openIMIS
OpenIMIS is open source software that manages social (health) protection schemes. It links beneficiary, provider and payer data.
Website: https://openimis.org
Type of Digital Public Good
- Open content
- Open data
- ✅ Open software
- Open standard
- Open AI model
1. Is it relevant to one of the Sustainable Development Goals?
- 1. No Poverty
Evidence: openIMIS, originally released in 2012, operates within the framework of the 2030 Agenda for Sustainable Development, specifically referencing Sustainable Development Goal (SDG) 1.3, which calls for social protection systems for all, and SDG 3.8, which endorses universal health coverage.
Link to Evidence: https://socialprotection.org/discover/blog/introducing-openimis-%E2%80%93-open-source-solution-universal-health-coverage
- 3. Good Health and Well-being
Evidence: The project has supported various governments and health financing scheme operators better manage their operations, and increase coverage of health care to their beneficiaries.
Using openIMIS, the National Social Health Insurance of Nepal is managing its healthcare scheme for over 3 million beneficiaries and the Community Health Funds in Tanzania also support over one million beneficiaries.Link to Evidence: https://socialprotection.org/discover/blog/introducing-openimis-%E2%80%93-open-source-solution-universal-health-coverage
- 9. Industry, Innovation and Infrastructure
Evidence: The project has supported various governments and health financing scheme operators better manage their operations, and increase coverage of health care to their beneficiaries.
Using openIMIS, the National Social Health Insurance of Nepal is managing its healthcare scheme for over 3 million beneficiaries and the Community Health Funds in Tanzania also support over one million beneficiaries.Link to Evidence: http://health.bmz.de/what_we_do/openimis/index.html
2. Does it use an appropriate open license?
Yes, this project is licensed under the following license(s):
3. Is ownership clearly defined?
Is the ownership of the project and everything that the project produces clearly defined and documented?
Yes
If yes - please link to the relevant copyright, trademarks, or ownership documentation for the project.
https://openimis.atlassian.net/wiki/spaces/OP/pages/40566798/Licenses
4. Does the license of libraries/dependencies undermine the openess of the project?
Does this open project have mandatory dependencies (i.e. libraries, hardware) that create more restrictions than the original license?
Yes
If yes - are the open source components able to demonstrate independence from the closed component(s) and/or are there functional, open alternatives?
Yes
If yes - please describe how the open source components are independent and/or list the open alternatives for the closed component:
The software originally was built on the Microsoft stack, so while the code has been released as open source, there were dependencies on MS products and servers. However, since 2017 a complete rearchitecture of the system is in process, which includes the development of the software using a modular architecture, and also using open source programming languages and databases. The new modules are developed to run side-by-side to the older versions (MS based) until the full transition in complete - after which there will be no further dependencies.
5. Is there documentation?
Does some documentation exist of the source code, use cases, and/or functional requirements. For software projects, this should be present as technical documentation that would allow a technical person unfamiliar with the project to launch and run the software. For datasets and data projects, this should be present as documentation that describes all the fields in the set, and provides context on how the data was collected and how it should be interpreted. For content collections, this should indicate any relevant compatible apps, software, hardware required to access the content and any instructions about how to use it.
Yes
If yes - please link to the relevant documentation:
6. Is non PII data and/or content accessible?
Does this project collect or use non-personally identifiable information (non-PII) data and/or content?
No
If yes - is there a mechanism for extracting or importing non-personally identifiable information (non-PII) from the system in a non-proprietary format?
Not Applicable
If yes - describe the mechanism for extracting or importing non-personally identifiable information from the system in a non-proprietary format:
Not Applicable
7. Does the project adhere to privacy and other applicable international and domestic laws?
Has this project taken steps to ensure adherence with relevant privacy, domestic, and international laws? For example, the General Data Protection Regulation (GDPR) in the European Union or the Supplementary Act A/SA.1/01/10 on Personal Data Protection for the Economic Community of West African States (ECOWAS) (yes/no)
Yes
If yes, please list some of relevant laws that the project complies with:
- GDPR
- The software is deployed on local servers when implementation is done in-country, and local laws surrounding privacy are adhered to. In the schemes in Nepal and Tanzania, the Ministry of Health and the President's Office, Regional Administration and Local Government respectively responsible for the implementation of the software.
If yes, please describe the steps this project has taken to ensure adherence (include links to terms of service, privacy policy, or other relevant documentation):
8. Does the project adhere to standards and best practices?
Does this project support standards? (i.e. Web Content Accessibility Guidelines (WCAG) 2.1 or other standards such as those listed on W3C)
Yes
Which standards does this project support (please list)
- Health Level 7 Fast Health Interoperability Resource (FHIR)
Can you point to evidence of your support? (i.e. please link to your validator, open test suite, etc.)
