In recent years, privacy and data rights have garnered growing attention in public discourse, policy making, and scholarly research. New data protection laws are being rolled out globally to codify data rights and ensure individual control over how personal data is shared and used. This evolving landscape presents several opportunities and challenges for healthcare. In this case study, we outline a design research agenda that emerged from the practical needs of an open source community focused on digital health software for community health in low- and middle-income countries. We situate this case study in the global landscape of data regulations, and the call for responsible data practices that go above and beyond regulatory compliance. We share findings from the formative stages of our multi-stage design process, which include a scoping literature review and a reframing of institutional policies and procedures. A primary contribution of our case study is that it offers an example of the institutional ‘pre-work’ necessary to make sense of the complex data protection landscape, and to chart a path forward for designing software that better supports responsible data practices. This case study also articulates the important role for digital health designers and implementers in operationalizing patient data rights.