Uganda signs U.S. health-data deal under impossible terms

U.S. health-data – Uganda agreed to a seven-year health-data sharing deal with the U.S. after being offered up to $1.7 billion over five years for global health security—while privacy advocates warned the agreement is vague on safeguards and could expose sensitive medical record

On a Dec. 10 deadline, Frank Ssekamwa says the choice was not really a choice.

If Uganda signed the new U.S. health agreement. he feared it would have to hand over access to the health data of millions of Ugandans—information he worries could be breached or exploited. If Uganda refused. he said. the East African nation would likely lose out on more than a billion dollars to fight HIV. malaria. tuberculosis and other illnesses. even as it continues to face threats from Ebola and other deadly infectious diseases.

“‘If you take the deal, you’re going to be exploited. If you don’t take it, you’re going to die,’” said Ssekamwa, an attorney and digital rights expert in Uganda. “It’s the essence of digital colonialism.”

Uganda’s agreement is one of a sweeping set of deals that the Trump administration has tied to its America First Global Health Strategy—an openly transactional approach. launched in September. that Secretary of State Marco Rubio said is meant to give aid “in a way that directly benefits the American people and directly promotes our national interest.”.

The U.S. has insisted it needs access to health data to keep people safe and said it will anonymize what it shares. The State Department declined to publicly release global aid and data-sharing agreements it has signed with more than 30 countries as part of its new approach. leaving many details in the dark.

A ProPublica analysis of nine of the deals offers a clearer view of how broad the access demands have become—and why privacy and global health experts say the safeguards are not as tight as recipients are being asked to accept.

In Uganda, the U.S. will receive direct, real-time access for seven years to nine Ugandan health data systems. That includes the central repository storing all health information. lab data. data collected by community health workers. and—critically—Uganda’s system for managing individuals’ electronic medical records. The agreement calls for aggregated data to be shared with personally identifiable information removed and says the data should be used for delivering and auditing healthcare services.

Even so, lawyers and digital privacy experts argue the deal raises practical questions about who will ultimately have access to that massive database and whether sensitive information could be exposed in ways that are hard to contain.

Several experts warned that even anonymized medical data can sometimes be reverse-engineered—raising the possibility that people living with HIV, tuberculosis and other diseases could have their records exposed.

Stephanie Psaki—who served as U.S. coordinator for global health security under President Joe Biden—described the approach as a blunt demand for entry to systems rather than a narrow method of data use.

“The U.S. would never agree to that,” Psaki said, if the deal were offered in reverse.

The stakes for Uganda are immediate and not abstract. Under the agreement, the U.S. will provide up to $1.7 billion over five years for global health security and the treatment and prevention of deadly conditions such as malaria. tuberculosis. HIV and polio. In the past, the U.S. provided this aid without asking for direct benefits in return, and it saved an estimated 170,000 Ugandan lives per year.

But the new spending comes with a different long-term trajectory. While it is a significant investment, it is less than what the U.S. previously spent in Uganda and will decrease every year of the agreement. By 2030. Uganda will receive 45% less global health funding than when Trump retook office. according to an analysis by Vincent Lin of Partners in Health.

Other governments have faced similar pressure, and some tried to resist. Zambia, Zimbabwe and Ghana rejected initial deals after outrage over U.S. demands for access to citizens’ health data. Across Africa. the pattern described by privacy experts and rights advocates is that aid is conditioned on access to data—and that the language in the deals is often too vague to protect people if something goes wrong.

Experts consulted by ProPublica said the terms are missing standard safeguards found in many data-sharing agreements that limit what data is collected and how it can be used. Without those guardrails, they said, the risk rises that personal data could be exposed, misused or commercialized without consent.

This is happening as the U.S. has reshaped its global health machinery. After dismantling the U.S. Agency for International Development—described here as a previous source of billions of dollars in aid with few strings attached—the administration reduced funding for international health work done by the Centers for Disease Control and Prevention and severely scaled back the President’s Emergency Plan for AIDS Relief.

The U.S. also withdrew from the World Health Organization, losing access to a global network that tracks and combats disease outbreaks. In its place, U.S. officials have been building a patchwork of agreements with individual countries. ProPublica reviewed agreements that each include sections on responding to outbreaks.

Some countries also signed separate pathogen-sharing agreements. Those agreements state that countries must “initiate sharing specimen(s) and related data” within five days of a U.S. request. The Trump administration is also planning unprecedented involvement of private companies to manage and process data.

The State Department says the reason for the access demands is simple: it needs data to improve health outcomes in recipient countries and keep Americans safe. The new approach also requires countries to invest more in their own health systems in exchange for the aid—a promise many governments may struggle to fulfill.

In response to questions from ProPublica. a State Department spokesperson said the investments are tied to sustainability: “The United States is investing billions of dollars in other countries’ health systems to fight infectious disease. In return. we expect governments to increase their own spending on health. so programs are sustainable and under genuine national ownership. not permanently financed by U.S. taxpayers. For the first time, both sides are putting skin in the game to ensure lasting impact.”.

After follow-up questions. spokesperson Tommy Pigott said the agreements cover only “aggregated. de-identified data” that has been shared and used for years. He added that “All data sharing is consistent with each country’s laws and approvals. ” and that “No personally identifiable information is being received or shared by the United States government.”.