Was this project built and developed according to or in adherence with any design, technical and/or sector best practices or principles? i.e. the Principles for Digital Development?
Yes
Which principles and best practices does this project support (please list)
- Principles of Digital Development, and standards prescribed by the Open Health Information Exchange (www.ohie.org)
9. Does the project do no harm by design?
Has this project taken steps to anticipate, prevent and do no harm by design?
On the whole, does this project take steps to ensure that it anticipates, prevents and does no harm by design?
Yes
Is there any additional information you would like to share about the mechanisms, processes or policies that this project uses to avoid doing harm by design?
openIMIS will retain any, including personal, data entered into the openIMIS demo server for a maximum period of one week.
9.a. Data Privacy & Security
Does this project collect or store personally identifiable information (PII) data and/or content?
Yes
If yes - please list the types of data and/or content collected and/or stored by the project:
- The openIMIS initiative as a ‘project’ only collects data through user approved sign-ups for our newsletter and our collaboration platform (Atlassian Confluence). The data collected through both the platforms are mainly email addresses and user provided names (could also be aliases). This data is not shared with any third parties and the data is collected using third party platforms (Atlassian for our collaboration platform and Mailchimp for the newsletter), and they are governed by the GDPR.
- The openIMIS product does have the functionality to collect various data of users, including names, date of birth, ID number, phone number and also a (limited) medical treatment history. However the product is not hosted by the initiative, and thus anyone wanting to implement it would need to ensure that the data protection regulations of the area of jurisdiction are met. For example, the Health Insurance Board of Nepal uses openIMIS to manage the National Health Insurance of the country – so they deploy openIMIS as their own system and ensure that data confidentiality and data privacy regulations from the Government of Nepal are met. That being said, openIMIS does offer various levels of data security functionality for the implementers of the tool to use – particularly centered around role based access (read only, write only, none, or both) to data within the openIMIS system. Additionally, the openIMIS initiative provides security guidance on deploying openIMIS: Infrastructure security - openIMIS - openIMIS Wiki (atlassian.net), and also a template to do security assessments of implementations: Security assessment template - openIMIS - openIMIS Wiki (atlassian.net)
If yes - does this project share this data and/or content with third parties?
No
Please describe the circumstances with which this project shares data and/or content with third parties. Please add links as relevant.
Not Applicable
If yes - does the project ensure the privacy, security and integrity of this data and/or content collection and has it taken steps to prevent adverse impacts resulting from its collection, storage and distribution.
Yes
If yes - please describe the steps, and include a link to the privacy policy and/or terms of service:
When you submit data using the Apps or the web interface, the data collected from you will be stored the Web-embed server. If collected via the app, they will be:
-stored on the IMIS folder in your root directory for the photos and connection tokens
- in the application database located in the application folder for the other information (not accessible for non-root user).
Those data are erased after synchronisation with the service of generation of an export archive (encrypted via password, stored in the IMIS folder). Sensitive information exchanged between your browser and our website is transmitted in encrypted form using Transport Layer Security (TLS)
9.b. Inappropriate & Illegal Content
Does this project collect, store or distribute content?
No
If yes - what kinds of content does this project, collect, store or distribute? (i.e. childrens books)
Not Applicable
If yes - does this project have policies that describe what is considered innappropriate content? (i.e. child sexual abuse materials)
Not Applicable
If yes - please link to the relevant policy/guidelines/documentation.
Not Applicable
If yes - does this project have policies and processes for detecting and moderating innappropriate/illegal content?
Not Applicable
If yes - please describe the policies and processes for detecting, reporting and removing innapropriate/illegal content (Please include the average response time for assessment and/or action. Link to any policies or descriptions of how inappropriate content is handled):
Not Applicable
9.c. Protection from harassment
Does this project facilitate interactions with or between users or contributors?
Yes
If yes - does the project take steps to address the safety and security of underage users?
Yes
If yes - please describe the steps this project takes to address risk or prevent access by underage users:
- As an open source community, the openIMIS initiative encourages interactions between various users and contributors within the initiative. In such interactions, the openIMIS community is guided by our Contributor Covenant Code of Conduct: Contributor Covenant Code of Conduct - openIMIS - Confluence (atlassian.net). The openIMIS coordination desk monitors the activities in the various forums and platforms, which can only be accessed after a registration and is committed to ensuring the safety and security of all our users and contributors.
If yes - does the project help users and contributors protect themselves against grief, abuse, and harassment?
Yes
If yes - please describe the steps taken to help users protect themselves.
- While there are no formal procedures in place, we believe in respectful, open communication between the community members and strive ensure this through constant engagement with the community.
Development & deployment countries
List of countries this project was developed in.
- Tanzania
- Nepal
- Germany
- Switzerland
- Belgium
List of countries this project is actively deployed in.
- Tanzania
- Nepal
- Chad
- Cameroon