Patients' Right to Data Privacy and Protection in Nigeria: A Right or Privilege?

The digital transformation of healthcare has intensified concerns surrounding the protection of patient health data globally. In Nigeria, the question of whether data privacy constitutes a fundamental right or a mere privilege for patients remains largely unresolved, creating significant gaps in legal protection and clinical accountability. This study adopts a doctrinal methodology and a comparative approach. This research examines the legal framework governing patient data privacy in Nigeria, with particular focus on the Nigeria Data Protection Act 2023, the National Health Act 2014 and other relevant laws. It further interrogates the extent to which these instruments adequately protect patient health information and analyses the tensions between regulatory intent and practical enforcement. Drawing on comparative analysis with the United Kingdom’s General Data Protection Regulation (GDPR), it is argued that patient data privacy in Nigeria is constitutionally grounded and must be treated as a fundamental right, not a discretionary privilege. It further identifies systemic enforcement failures, institutional noncompliance, and low patient awareness as critical barriers to realising this right. The article concludes by recommending legislative harmonisation, stronger regulatory oversight, and mandatory data protection compliance frameworks tailored specifically to the Nigerian healthcare sector