The appropriate collection, use and disclosure of patients’ personal health information is fundamental to day-to-day operations and to patient care. Protecting the privacy and the confidentiality of patient personal information is important to me. In compliance with the Protection of Personal Information Act (POPIA) this Privacy Statement has been created. The purpose of the POPI Act is to ensure that all South African institutions and/or organisations conduct themselves in a responsible manner when collecting, processing, storing and sharing another entity’s personal information by holding them accountable should they abuse or compromise your personal information in any way.
The applicability of this Privacy Statement attests to my commitment to privacy and demonstrates the ways I ensure that patient privacy is protected. This Privacy Statement applies to the personal health information of all patients that is in my possession and control.
What is Personal Health Information?
Personal health information means identifying information about an individual relating to their physical or mental health (including medical history), the providing of health care to the individual, billing and medical aid information.
The 10 Principles of this Privacy Statement reflect compliance with fair information practices, applicable laws and standards of practice.
As medical practitioners, the securing of personal information is legislated in both the HPCSA as well as the POPIA. As a Sole Practitioner, I am the only designated Information Officer and am duly registered as such with the Information Regulator of South Africa.
2. Identifying Purposes
As part of establishing diagnostic information and planning a treatment protocol, sensitive information is required. Your information is required to establish a relationship and meet your mental health needs. Most of this information is obtained directly from you and informed consent is signed at the outset of our relationship. The information collected is limited to only what I need to know in order to provide you with the best possible care and is limited to this use.
You have the right to determine how your personal health information is used and disclosed. For most health care purposes, your consent is implied as a result of your consent to treatment, however, in all circumstances express consent must be written in the form of a completed Informed Consent Form. Your written Consent will be stored at the practice in a locked cabinet to which I am the only person allowed access. Other information stored on my personal computer is encrypted and password protected. Information required for billing purposes is also password protected but may be shared with third-party vendors, who are also required to be compliant with POPIA, i.e. billing software, medical aid schemes or collection agencies. You have the right to access any information kept about you.
4. Limiting Collection
I collect information by fair and lawful means and collect only that information that may be necessary for purposes related to the provision of your medical care.
5. Limiting Use, Disclosure and Retention
The information requested from you is used for the purposes defined. I will seek your consent before using the information for purposes beyond the scope of the posted Privacy Statement. Under no circumstances do I sell patient lists or other personal information to third parties. There are some types of disclosure of your personal health information that may occur as part of this Practice fulfilling its routine obligations and/or practice management. This includes consultants and suppliers to the Practice, on the understanding that they abide by our relevant POPIA laws, and only to the extent necessary to allow them to provide business services or support to this Practice. I will retain your information only for the time it is required for the purposes described and once your personal information is no longer required, it will be destroyed. The HPCSA requires medical information to be kept for 6 years or until the age of 21 years in the case of a minor. At all times you retain the right to access your personal information records. Such requests can be presented in writing to myself.
I endeavour to ensure that all decisions involving your personal information are based upon accurate and timely information. While I will my best to base decisions on accurate information, I rely on you to disclose all material information and to inform me of any relevant changes. From time to time you may be requested to update your information.
7. Safeguards: Protecting Your Information
I protect your information with appropriate safeguards and security measures. The Practice maintains personal information in a combination of paper and electronic files. Recent paper records concerning individuals’ personal information are stored in files kept onsite at my office. With consent, I provide information to health care providers acting on your behalf, on the understanding that they are also bound by law and ethics to safeguard your privacy. Other organizations and agents must agree to abide by my Privacy Statement and may be asked to sign contracts to that effect. I will give them only the information necessary to perform the services for which they are engaged, and will require that they not store, use or disclose the information for purposes other than to carry out those services. My computer systems are password-secured and constructed in such a way that only authorized individuals can access secure systems and databases. If you send me an e-mail message that includes personal information, such as your name included in the "address", we will use that information to respond to your inquiry. Please remember that e-mail is not necessarily secure against interception. If your communication is very sensitive, you should not send it electronically unless the e-mail is encrypted or your browser indicates that the access is secure. By the same token, sensitive information sent to you via email will be password protected. You have the ability to unsubscribe from mailing lists by clicking on the relevant button on each newsletter sent out.
8. Openness: Keeping You Informed
The Practice has prepared this plain-language Privacy Statement to keep you informed. You may view a copy by visiting our website at www.calmyourmind.co.za. If you have any additional questions or concerns about privacy, I invite you to contact me by phone and I will address your concerns to the best of my ability.
9. Access and Correction
With limited exceptions, I will give you access to the information retained about you within a reasonable time, upon presentation of a written request and satisfactory identification. I may charge you a fee for this service and if so, will give you notice in advance of processing your request. If you find errors of fact in your personal health information, please notify me as soon as possible and I will make the appropriate corrections. For access to personal information please see the PAIA Manual and complete the relevant forms.
10. Challenging Compliance
I encourage you to contact me with any questions or concerns you might have about your privacy or this Privacy Statement. I will investigate and respond to your concerns about any aspect of my handling of your information. In most cases, an issue is resolved simply by telling me about it and discussing it.
You can reach me at:
Privacy Officer Calm Your Mind
279 Bryanston Drive
071 602 6631
If, after contacting me, you feel that your concerns have not been addressed to your satisfaction, you have the right to complain to the Information Regulator of South Africa.