Lisa Orii

Lisa Orii

Ph.D. Candidate at the Paul G. Allen School of Computer Science & Engineering, University of Washington

Secure Data Systems for HIV Care in Malawi

📄 Peer-Reviewed Publications:

  • 🎯 Role: User Researcher
  • 🗓️ Timeline: May 2022 – Nov 2024
  • 🧰 Tools: ATLAS.ti

Project Overview

Background: Lighthouse Trust, one of Malawi’s largest public HIV care programs, is testing a tablet-based app to extend electronic medical records (EMRs) to rural, low-connectivity community settings.

Problem: While promising, this new app requires broad stakeholder buy-in. There is limited understanding of how stakeholders perceive digital security and privacy in device-enabled electronic medical record (EMR) systems, particularly in low-resource environments.

Goal: Evaluate whether stakeholders’ perceptions of digital risk align with actual practices, and identify opportunities to strengthen client data protections.

Approach: Conducted a qualitative study with both data stakeholders and HIV clients to understand their experiences, concerns, and desired safeguards for mobile EMR tools.

Qualitative Study

Participants: 11 data stakeholders and 63 HIV clients at Lighthouse Trust.

Methods: Semi-structured key-informant interviews, focus groups, and thematic analysis.

Participant groups:

  • Nurses (data stakeholders) — Provided care in community settings using both paper and tablets.
  • Data clerks & IT officers (data stakeholders) — Entered tablet data into the central EMR and managed technical protections.
  • Data decision-makers (data stakeholders) — Ministry of Health and policy representatives shaping data regulations.
  • HIV clients — Enrolled in facility- or community-based care.

Key Findings: HIV Clients

  • Trusted digital systems more than social privacy risks.
    Clients feared accidental disclosure of HIV status within their communities more than digital breaches, trusting providers to protect data security.
  • Partial understanding of digital data use.
    They knew tablets stored and shared health data but lacked clear explanations from providers, leaving uncertainty about data handling and sharing.

Key Findings: Data Stakeholders

  • Recognized security gaps at care and national levels.
    Issues stemmed from both human error (weak passwords, unattended devices) and systemic limitations (no standardized data-sharing protocols).
  • Advocated strong governance and oversight.
    Recommendations included Ministry-led project management, enforceable data-sharing laws, and periodic third-party security audits.

Design Recommendations for Secure Digital Systems

  • 🗣️ Communicate clearly to clients how their data is collected, stored, and shared, using accessible, non-technical language.
  • 📱 Leverage clients' familiarity with mobile technologies to increase trust and adoption.
  • 🔒 Align with global security standards such as the Principles for Digital Development and the Health Data Governance Principles to ensure robust, highly-secure technologies.