Privacy policy


  Privacy Policy Corporate Governance


Document Control Information

Division

All Netcare Divisions and Subsidiaries

Document Type

X Policy

SOP

Work Instruction

Title

Privacy Policy

Document No.

COR13 –A

This Version

2

Replaces

1

Consultative Group

POPIA Steering Committee

Drafted by

Daleen Nel

Applies to

All Business Units

Approved by

POPIA Steering Committee

Approval date

March 2021

Effective date

March 2021

Derivative Documents

Doc No

Title

Version

Comments

COR13

Privacy Policy


Group Privacy Policy

Version tracking

Version

Type of Review

Date

Description of Review

2

General Review

March 2021

Amended Information Officer Details


COPYRIGHT WARNING NOTICE

This policy and procedure is the property of Netcare Limited. Copyright subsists in this work. Any unauthorised reproduction, publication or translation of the work are acts of copyright infringement and may lead to criminal prosecution. The compilation and input to the guide was obtained from experts in the field. Any changes and alterations can only be made with the approval of the authors. Reference to one gender can be interpreted to imply belonging to either gender. Any deviations from this policy and its supporting standard operating procedures require the approval from the assigned approval committee. All deviations, comments and suggestions could be emailed to policies@netcare.co.za

COPYRIGHT WARNING NOTICE

This policy and procedure is the property of Netcare Limited. Copyright subsists in this work. Any unauthorised reproduction, publication or translation of the work are acts of copyright infringement and may lead to criminal prosecution. The compilation and input to the guide was obtained from experts in the field. Any changes and alterations can only be made with the approval of the authors. Reference to one gender can be interpreted to imply belonging to either gender. Any deviations from this policy and its supporting standard operating procedures require the approval from the assigned approval committee. All deviations, comments and suggestions could be emailed to policies@netcare.co.za

TABLE OF CONTENT

1. INTRODUCTION 6

2. WHAT IS PERSONAL INFORMATION? 6

3. PROCESSING OF PERSONAL DATA EXAMPLES 7

4. DUTIES AND RIGHTS ABOUT PERSONAL INFORMATION 8

5. RETENTION OF PERSONAL INFORMATION 8

6. SECURING YOUR PERSONAL INFORMATION 9

7. OUR COOKIE POLICY 9

8. CHANGES TO THIS PRIVACY POLICY 9

9. REQUEST FOR ASSISTANCE REGARDING PRIVACY RIGHTS 10

10. LEGAL FRAMEWORK 10

1. Introduction

Netcare acknowledges the rights of privacy and dignity of all persons. This includes the right to protection of private information. In compiling this policy the statutory framework contained in the laws of South Africa was given due consideration. See references for further detail. The inherent right to privacy is protected in the Constitution of Republic of South Africa and various other pieces of legislation applicable to Healthcare. See Legal Framework in this policy.

Our Privacy Policy governs the way we, at Netcare, treat your personal information. We respect your privacy and treat your personal information as confidential. Our Privacy Policy explains how we use, collect and share your personal information. All patient information will be protected from unauthorised access, loss or damage and respected as confidential by all staff members, contractors, volunteers or learners. 

2. What is personal information?

Personal information means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to-

  1. information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
  2. information relating to the education or the medical, financial, criminal or employment history of the person;
  3. any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
  4. the biometric information of the person;
  5. the personal opinions, views or preferences of the person;
  6. correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
  7. the views or opinions of another individual about the person; and
  8. the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.

Personal information will be collected from you directly. This is done during the admission and stay in hospital process.

Where the law requires that information regarding certain diseases be notified to the authorities Netcare will do so without delay.

We may also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal information, but is not considered personal information in law as this information does not, directly or indirectly, reveal your identity.

 3. Processing of personal data examples 

The following principles will be adhered to and considered with when dealing with patient rights.

  1. It is important to recognise for each process or decision that the following is considered before release of information.
    1. Does it justify the purpose?
    2. Is the minimum patient identifiable detail disclosed?
    3. Access to information is on a strict to know basis only? 
    4. Everyone involved with patient information understands his/her responsibilities in this regard.
    5. Compliance with the law is not negotiable. 
  2. Right to refuse or permit the sharing of information
    1. Netcare abides by the requirements of the National Health Act 61 of 2003 as well as the Patient Rights Charter; both of which grants a patient full participation in his/her health care management.
    2. Netcare does not use data for marketing purposes – however, to ensure continuous improving of the care and service offering, patients may be asked to complete service experience questionnaires.
    3. Providing of lists to clergy may only be done with the explicit written consent of the patient and in line with the reception policy dealing with this topic. 
  3. Sharing with Managed Care and Third parties 
    1. In accordance with medical aid membership a hospital/ health care worker is obliged to share medical information with the medical aid the member belongs to. 
  4. Privacy within the unit
    1. Hospital records will be archived by the hospital as defined in the terms and conditions of the admission document. Records remain active whilst patient is in hospital. On discharge the record becomes inactive, and shall only be made available in terms of the stipulations of the Promotion to Access of Information Act 2 of 2000. 
    2. It is important that the environment within the unit gives due consideration to privacy of patients i.e. tone of voice, closure of curtains, records out of reach of general public during visiting hours, not discussing patients in corridors or public places. 
  5. Netcare premises may have CCTV cameras in place that will record movement on premises. Except for this filming and video of patients is strictly prohibited, except where the consent is completed per the Netcare Communication procedure in force. 
  6. Clinical research and trials are completed in accordance with legislative requirements as set out in the National Health Act 61 of 2003. All research participants shall be required to submit written consent.

