Understanding the Protection of Personal Information (POPI) Act
Drickus Maartens • October 1, 2019
While the Protection of Personal Information (POPI) Act doesn't replace the HPCSA’s existing guidelines on safeguarding confidential patient data, POPI does affect all private and public organisations that process information such as names, addresses, email addresses, health information and employment history.
Some of the obligations placed on the medical practice under POPI are:
- To only collect information for a specific purpose
- To apply reasonable security measures to protect the information collected
- To ensure all information collected is relevant and up to date
- To only hold as much information as is required, and only for as long as it is needed
- To allow the subject of information to see it upon request.
Consent
Consent under POPI has to be specific, voluntary and informed. The burden of proof to show that consent was given falls on the practice, so it is advisable to keep some sort of record of consent given by a patient.
Preserving the information
All medical practices are expected, by law, to implement reasonable technical and organizational measure to ensure the information is protected from loss, damage, unauthorized destruction and unlawful access thereto.
An example of a foreseeable risk would be an employee within a medical practice accessing private and personal information without being made aware that the information is to be kept strictly confidential at all times.
Dealing with an information leak
In the event of information being leaked, the practice will need to notify both the patient and the Information Regulator that the information has been accessed, in writing. The patient also needs to be advised about protective steps which could be taken.
When notifying the patient ensure that the following information is given:
- The possible consequences of the disclosure
- A description of the measures which will be taken to rectify the leak of information
- The identity of the individual who had unauthorised access to the information must be disclosed.
Failure to comply with POPI
Failure to comply with POPI can lead to a complaint being lodged against a healthcare practitioner with the Information Regulator, or receiving a civil claim for payment of damages. One of the very serious implications can even be criminal prosecution which, if convicted, could result in a fine of up to R10 million, a prison sentence of up to 10 years, or even both.
It is therefore extremely important for all people, companies and organisations handling health related information to assess their practice policies for handling health related and personal information.
Information supplied by Van Rhyns Attorneys
It has been estimated that 80% to 90% of doctors experience some form of burnout at some point in their careers. This can affect their ability to practise optimally and to connect with their patients with empathy and care. The consequences are serious, as burnout and depression are major risks for doctors, threatening both their wellbeing and the quality of care they provide.
Upbeat 25-year-old student Atang Climantine Makhubedu jokingly calls herself a cataract survivor. Just weeks before, however, she was battling the harsh reality of unexpected vision loss, which Dr Sachin Bawa, an ophthalmic surgeon practising at Netcare Linkwood Hospital, describes as having significantly impacted Atang’s daily life.
A South African first of its kind tool is transforming patient care locally by leveraging Netcare’s advanced electronic medical records system and abundant clinical data. This will help clinicians identify risk of deterioration from common causes earlier among intensive care patients so that treatment can start sooner.
Ditshegofatso Kgobisa, known as ‘DK’ for short, suffered kidney failure at 15. After 11 months reliant on lifesaving dialysis with National Renal Care, DK gained a new lease on life after his mother, Rosemary, was able to donate one of her kidneys to him.
Migraines affect 15% of the global population, causing severe pain and disrupting daily life. Neurologist Dr. Michael Huth emphasises the importance of understanding different migraine types and their triggers.
Dr Michael de Villiers explains why people can become sick every flu season and why the influenza vaccine is generally recommended every year.
Colorectal cancer, one of the most prevalent yet preventable cancers, can develop in the colon or rectum, often starting as small polyps that can quietly become malignant if left unchecked. Dr Mpho Ramabulana, a colorectal surgeon and gastroenterologist at Netcare Akasia Hospital, underscores the life-saving power of vigilance and the importance of early detection.
Cardiologist Dr Robert Routier urges the public to check their personal risk factors regularly to help prevent or manage cardiovascular disease.
The physical strain pregnancy puts on an expectant mother’s body should not be underestimated. An obstetrician gynaecologist offers her insights for alleviating discomfort and promoting wellbeing with exercise and stretching throughout pregnancy.
Dr Patience Sigwadi, a leading paediatric nephrologist practising at Netcare Unitas Hospital in Centurion, has issued an urgent call for increased focus on skills development to address the escalating kidney disease crisis among children in South Africa.
