Netcare acknowledges the rights of privacy and dignity of all persons. This includes the right to protection of private information. In compiling this policy, the statutory framework contained in the laws of South Africa, particularly the Bill of Rights and various other pieces of legislation applicable to healthcare, was given due consideration.
WHAT IS PERSONAL INFORMATION?
Personal information means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:
- information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
- information relating to the education or the medical, financial, criminal or employment history of the person;
- any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
- the biometric information of the person;
- the personal opinions, views or preferences of the person;
- correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
- the views or opinions of another individual about the person; and
- the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
Personal information will be collected from you directly or from a healthcare professional that is providing medical treatment to you. This may be done during the admission, stay in facility and/or any other interactions. Where the law requires that information regarding certain diseases be notified to the authorities Netcare will do so without delay. We may also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal information but is not considered personal information in law as this information does not, directly or indirectly, reveal your identity.
PROCESSING OF PERONAL DATA PRINCIPLES
The following principles will be adhered to and considered when dealing with patient rights.
- It is important to recognise for each process or decision that the following is considered before release of information.
- Does it justify the purpose?
- Is the minimum patient identifiable detail disclosed?
- Access to information is on a strict need-to-know basis only.
- Everyone involved with patient information understands his/her responsibilities in this regard.
- Compliance with the law is not negotiable.
- Right to refuse or permit the sharing of information - Netcare abides by the provisions of the National Health Act 61 of 2003 as well as the Patient Rights Charter, both of which grant a patient full participation in his/her health care management, including how to deal or treat patient information.
- Providing names of patients to clergy may only be done with the explicit written consent of the patient and in line with the reception policy dealing with this topic. You will be asked to consent to being placed on this list.
- Sharing with Managed Care and authorised Third parties - In accordance with medical aid membership, a hospital/ health care worker is obliged to share medical information with the medical aid the member belongs to. This information may include sensitive medical information and accounting details for purposes of managed care and accounting services.
- Privacy within the unit - It is important that the environment within the unit gives due consideration to privacy of patients i.e., tone of voice, closure of curtains, records out of reach of general public during visiting hours, not discussing patients in corridors or public places.
- Patient records will be archived by the hospital as defined in the terms and conditions of the admission document. Records remain active whilst patient is in hospital. On discharge, the record is archived and shall only be made available in terms of the stipulations of the Promotion to Access of Information Act 2 of 2000.
- Netcare premises may have CCTV cameras in place that will record movement on common premises, such as corridors. Except for this, the filming and video of patients is strictly prohibited, unless consent is obtained in accordance with Netcare’s Communication procedure.
- Netcare may share your de-identified personal information for market, statistical, academic research and commercial purposes. We will take all reasonable measures to ensure that all data are anonymous before sharing and that all third party/parties involved abide by the strict de-identification and data protection protocols that we require.
- Netcare may use data for marketing purposes, but explicit opt-out functionality will be available to manage your participation in these products and service offerings.
- To ensure continuous improving of the care and service offering, patients may be asked to complete service experience questionnaires.
- Clinical research and trials are completed in accordance with legislative requirements as set out in the National Health Act 61 of 2003. All research participants shall be required to submit written consent.
PURPOSES FOR WHICH NETCARE USES YOUR PERSONAL INFORMATION
Any information collected from you may be processed for, amongst others, the following purposes:
- To provide you with products and services;
- To process your hospital admission;
- To make an online appointment;
- To assess your psychiatric, psychological or addictive condition;
- To assess any medical treatment you may require;
- To process your admission or any other enquiry;
- For statistical and research purposes;
- To diagnose and attend to technical issues, support and user queries, as well as to determine the optimal and fastest route for your device to use;
- To comply with legislative requirements;
- To process your application for a vacancy; or
- On admission proof of identity will be required from all patients.
- On admission proof of medical aid membership will be required from all patients who are members of medical aids.
- All existing personal information of patients will be updated with every subsequent visit to a Netcare Facility.
RETENTION OF PERSONAL INFORMATION
All patient information will be archived as per regulatory requirements and our documented retention policy.
SECURING YOUR PERSONAL INFORMATION
Netcare takes the security of your personal information very seriously. Netcare recognise the vital role that information technology plays in its daily operations, and the reliance placed on information technology systems in processing personal information. Although absolute security cannot be guaranteed, Netcare will take reasonable technical and organisational measures to protect your personal information against accidental, unauthorised or intentional manipulation, loss, misuse, destruction, disclosure or access.
We have implemented procedures to deal with any suspected data security breach and will notify you and any relevant regulator of a confirmed breach where we are legally required to do so. Netcare will not be held liable under any circumstances if such information is compromised or disclosed through conduct outside the control of Netcare.
DISCLOSURE OF YOUR PERSONAL INFORMATION
Netcare may disclose your personal information if (a) authorised to do so by law, (b) you have provided consent and/or (c) it is required for proper medical treatment and care.
When Netcare shares your information with any third party, such third party will be required to respect your right to privacy and Netcare will take reasonable measures to ensure that your personal information is safeguarded. Netcare will only allow third parties to process your personal information for a specific purpose, in accordance Netcare’s instructions and applicable law.
STORAGE AND TRANSFER OF YOUR PERSONAL INFORMATION
Netcare stores your personal information on its servers and/or on third party servers. Netcare will take reasonably practicable steps to ensure that your personal information is adequately protected wherever it is stored.
When you make use of a Netcare application, the application may collect your location data to assist you to find the nearest Netcare facility and/or healthcare provider.
When Netcare 911 provides you with medical assistance, or emergency medical services, your location data will be used to enable us to provide you with a quicker response for any assistance or services that you may require. This location data will also assist you to track the location of our emergency response vehicle. Netcare may share your location data with its authorised service providers for this purpose. All reasonable organisational and technical measures will be taken to safeguard your information.
LINKS TO OTHER WEBSITES
HEALTH INFORMATION EXCHANGE
Care Connect is a non-profit company for the purpose of developing and operating a health information exchange. The aim of this health information exchange is to maximize quality, safety and efficiency in South Africa's healthcare system through timely access to the health information exchange for the benefit of the South African healthcare industry. Your personal information as well as your health records may be exchanged (subject to your consent) with your other healthcare providers and/or your medical schemes (while complying with applicable privacy and data protection legislation) via the health information exchange operated by CareConnect.
Netcare will, at all times, process your personal information in accordance with applicable laws and your rights are set out below:
- You have the right to correct your personal information if it is incorrect;
- You have the right to update your personal information if your details have changed;
- You have the right to object to the processing of your personal information;
- You have the right to your personal information being deleted; and
- You have the right to be informed if your information has been deleted.
You acknowledge that, in some cases, Netcare may not be able to comply with your request to delete or destroy your personal information if this request conflicts with applicable law.
REQUEST FOR ASSISTANCE REGARDING PRIVACY RIGHTS
- A data subject who wishes to object to the processing of personal information in terms of section 11(3) (a) of the Act, must submit the objection to Netcare on Form 1. Netcare will, through its Information Officer(s) or Deputy Information Officer(s) provide such reasonable assistance as is necessary, free of charge, to enable the data subject to make an objection on Form 1.
- Request for correction or deletion of personal information or destruction or deletion of record of personal information must submit a request to the Netcare on Form 2. The information Officer(s) or Deputy Information Officer(s) will provide reasonable assistance free of charge.
- All requests may be forwarded to [email protected]. Note that Form 1 and Form 2 are available on our website.
INFORMATION OFFICER FOR GROUP
Information Officer : Charles Vikisi | ([email protected])