Submission → Payment Processing

This process is now changing.

New SHA Compliant Workflow:

Hospital → Hospital HMIS → SHA Central Digital Platform → Claims Processing

The Provider Portal will be progressively discontinued. Every hospital must now submit claims directly from their HMIS.


What the SHA Compliance Directive Requires

To be SHA compliant, healthcare providers must:

  1. Operate a fully functional HMIS — your hospital must have a working health management information system.
  2. Use a DHA-accredited HMIS — your HMIS must be certified by the Digital Health Agency.
  3. Meet SHA technical integration requirements — your system must connect to SHA's digital platform.
  4. Maintain continuous electronic connectivity — always-on connection to SHA.
  5. Support electronic service verification — verify patient services electronically.
  6. Support electronic claims processing — submit and track claims digitally.
  7. Support secure health information exchange — share data securely with the national ecosystem.

Failure to comply may affect SHA contracting eligibility.


What Hospitals Are NOT Required to Do

The directive does not require hospitals to:

  • Purchase a government HMIS
  • Replace their existing HMIS
  • Use one specific software vendor

Hospitals may continue using their preferred HMIS (OpenMRS, FunSoft, Care2000, Med360, or custom systems) provided it satisfies DHA certification requirements and integrates successfully with the national ecosystem.

This means you don't need to start from scratch — you need to make your current system compliant. Learn how our HMIS Integration Services can help.


Purpose of the New HMIS Policy

The transition aims to:

  • Reduce manual claims processing
  • Eliminate duplicate data entry
  • Improve healthcare data quality
  • Reduce fraud, waste and abuse
  • Enable real-time eligibility verification
  • Improve claims adjudication
  • Improve provider performance monitoring
  • Enable interoperability across Kenya's healthcare system
  • Strengthen national health data management

Step-by-Step: How to Become SHA Compliant

Step 1: Ensure You Operate a Functional HMIS

Your hospital must have a working Health Management Information System. If you don't have one yet, or if your current system is outdated, this is your first priority.

Our Healthcare Software Development team can build or upgrade your HMIS to meet SHA requirements.

Step 2: Confirm Your HMIS Integrates with SHA and DHA Systems

Your HMIS must be able to:

  • Submit claims electronically to SHA
  • Verify patient eligibility in real-time
  • Exchange health information securely
  • Meet DHA interoperability standards

Our SHA Integration Services handle this entire process for you.

Step 3: Achieve DHA Certification

Your HMIS must be certified by the Digital Health Agency. DHA certification evaluates:

  • Security
  • Privacy
  • Patient safety
  • Interoperability
  • System reliability
  • Data quality
  • Regulatory compliance

Our Technology Advisory services can guide you through the DHA certification process.

Step 4: Train Clinical and Administrative Staff

Your team needs to know how to use the new system for:

  • Electronic claims submission
  • Patient eligibility verification
  • Digital health record management
  • Secure information exchange

Step 5: Participate in SHA Onboarding

Work with SHA to complete the technical onboarding process, which includes:

  • API credentials setup
  • Testing connectivity
  • Validating claims submission
  • Going live with production integration

Step 6: Apply for DHA Certification (Where Applicable)

If you're a HMIS vendor or building a custom system, you'll need to apply for DHA certification directly.


SHA Compliance Requirements and Risks

Healthcare providers that fail to meet the prescribed HMIS requirements risk:

  • Failure to obtain SHA contracts — you won't be able to contract with SHA
  • Failure to renew SHA contracts — existing contracts won't be renewed
  • Exclusion from SHA-funded healthcare schemes — your patients lose access to SHA benefits

These are serious consequences. If you haven't started your SHA compliance journey, contact us today for a free assessment.


Understanding Interoperability for SHA Compliance

One of the most important concepts introduced by the new regulations is interoperability — the ability of different healthcare systems to securely exchange and understand health information without manual intervention.

