How to Become SHA Compliant in Kenya: Complete HMIS & DHA Guide (FY 2026/28)
Purpose: This guide explains exactly how healthcare providers in Kenya can become SHA compliant under the latest directives from the Social Health Authority (SHA) and Digital Health Agency (DHA). It covers HMIS requirements, DHA certification, the Digital Health Act, and step-by-step integration instructions.
Last Updated: July 2026
Executive Summary
The Government of Kenya, through the Social Health Authority (SHA) and the Digital Health Agency (DHA), has initiated the country's largest healthcare digital transformation.
Beginning with the FY 2026/28 SHA Contracting Cycle, every healthcare provider wishing to contract with SHA must operate an accredited Health Management Information System (HMIS) that complies with the Digital Health Act and is capable of integrating with the national digital health ecosystem.
The previous SHA Provider Portal is being phased out. Healthcare providers will now be expected to transact directly from their HMIS.
If your hospital is not SHA compliant, you risk losing your SHA contract and access to SHA-funded healthcare schemes.
Need help getting compliant? Contact Afya Stack Kenya for a free SHA compliance assessment, or learn about our SHA Integration Services.
The Regulatory Bodies
Social Health Authority (SHA)
SHA is responsible for:
- Healthcare financing
- Processing claims
- Provider contracting
- Patient benefit verification
- Healthcare payments
SHA requires providers to connect electronically to its centralized digital platform.
Digital Health Agency (DHA)
DHA is responsible for:
- Digital health regulation
- HMIS certification
- National interoperability standards
- Health Information Exchange (HIE)
- National health registries
- Digital health governance
The DHA does not provide hospitals with an HMIS. Instead, it certifies and regulates digital health systems.
What Changed? The Shift from SHA Provider Portal to HMIS Integration
Historically, healthcare providers used the SHA Provider Portal to submit claims manually.
Old Workflow:
Hospital → SHA Provider Portal → Claims Submission → Payment Processing
This process is now changing.
New SHA Compliant Workflow:
Hospital → Hospital HMIS → SHA Central Digital Platform → Claims Processing
The Provider Portal will be progressively discontinued. Every hospital must now submit claims directly from their HMIS.
What the SHA Compliance Directive Requires
To be SHA compliant, healthcare providers must:
- Operate a fully functional HMIS — your hospital must have a working health management information system.
- Use a DHA-accredited HMIS — your HMIS must be certified by the Digital Health Agency.
- Meet SHA technical integration requirements — your system must connect to SHA's digital platform.
- Maintain continuous electronic connectivity — always-on connection to SHA.
- Support electronic service verification — verify patient services electronically.
- Support electronic claims processing — submit and track claims digitally.
- Support secure health information exchange — share data securely with the national ecosystem.
Failure to comply may affect SHA contracting eligibility.
What Hospitals Are NOT Required to Do
The directive does not require hospitals to:
- Purchase a government HMIS
- Replace their existing HMIS
- Use one specific software vendor
Hospitals may continue using their preferred HMIS (OpenMRS, FunSoft, Care2000, Med360, or custom systems) provided it satisfies DHA certification requirements and integrates successfully with the national ecosystem.
This means you don't need to start from scratch — you need to make your current system compliant. Learn how our HMIS Integration Services can help.
Purpose of the New HMIS Policy
The transition aims to:
- Reduce manual claims processing
- Eliminate duplicate data entry
- Improve healthcare data quality
- Reduce fraud, waste and abuse
- Enable real-time eligibility verification
- Improve claims adjudication
- Improve provider performance monitoring
- Enable interoperability across Kenya's healthcare system
- Strengthen national health data management
Step-by-Step: How to Become SHA Compliant
Step 1: Ensure You Operate a Functional HMIS
Your hospital must have a working Health Management Information System. If you don't have one yet, or if your current system is outdated, this is your first priority.
Our Healthcare Software Development team can build or upgrade your HMIS to meet SHA requirements.
Step 2: Confirm Your HMIS Integrates with SHA and DHA Systems
Your HMIS must be able to:
- Submit claims electronically to SHA
- Verify patient eligibility in real-time
- Exchange health information securely
- Meet DHA interoperability standards
Our SHA Integration Services handle this entire process for you.
Step 3: Achieve DHA Certification
Your HMIS must be certified by the Digital Health Agency. DHA certification evaluates:
- Security
- Privacy
- Patient safety
- Interoperability
- System reliability
- Data quality
- Regulatory compliance
Our Technology Advisory services can guide you through the DHA certification process.
Step 4: Train Clinical and Administrative Staff
Your team needs to know how to use the new system for:
- Electronic claims submission
- Patient eligibility verification
- Digital health record management
- Secure information exchange
Step 5: Participate in SHA Onboarding
Work with SHA to complete the technical onboarding process, which includes:
- API credentials setup
- Testing connectivity
- Validating claims submission
- Going live with production integration
Step 6: Apply for DHA Certification (Where Applicable)
If you're a HMIS vendor or building a custom system, you'll need to apply for DHA certification directly.
