Being POPI compliant is essential to your Practice.
The Protection of Personal Information (POPI) Act is being enforced on 01 July 2021. Unquestionably, now is the time, more than ever, to ensure your medical practice is POPI compliant.
Firstly, before you start developing your POPI strategy, it is crucial in answering these four questions:
- How do you collect your patient information?
- Where do you store your patient data?
- How do you protect your patient data?
- Do you know what POPI requires when it comes to the processing or sharing of personal patient information?
POPIA compliance in your medical practice
Under the POPIA your chief concern should be how your patients’ information is captured, stored and shared.
Following the Health Professions Council of South Africa (HPCSA) ethical guidelines, medical practitioners are responsible to their patients to guarantee the confidentiality of their medical conditions and the information contained within their health records.
Medical records constitute the following:
- Handwritten or electronic notes by doctors in your practice or by previous practitioners attending to your patient
- Referral letters
- Lab results
- Any other documents relating to your patient’s health information.
Furthermore, according to the current law, it is necessary to have written consent to share your patient’s information with a third party. (Unless under special circumstances.)
With this in mind, it is clear to see how your POPI Compliance Plan should complement your existing patient privacy strategy.