President Orders Merger of All Medical Information Systems into One

The Head of State has ordered the creation of a Unified State Medical Information System by December 1. He emphasized that over 30 isolated IT systems currently operate within the healthcare sector.

"This has become one of the primary reasons for abuses in the budget allocation process," stated Kassym-Jomart Tokayev.

"It is astonishing that fraudulent schemes of extreme proportions and unprecedented audacity were carried out right under the noses of relevant ministers, specifically in the social sphere," he added.

"The Prosecutor General's Office and other authorized agencies are obligated to uncover the full history of these crimes, regardless of how long ago they occurred or the individuals who protected them. I will personally oversee the investigation process," the President emphasized.

In addition, several incidents in recent years have highlighted the vulnerability of medical data. In June 2025, the personal data of 16 million Kazakhstanis was leaked online. One theory points to a breach in the databases of private medical organizations.

This leak incident demonstrated that not all medical institutions handle their clients' personal data with care. However, will building a unified system solve this and other problems mentioned by the Head of State?

Commentary by Elzhan Kabyshev, Head of Legal Practice at EDF:

The President's initiative to create a Unified State Medical Information System raises two main questions: the feasibility of the deadlines and the price of such centralization for citizens' privacy.

1. Ambitious Deadlines: The December 1 deadline looks extremely tight. Building from scratch—or even merging over 30 disparate IT systems into a single functioning mechanism in less than a year—is a colossal technical and bureaucratic challenge.

2. Architecture Concerns: Will this platform become a "killer" of private medical systems by monopolizing the market, or will it act as a super-integrator where data flows from all sources?

3. Cybersecurity Risks: From a security perspective, creating a single database for all the country's medical data creates a "single point of failure." It is an incredibly attractive target for malicious actors.

4. Privacy: Medical data is highly sensitive. We have already seen the results of negligence: from the scandalous leak of student lists at Al-Farabi KazNU to the massive data breach of 16 million citizens in 2025. If the new system is flawed, the consequences will be catastrophic.

The state must guarantee that this system is built on the principle of privacy by design, rather than just as a tool for budget oversight.