SHA Compliance Requirements and Risks
Healthcare providers that fail to meet the prescribed HMIS requirements risk:
- Failure to obtain SHA contracts — you won't be able to contract with SHA
- Failure to renew SHA contracts — existing contracts won't be renewed
- Exclusion from SHA-funded healthcare schemes — your patients lose access to SHA benefits
These are serious consequences. If you haven't started your SHA compliance journey, contact us today for a free assessment.
Understanding Interoperability for SHA Compliance
One of the most important concepts introduced by the new regulations is interoperability — the ability of different healthcare systems to securely exchange and understand health information without manual intervention.
SHA Compliant Data Flow:
Patient Registration → Hospital HMIS → National Health Information Exchange → SHA → Claims Processing → Payment
Our Healthcare Interoperability Services ensure your systems can exchange data securely using HL7 FHIR, REST APIs, and other industry standards.
Technical Expectations for SHA Compliant HMIS
Compliant HMIS solutions must support:
- Secure API communication — encrypted data transmission
- Electronic claims submission — digital claims to SHA
- Electronic service verification — real-time patient verification
- Secure information exchange — protected health data sharing
- DHA standards compliance — meet all regulatory requirements
- Continuous online connectivity — always-on connection to SHA
- Data protection — comply with Kenya's data protection laws
- National interoperability standards — work with the national ecosystem
Recommended Technology Standards for SHA Compliance
Healthcare integration solutions should support:
| Standard | Purpose |
|---|---|
| REST APIs | API communication |
| HL7 FHIR | Healthcare data exchange |
| OAuth 2.0 | Authentication |
| OpenID Connect | Identity verification |
| TLS Encryption | Data in transit |
| Audit Logging | Compliance tracking |
| RBAC | Access control |
| Secure Data Storage | Data at rest |
Our Digital Transformation Consulting can help you implement these standards correctly.
Recommended Integration Architecture for SHA Compliance
SHA
│
Central Digital Platform
│
National Health Information Exchange
│
Integration Middleware
│
Existing HMIS
│
Hospital Operations
The integration layer handles:
- Data transformation
- Authentication
- API communication
- Error handling
- Audit logging
- Monitoring
- Synchronization
Example: Making OpenMRS SHA Compliant
OpenMRS can function as the hospital's HMIS. To make it SHA compliant:
OpenMRS → FHIR / REST APIs → Integration Middleware → SHA APIs → Claims, Eligibility Verification, Information Exchange
The middleware becomes responsible for ensuring compliance with SHA and DHA technical requirements.
SHA Compliance FAQs
What does SHA compliant mean?
SHA compliant means your hospital's HMIS can electronically connect to SHA's central platform to submit claims, verify patient eligibility, and exchange health information — without using the manual SHA Provider Portal.
How do I make my hospital SHA compliant?
To make your hospital SHA compliant: (1) ensure you have a functional HMIS, (2) integrate it with SHA's digital platform, (3) achieve DHA certification for your system, (4) train your staff, and (5) complete SHA onboarding. Contact Afya Stack for help with this process.
Do I need to replace my current HMIS to be SHA compliant?
No. The directive does not require hospitals to replace their existing HMIS. You can keep your current system (OpenMRS, FunSoft, etc.) — it just needs to be made compliant through integration and DHA certification.
What happens if my hospital is not SHA compliant?
Hospitals that fail to meet SHA compliance requirements risk losing their SHA contracts, being unable to renew contracts, and being excluded from SHA-funded healthcare schemes.
How long does SHA integration take?
Typically 3-6 months depending on your current systems. See our detailed SHA Integration Timeline guide for more information.
What is DHA certification?
DHA certification is the process by which the Digital Health Agency certifies that a digital health system meets Kenya's standards for security, privacy, interoperability, and regulatory compliance under the Digital Health Act.
Key Takeaways
The latest SHA directive does not require hospitals to replace their existing HMIS. Instead, it requires healthcare providers to:
- Operate an accredited HMIS
- Integrate with SHA's digital platform
- Meet DHA certification requirements
- Participate in Kenya's national digital health ecosystem
The government's objective is to establish a secure, interoperable, fully digital healthcare environment where healthcare providers exchange information electronically rather than through manual portals and disconnected systems.
Get Help Becoming SHA Compliant
Afya Stack Kenya has helped 50+ healthcare providers across Kenya achieve SHA compliance. Our services include:
- SHA Integration — connect your HMIS to SHA
- HMIS Integration — upgrade and connect your hospital system
- Healthcare Interoperability — implement HL7 FHIR and secure APIs
- Digital Transformation Consulting — strategic roadmap for compliance
- Technology Advisory — guidance on DHA certification
Book a free SHA compliance assessment today or check out our other resources:
Need Help with SHA Compliance?
Our experts have helped 50+ healthcare providers across Kenya achieve SHA compliance. Schedule a free assessment today.