Uganda’s Ministry of Health, Ministry of Foreign Affairs, Personal Data Protection Office and its embassy in Washington, D.C., did not respond to questions for this article.

The question critics keep returning to is whether “de-identified” is enough when the U.S. is being granted direct entry to systems that contain highly sensitive medical records.

In an age where data has become a currency. advocates say these agreements move information—and potentially profit—far beyond what ordinary safeguards can contain. Health data sets are often described as the new gold. and the industry of buying and selling such information is worth billions. according to the account in the reporting.

Countries have increasingly treated citizens’ health records as national assets requiring special protection, but the deals reportedly provide no clear guarantee that people will have a say in how their information is used or will receive benefits that match the value extracted.

Jane Munga of the Carnegie Endowment for International Peace argued that there is no way for the population to know how companies will use the data once it is acquired.

“Once companies get this data, the value is being accrued. But there’s no way for the [African] population to know how companies will use it,” she said.

Concerns extend beyond personal data. Africans also fear they may not be able to access medicines and vaccines developed from pathogen samples shared with the U.S. Five of the six specimen-sharing agreements reviewed by ProPublica say the U.S. government will “prioritize” requests from the U.S. for products developed primarily using a country’s specimen. Only the Nigeria agreement commits the U.S. to facilitating “priority access” to, and the donation of, medical products developed using the specimens.

The agreements include “benefit-sharing provisions,” the State Department said.

Within Uganda, those who pushed back point to timing and design. The America First Global Health Strategy was launched in September, only a month after Brad Smith joined the State Department. By November, Smith was traveling across Africa with a small team of negotiators.

The State Department said the deals were “negotiated in a thoughtful and strategic way over many months.” But experts say the speed increases the likelihood that sensitive systems are being integrated before protections can be properly designed.

The Ugandan agreement requires Uganda to give the U.S. and its contractors logins “or other secure access mechanisms” to enter directly into data systems, a structure U.S. officials say enables auditing and outbreak tracking.

The agreement says it will comply with the laws of both nations and allows sharing of “sensitive personal data” if consent is obtained, if there is a compelling public health emergency of international concern, and if it is the only way information can be provided in a “timely and accurate format.”

Ssekamwa says Uganda’s government still has not answered core questions: whether the U.S. has appropriate protections; whether anonymized data can truly be provided safely; and what protections people have if their medical history becomes visible.

“Does the U.S. have appropriate data protections? Can the systems provide anonymized data? Are they really up to that standard?” Ssekamwa asked. “If I’m someone who has had health issues, can you deny me a visa because of the health issues I’m having?”

In its agreement, Uganda and the U.S. include procedures for unauthorized access. The Ugandan data-sharing agreement calls for the U.S. to promptly notify Uganda of any unauthorized access, and it requires a joint breach assessment and remediation plan afterward.

But Ssekamwa doubts that assurances will matter once data leaves the country. “Once the data gets out of Uganda, we are skeptical that the government of Uganda will actually have any power to control it,” he said.

That fear is intensified by the secrecy surrounding negotiations and documents. The State Department told ProPublica it would release agreements when negotiations with all partner governments are complete. describing the delayed release as protecting sensitive negotiations rather than secrecy. In response to a public records request filed by ProPublica. the State Department said it planned to provide the documents in September 2027. Public Citizen has filed suit against the federal government in an effort to obtain documents.

Even court battles elsewhere show how fast the controversy has spread. On Dec. 4, Kenya became the first country to sign a health-data and specimen-sharing agreement with U.S. officials, including Secretary Rubio and President William Ruto in Washington. The Kenyan deal required access for seven years to the country’s health records as a condition for receiving $1.6 billion in aid.

Outcry began two days earlier when Kenyan activist Nelson Amenya posted on X that he had seen a specimen-sharing agreement and legal analysis suggesting it would violate Kenyan law. Amenya said every HIV test, TB diagnosis and malaria case would be accessible to U.S. officials.

Soon after. Kenyan senator Okiya Omtatah sued Kenyan government members over the agreement. arguing it threatened citizens’ constitutional right to privacy by allowing broad foreign access to sensitive data. A Kenyan nonprofit also sued. with more than 50 groups filing on the same side. describing the document as giving the U.S. excessive access and raising the possibility of serious human rights violations.

After blocking the deal for months, a Kenyan court temporarily allowed implementation in May while considering the case.

The U.S. has said it wants to respond to outbreaks early and keep both Americans and the world safe. Psaki pointed to how quickly Ebola can escalate in the Democratic Republic of Congo and said the U.S. need for data and samples from all bordering countries has become harder when some nations have not signed deals.

The State Department said it responded swiftly and has provided over $270 million to the global fight against Ebola.

In Uganda, people are sick and dying from Ebola too, Ssekamwa said. He said his country wants the assistance that a health deal can bring—but with more robust protection of personal data.

“We are happy to benefit from the technological advancement and the fruits of big data,” he said. Instead, he argued that “the U.S. has left so many gaps within the agreement, which can be exploited in their favor.”

For Ssekamwa, that gap is the point. Uganda signed only after the clock ran out—into a bargain he describes as exploitation wrapped in urgency.

Uganda United States health data privacy digital colonialism America First Global Health Strategy Marco Rubio Brad Smith HIV malaria tuberculosis Ebola data-sharing agreements pathogens State Department personal data protection