Step-by-Step Guide15 min readUpdated June 2024

How to Make Your Hospital SHA Compliant in Kenya

A complete step-by-step guide to achieving Social Health Authority compliance for your hospital — from registration to full integration and go-live.

What Does SHA Compliance Mean for Your Hospital?

The Social Health Authority (SHA) is Kenya's national health insurance program, replacing the former NHIF. For hospitals, SHA compliance means your facility can verify patient eligibility, submit claims electronically, and receive timely reimbursements. Without SHA compliance, your hospital cannot serve SHA-insured patients or receive payments from the national health insurance fund. Achieving compliance involves registering with SHA, integrating your Hospital Management Information System (HMIS) with SHA's platform, meeting data security standards, and training your staff on new workflows.

This guide walks you through every step required to make your hospitalSHA compliant in Kenya. Whether you're starting from scratch or upgrading an existing system, follow these steps to achieve full compliance with the Social Health Authority.

1

Register Your Hospital with the Social Health Authority

Before any technical integration, your hospital must be officially registered and accredited by SHA.

  • Visit the SHA portal at sha.go.ke and create a facility account
  • Submit your hospital license, KRA certificate, and facility registration documents
  • Provide your facility details: name, location, bed capacity, departments, and services offered
  • Wait for SHA verification and approval (typically 2-4 weeks)
  • Receive your unique facility identifier and SHA API credentials
  • Sign the SHA provider agreement outlining terms of service and claims processing rules
2

Assess Your Current HMIS Readiness

Evaluate whether your existing Hospital Management Information System can support SHA integration.

  • Check if your HMIS supports HL7 or FHIR data exchange standards
  • Verify that your system can handle electronic claims submission (e-claims)
  • Assess your patient registration module — does it capture SHA member numbers?
  • Check if your billing system can generate SHA-compliant claim formats
  • Evaluate your internet connectivity and server infrastructure for real-time API calls
  • Document any gaps between your current system and SHA requirements
  • Consider whether you need a system upgrade or can integrate with your existing HMIS
3

Integrate Your HMIS with the SHA Platform

Connect your hospital management system to SHA's API for real-time data exchange.

  • Obtain SHA API documentation and sandbox credentials for testing
  • Configure API endpoints for eligibility verification, claims submission, and pre-authorization
  • Implement secure authentication using OAuth 2.0 or API keys provided by SHA
  • Build or configure the claims submission module to generate SHA-compliant XML/JSON claims
  • Set up real-time eligibility verification at patient registration points
  • Enable automated pre-authorization requests for procedures that require approval
  • Test all API integrations in the SHA sandbox environment before going live
  • Work with an integration partner like Afya Stack Kenya if your in-house team needs support
4

Implement Claims Processing Automation

Set up electronic claims submission and tracking to replace manual paperwork.

  • Configure your billing module to auto-generate SHA claims from patient encounter data
  • Map your service codes and tariffs to SHA's standard code sets
  • Set up automated claim validation to catch errors before submission
  • Implement real-time claim status tracking so staff can monitor pending/approved/rejected claims
  • Configure automated re-submission workflows for rejected claims
  • Set up reconciliation reports to match SHA payments against submitted claims
  • Test the full claims cycle: registration → service → claim → submission → payment
5

Ensure Data Security and Privacy Compliance

Meet Kenya's data protection requirements under the Digital Health Act and Data Protection Act.

  • Implement end-to-end encryption for all data transmitted to and from SHA
  • Ensure your HMIS stores patient data in encrypted format at rest
  • Set up role-based access controls so only authorized staff can view SHA-related data
  • Maintain audit logs of all SHA API calls, claims submissions, and eligibility checks
  • Conduct a data protection impact assessment (DPIA) for your SHA integration
  • Ensure compliance with the Kenya Data Protection Act 2019 and Digital Health Act 2023
  • Implement backup and disaster recovery procedures for SHA-related data
  • Regularly update your security certificates and API credentials
6

Train Your Staff on SHA Workflows

Ensure all relevant staff understand the new SHA-compliant processes.

  • Train front desk staff on SHA member verification and patient registration
  • Train billing staff on electronic claims submission and rejection handling
  • Train clinicians on pre-authorization workflows for procedures requiring SHA approval
  • Train IT staff on monitoring API connections and troubleshooting integration issues
  • Create quick-reference guides for each department's SHA-related tasks
  • Conduct mock runs of the full patient journey: registration → treatment → claims → payment
  • Set up a helpdesk or support channel for staff questions during the transition
7

Go Live and Monitor

Launch your SHA integration in production and monitor for issues.