 4. Duties and rights about personal information

  1. On admission proof of identity will be required from all patients.
  2. On admission proof of medical aid membership shall be required from all patients who are members of medical aids. 
  3. All existing personal information of patients shall be updated with every subsequent visit to the hospital. 

 5. Retention of personal information

All patient information shall be archived as per regulatory requirements. Should this be of concern to you kindly request a copy of our retention policy.

6. Securing your personal information

Netcare shall ensure that the appropriate measures are taken to safeguard personal information of other persons; which steps will include physical, technological and procedural safeguards which restrict access to systems, as well as all steps to ensure the safe archiving of records.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so. Netcare will not be held liable under any circumstances if such information is compromised or disclosed through conduct outside the control of Netcare such as hacking, “Trojan Horses”, or infection by “viruses” or software that are intended to damage and detrimentally interfere with our operations.


 7. Our cookie policy

A cookie is a small piece of data sent from our website to your computer or device or internet browser where it is saved. The cookie contains information to personalise your experience on our website and applications. The cookie has the ability to identify your device, computer or smart phone. By using our website and applications you agree that cookies may be forwarded from the relevant website or application to your computer or device. We may use the cookie to enable us to know you visited our website. You have the right to choose whether or not to accept cookies. However, please note that if you do not accept our cookies, you may not be able to use the full functionality of our website or mobile applications.


8. Changes to this privacy policy

Our Privacy policy and procedures are regularly reviewed and updated on our website. This document was updated March 2021.

 9. Request for assistance regarding privacy rights

  1. A data subject who wishes to object to the processing of personal information in terms of section 11(3)(a) of the Act, must submit the objection to Netcare (Form 1). Netcare will, through its Information Officer/s provide such reasonable assistance as is necessary, free of charge, to enable the data subject to make an objection on Form 1. 
  1. Request for correction or deletion of personal information or destruction or deletion of record of personal information must submit a request to the Netcare on Form 2. The information Officer/s will provide reasonable assistance free of charge.

Information Officer : Charles Vikisi (Charles.Vikisi@netcare.co.za)

10. Legal framework 

  1. The Constitution South Africa Act No 108 of 1996 (s14) deals pertinently with the right to privacy and confidentiality. 
  2. The Children’s Act No 38 of 2005 (13) states that each child has the right to confidentiality regarding his health status except when maintaining such confidentiality is not in the best interest of the child.
  3. The Choice of Termination of Pregnancy Act No 92 of 1996 (7) provides that the identity of a woman who obtained a termination of pregnancy shall remain confidential at all times. 
  4. The Electronic Communications and Transactions Act No 25 of 2002 applies in respect of electronic transactions or data messages and state that data controller should have the express written permission of the data subject for the processing, collecting, collation or disclosure of information of a person. 
  5. The Medical Schemes Act No 131 of 1998 (57) deals with the business of a medical scheme and the duties of the Board of Trustees to ensure all reasonable steps are taken to protect the information of members. 
  6. The Mental Health Care Act No 17 of 2002 (8) states that a person’s human dignity and privacy must be respected. 
  7. The National Health Act No 61 of 2003 (14) stipulates that the information is confidential and may not be disclosed if not consented to. 
  8. The Nursing Act No 33 of 2005, regulations deal dealing with acts of omission specifies that information obtained concerning a patient in the course of professional activities may not be disclosed without consent. 
  9. The Pharmacy Act no 53 of 1974, rules relating to good pharmacy practice deals extensively with disclosure of information obtained in the course of professional activities without express consent will constitute unethical or unprofessional conduct. 
  10. The Promotion of Access to Information Act No 2 of 2000 deals with rights of access to information and clearly state that personal information may not be disclosed to third-party unless the party has given permission for disclosure of information. 
  11. The Protection of Personal Information Act No 4 of 2013 provides clear guidance on the protection rights of personal information.