SHA Compliant Data Flow:

Patient Registration → Hospital HMIS → National Health Information Exchange → SHA → Claims Processing → Payment

Our Healthcare Interoperability Services ensure your systems can exchange data securely using HL7 FHIR, REST APIs, and other industry standards.


Technical Expectations for SHA Compliant HMIS

Compliant HMIS solutions must support:

  • Secure API communication — encrypted data transmission
  • Electronic claims submission — digital claims to SHA
  • Electronic service verification — real-time patient verification
  • Secure information exchange — protected health data sharing
  • DHA standards compliance — meet all regulatory requirements
  • Continuous online connectivity — always-on connection to SHA
  • Data protection — comply with Kenya's data protection laws
  • National interoperability standards — work with the national ecosystem

Recommended Technology Standards for SHA Compliance

Healthcare integration solutions should support:

StandardPurpose
REST APIsAPI communication
HL7 FHIRHealthcare data exchange
OAuth 2.0Authentication
OpenID ConnectIdentity verification
TLS EncryptionData in transit
Audit LoggingCompliance tracking
RBACAccess control
Secure Data StorageData at rest

Our Digital Transformation Consulting can help you implement these standards correctly.


Recommended Integration Architecture for SHA Compliance

                    SHA
                     │
        Central Digital Platform
                     │
         National Health Information Exchange
                     │
              Integration Middleware
                     │
               Existing HMIS
                     │
                Hospital Operations

The integration layer handles:

  • Data transformation
  • Authentication
  • API communication
  • Error handling
  • Audit logging
  • Monitoring
  • Synchronization

Example: Making OpenMRS SHA Compliant

OpenMRS can function as the hospital's HMIS. To make it SHA compliant:

OpenMRS → FHIR / REST APIs → Integration Middleware → SHA APIs → Claims, Eligibility Verification, Information Exchange

The middleware becomes responsible for ensuring compliance with SHA and DHA technical requirements.


SHA Compliance FAQs

What does SHA compliant mean?

SHA compliant means your hospital's HMIS can electronically connect to SHA's central platform to submit claims, verify patient eligibility, and exchange health information — without using the manual SHA Provider Portal.

How do I make my hospital SHA compliant?

To make your hospital SHA compliant: (1) ensure you have a functional HMIS, (2) integrate it with SHA's digital platform, (3) achieve DHA certification for your system, (4) train your staff, and (5) complete SHA onboarding. Contact Afya Stack for help with this process.

Do I need to replace my current HMIS to be SHA compliant?

No. The directive does not require hospitals to replace their existing HMIS. You can keep your current system (OpenMRS, FunSoft, etc.) — it just needs to be made compliant through integration and DHA certification.

What happens if my hospital is not SHA compliant?

Hospitals that fail to meet SHA compliance requirements risk losing their SHA contracts, being unable to renew contracts, and being excluded from SHA-funded healthcare schemes.

How long does SHA integration take?

Typically 3-6 months depending on your current systems. See our detailed SHA Integration Timeline guide for more information.

What is DHA certification?

DHA certification is the process by which the Digital Health Agency certifies that a digital health system meets Kenya's standards for security, privacy, interoperability, and regulatory compliance under the Digital Health Act.


Key Takeaways

The latest SHA directive does not require hospitals to replace their existing HMIS. Instead, it requires healthcare providers to:

  • Operate an accredited HMIS
  • Integrate with SHA's digital platform
  • Meet DHA certification requirements
  • Participate in Kenya's national digital health ecosystem

The government's objective is to establish a secure, interoperable, fully digital healthcare environment where healthcare providers exchange information electronically rather than through manual portals and disconnected systems.


Get Help Becoming SHA Compliant

Afya Stack Kenya has helped 50+ healthcare providers across Kenya achieve SHA compliance. Our services include:

Book a free SHA compliance assessment today or check out our other resources:

Share:

Need Help with SHA Compliance?

Our experts have helped 50+ healthcare providers across Kenya achieve SHA compliance. Schedule a free assessment today.