  • Switch from sandbox to production SHA API credentials
  • Start with a small batch of real claims before scaling to full volume
  • Monitor API response times and error rates for the first 2 weeks
  • Track claim approval rates and identify common rejection reasons
  • Set up automated alerts for API downtime or integration failures
  • Conduct weekly review meetings to address issues and optimize workflows
  • Maintain ongoing compliance by staying updated on SHA regulation changes

SHA Compliance Requirements Checklist for Hospitals

Valid hospital operating license from the Kenya Medical Practitioners and Dentists Council
KRA PIN certificate for the facility
Registered HMIS that supports API integration
SHA facility registration and API credentials
Secure internet connection with minimum 10Mbps dedicated bandwidth
Data encryption (TLS 1.2+ for transit, AES-256 for storage)
Role-based access control system in your HMIS
Audit logging capability for all SHA transactions
Trained staff for registration, billing, and clinical workflows
Backup and disaster recovery plan for SHA-related data
Compliance with Kenya Data Protection Act 2019
Compliance with Digital Health Act 2023

Common Mistakes to Avoid When Making Your Hospital SHA Compliant

Starting integration before completing SHA facility registration — you cannot test with live APIs without approved credentials

Assuming your existing HMIS automatically supports SHA integration — most systems require configuration or custom development

Skipping the sandbox testing phase — going live without testing leads to rejected claims and payment delays

Not mapping service codes to SHA tariffs correctly — mismatched codes are the #1 cause of claim rejections

Ignoring data security requirements — non-compliance with the Data Protection Act can result in fines and loss of SHA accreditation

Underestimating staff training needs — even the best technical integration fails if staff don't know how to use it

Not setting up reconciliation processes — without tracking, you won't know if SHA payments match your submitted claims

Trying to do everything in-house without integration experience — SHA integration has specific technical requirements that benefit from expert guidance

Frequently Asked Questions About SHA Compliance for Hospitals

How long does it take to make a hospital SHA compliant?

The full process typically takes 3-6 months. SHA registration takes 2-4 weeks, HMIS assessment and integration takes 2-3 months, staff training takes 2-4 weeks, and the go-live monitoring phase takes 2-4 weeks. The timeline depends on your current system readiness and whether you work with an integration partner.

How much does it cost to make a hospital SHA compliant?

Costs vary based on your current HMIS, the level of integration required, and whether you need system upgrades. Key cost components include SHA registration (free), HMIS integration development (KES 500,000 - 2,000,000), staff training (KES 100,000 - 300,000), and ongoing maintenance. Contact Afya Stack Kenya for a custom quote based on your hospital's specific needs.

Can I make my hospital SHA compliant without changing my HMIS?

In most cases, yes. If your HMIS supports API integration and can generate electronic claims, you can integrate with SHA without replacing your entire system. However, if your HMIS is outdated or doesn't support HL7/FHIR standards, you may need to upgrade or add a middleware layer. An assessment of your current system will determine what's needed.

What happens if my hospital is not SHA compliant?

Without SHA compliance, your hospital cannot verify patient eligibility under the Social Health Authority, cannot submit electronic claims, and will not receive reimbursements for SHA-insured patients. This means patients would need to pay out-of-pocket, significantly reducing your patient base since SHA is Kenya's primary health insurance program.

Do I need to comply with the Digital Health Act to be SHA compliant?

Yes. The Digital Health Act 2023 sets the legal framework for digital health in Kenya, including data security, interoperability, and patient privacy requirements. SHA compliance requires adherence to these standards. Your integration must meet both SHA technical requirements and the broader Digital Health Act provisions.

Can Afya Stack Kenya help my hospital become SHA compliant?

Yes. Afya Stack Kenya specializes in helping hospitals achieve SHA compliance. We provide HMIS assessment, integration development, staff training, and ongoing support. We've helped 50+ healthcare providers across Kenya become SHA compliant. Schedule a free assessment to get started.

Need Help Making Your Hospital SHA Compliant?

Our healthcare technology experts have helped 50+ healthcare providers across Kenya achieve SHA compliance. Schedule a free assessment today.