User Management
DHIS2 allows you to control access privileges per user and by role, to set expiration dates for user accounts and automatically disable inactive users to help prevent unauthorized system access.
Security
DHIS2 takes security seriously. We are continuously improving our software architecture, features and processes to minimize the risk to users and their data
Jump to a section on this page
Data & system security with DHIS2
The fact that DHIS2 is commonly used to capture and analyze health information means that issues of data security and privacy are of paramount importance. The data collected within DHIS2 need to be available to those who have the need and appropriate authority to access it — such as healthcare providers or program managers within a given health system — and secured against unauthorized access by others. In addition to striving to make the software itself as secure as possible, DHIS2 offers a selection of customizable security and privacy features, including user management, encryption, and more.
On this page, you can find an overview of the principles of the DHIS2 security team, how security is approached within DHIS2 software architecture, a list of features related to security and privacy that can be implemented in individual DHIS2 instances, links to relevant guidance on security best practices, and information on vulnerability reporting and disclosure.
Principles of the DHIS2 security team
The DHIS2 security team champions the following principles:
- Robust, formal, and predictable security processes
- Maximum transparency
- Full responsible disclosure
- Strong security management culture
If you have questions about DHIS2 security issues, you can contact the security team at: security@dhis2.org
DHIS2 security and privacy features
Below, you can read a short overview of select security and privacy features in the core DHIS2 software and Android Capture Application, and a link to our collection of feature spotlight videos on security features.
Core DHIS2 Software Platform
Security and privacy features in the core DHIS2 software platform include:
Sharing Settings
DHIS2 supports granular sharing of individual metadata objects and their associated data. Read and write permissions can be explicitly granted to only certain users and user groups to restrict access to sensitive information.
Audit Log
DHIS2 logs sensitive operations performed by users to an audit log in the database.
Program Access Levels
DHIS2 users can be granted explicit access levels to determine exactly which organisation units in the hierarchy that user should be allowed to access for data capture and search
Breaking the Glass
DHIS2 can be configured to allow users with limited data capture access to “break the glass” and search for Tracked Entities outside their capture scope. Breaking the glass requires the user to enter a reason for the operation, which is then logged by the audit service.
OWASP Top 10
DHIS2 source code is continuously analyzed for security vulnerabilities on the OWASP Top 10 list thanks to a variety of automated tools, to ensure most common bugs are addressed early in the development process.
DHIS2 Android Capture App
The DHIS2 Android Capture App includes all core software security features listed above. Additional DHIS2 Android security and privacy features include:
Encryption
Android devices may contain sensitive data they have collected or downloaded from the DHIS2 server. Using the Android Settings App, a system administrator can force all DHIS2 Android applications to use local database encryption, ensuring that the data is inaccessible to unauthorized users even if they gain access to the physical device.
OWASP
Both the Android SDK and the App follow OWASP recommendations for ensuring privacy and security features in mobile development (see our OWASP score). Some practical implications for DHIS2 Android implementers and users are the blocking of screenshots and screen sharing when using the app, and the prevention of DHIS2 Android App installation in rooted devices.
Security Feature Videos
You can watch a selection of Feature Spotlight Videos on security features on the DHIS2 YouTube channel.
Best practices for implementing secure DHIS2 systems
Security is much more than just software — people are just as important to ensuring a secure DHIS2 implementation. As a starting point for best-practice system implementation and administration, DHIS2 recommends that implementers hire a security manager, establish a security plan, and update your DHIS2 software regularly and responsibly.
Have a dedicated security manager
- Make sure that a senior member of your team is responsible for security
- This person should be up to date with security announcements and be in contact with the DHIS2 security team.
- This person should have oversight of organizational, configuration and technical aspects of the DHIS2 implementation.
- They should be empowered to act, and should ideally be a member of the senior management team.
Have a security plan
- For example, follow ISO27001 methodology. A security plan should include things like:
- Management tools like risk register, inventory, SOPs, incident response etc
- Backup and disaster recovery plans
- Software version management
- User and role management
- Training and messaging
A plan is a living document — keep refining the plan as you go!
Upgrade regularly and responsibly
- Remember we only provide security support for the last 3 major versions. You need to plan / budget for a major version upgrade approximately once per year.
- Patch releases contain critical bug fixes, often related to security, and are relatively low-risk. Monitor patch releases carefully and have a process to apply them quickly.
- Don’t upgrade production before testing thoroughly on a staging or test instance. Involve users in testing.
- Backup before doing any upgrade. Handle backups carefully.
Supported Versions
DHIS2 officially supports the latest three major released versions — see the Downloads page. When a vulnerability in the DHIS2 software is discovered and fixed, a security patch release will be published for each supported major version. Versions which have reached End of Support are not guaranteed to receive security patches, so it is critical that older DHIS2 implementations upgrade to a recent, supported major version as soon as possible.
Vulnerability Reporting & Disclosure
DHIS2 has a dedicated security team focused on maintaining the integrity of the DHIS2 software. If you discover what you believe to be a vulnerability in DHIS2 then we want to hear from you. Please visit our Vulnerability Reporting & Disclosure Policy page for information on how to contact the DHIS2 security team, what you can expect when you contact us, and what we expect from you.
Known Vulnerabilities (CVEs)
The DHIS2 security team participates in responsible disclosure. When vulnerabilities are discovered in released, supported versions of DHIS2, the team makes every effort to evaluate, address, and release fixes in a timely manner. Due to the sensitive nature of many DHIS2 implementations around the world, information relating to these vulnerabilities may be embargoed for some period of time. Eventually, the DHIS2 team endeavors to disclose any known vulnerabilities in older software versions once they have been fixed and sufficient time has passed to allow production DHIS2 implementations to upgrade their software.
Get the latest security updates on the Community of Practice
You can stay informed about the latest security updates from the DHIS2 security team on the DHIS2 Community of Practice (CoP) by subscribing to posts tagged with “dhis2-security.” You can also subscribe to the DHIS2 newsletter, which includes a summary of recent security updates.