Company Privacy Policy

Please read this Privacy Policy carefully to understand how your personal information will be handled by Morton and Partners Radiologists and their affiliates, joint ventures (further know as “the practice”).  Every term of this Policy is material. If you do not agree with the processing of your personal information as set out in this Policy, we may in our sole discretion decide whether to provide or continue with the provision of health care services to you, unless we have a legal obligation to do so, or to otherwise engage with you.

1.       About the Practice

This is a private radiology practice, which provides radiological services (such as, but not limited to, X-rays, scans, mammograms and sonars) to patients. The practice is subject to various laws protecting the privacy and confidentiality of data subjects, including patients, as well as the ethical rules and policies of the Health Professions Council of South Africa (HPCSA).

The practice’s Head Office contact details are as follows:

Address: 5th Floor, 5 St Georges Building, St Georges Mall, Cape Town, 8001

E-mail: enquiries@morton.co.za

Tel.: 021 425 3100

2.       Information Officer

The contact details of the practice’s Information Officer are as follows:

Name: Ari Fonarov

E-mail: ari.fonarov@morton.co.za

Tel.: 021 425 3100

3.       Definition of Terms

  •  “Personal information” refers to information relating to identifiable, living, natural persons as well as identifiable, existing juristic persons, and includes, but is not limited to –
    • information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
    • information relating to the education or the medical, financial, criminal or employment history of the person;
    • any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
    • the biometric information of the person;
    • the personal opinions, views or preferences of the person;
    • correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
    • the views or opinions of another individual about the person; and
    • the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person,

and “information” has a similar meaning unless the context requires otherwise.

  • “Processing” refers to any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including –
    • the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
    • dissemination by means of transmission, distribution or making available in any other form; or
    • merging, linking, as well as restriction, degradation, erasure or destruction of information.
  • “POPIA” means the Protection of Personal Information Act (Act 4 of 2013) and Regulations made in terms thereof.
  • “We” / “us” refers to the practice and the practice owners and directors.
  • “You” / “your” refers to the data subject (i.e. the person or entity) whose personal information is in the possession of or under the control of or processed by the practice.

4.       Application of the Privacy Policy

This Privacy Policy applies to personal information that we have in our possession or under our control, and information that we collect from you or that you may provide to us (for example, when you obtain medical services at the practice and/or submit information via the practice’s website). It stipulates, amongst others, how we collect your personal information, the type of information collected, why that information is collected, the circumstances under which that information will be shared with others, the security measures that we have implemented to protect your personal information and your right to obtain access to and correct the information in our possession or under our control.

5.       Our Commitment

We understand that your personal information is important to you and that you may be anxious about disclosing it. Your privacy and the security of your information are just as important to us and we, therefore, want to make sure you understand how your information will be processed. We acknowledge that we are bound by the applicable law to keep your personal information confidential and protect such information. We are committed to conducting our business in accordance with the law in order to ensure that the confidentiality of your personal information is protected and maintained. We take this commitment to look after your personal information seriously. We have implemented a number of processes to make sure that your personal information is used in the right way.

6.       Privacy Principles

We apply the following principles in order to protect your privacy:

  • No more personal information about you than what is necessary is collected;
  • Your personal information is only used for the purposes specified in this Privacy Policy, unless you are advised otherwise and agree thereto, if required;
  • Your personal information is not kept by us if it is no longer needed; and
  • Other than as specified in this Privacy Policy or otherwise agreed with you, we do not share your personal information with third parties.

7.       When You Provide Information about Another Person / Entity

You must make sure that if you provide personal information about any other person or entity to us, you have their consent and they are comfortable for you to share their information with us unless you may do so in terms of the law. You should make sure that they read this Privacy Policy and understand how we will use and disclose their information. When you provide information about another person or entity, we accept that you have their consent.

8.       Collection of Your Personal Information

We obtain personal information directly from you when you become a patient, when you log onto our website or when you provide information to us. Information may also be collected from other sources, depending on the circumstances, such as your next-of-kin, a regulator, another health care practitioner involved with your care, a credit bureau or a public record or when you make information publicly available. The information that we request from you is necessary to provide you with medical or other services. Information is generally collected for the purposes as set out below.

9.       Processing of Your Personal Information

There are various laws that permit the processing of your personal information such as the National Health Act, the Protection of Personal Information Act (POPIA) and the Health Professions Act. We will only process, which includes collect, use, store or disclose, your personal information in accordance with the law or otherwise with your consent and will always strive to keep your information confidential, whether you supply it directly to us or whether it is collected lawfully from other sources. We generally process the following personal information of you, as may be applicable in the circumstances, and retain it as part of our records:

  • Patients:
    • Name, identity number, date of birth, age, contact details, address, nationality and gender;
    • Name and contact details of next-of-kin;
    • Health status and disability;
    • Funder (e.g. medical scheme) information;
    • Medical services provided;
    • Radiological images and reports;
    • Billing and payment detail;
    • and Patient documentation, including consent forms, invoices and correspondence with us.
  • Health care practitioners and employees
    • Name, identity number, date of birth, age, contact details, address, HPCSA number or professional registration number in another country, position or role in the practice, nationality, gender, race, qualifications, specialisation and interests, curriculum vitae, references and photos;
    • Membership of the Radiological Society of South Africa (RSSA) and any other professional society of practitioners;
    • Relevant medical and disability information;
    • Signatures of official signatories of the practice and proof of residence, if required by the bank;
    • Employment-related information;
    • Bank details;
    • Professional indemnity cover information; and
    • Correspondence.
  • Suppliers, Service Providers, Other Stakeholders in the Health Care Industry, including Public Bodies and Regulators
    • Organisation name and contact details;
    • Names, titles and contact details of relevant persons and officers;
    • Black-Economic Empowerment (BEE) status of suppliers;
    • Agreements and related information;
    • Invoices;
    • Official documentation, including newsletters and statements; and
    • Engagement-related information and correspondence.

Other personal information may be collected and processed, as may be necessary and applicable in the circumstances.

10.   Consent

If you provide consent to us to process your personal information, you may withdraw your consent at any time. This does not affect the processing of personal information that has already occurred. If you withdraw your consent, your personal information will only be processed as provided for in the law, and, if the circumstances make it reasonable and lawful for us to do so, we may terminate our relationship with you.

11.   Objection to Processing

In certain instances, you may object to the processing of your personal information, if it is reasonable to do so, unless we may do so in terms of the law. This must occur on the form prescribed by POPIA. This does not affect the personal information already processed. If you object and we agree with your objection, your personal information will only be processed as provided for in the law. If you exercise this right and, if the circumstances make it reasonable and lawful for us to do so, we may terminate our relationship with you.

12.   Purpose of Processing Your Personal Information

We generally process your personal information for the following purposes:

  • to conduct and manage the practice in accordance with the law, including the administration of the practice and claiming and collecting payment for services rendered from relevant funders, patients and/or responsible persons / entities;
  • for treatment and care of patients, including referrals to other practitioners and reporting to referring practitioners;
  • for communication purposes;
  • for the maintenance of practice records and patients’ medical records;
  • for employment and related matters of employees and other practitioners;
  • for reporting to persons and bodies as required and authorised in terms of the law or by you;
  • for historical, statistical and research purposes;
  • for clinical trials;
  • for proof;
  • for enforcement of the practice’s rights; and/or
  • for any other lawful purpose related to the activities of a private radiology practice.

We do not use your personal information for commercial purposes.

13.   Disclosure of Your Personal Information

In order to provide patients with medical services, we will share only relevant personal information, as may be necessary in the circumstances, with –

  • business, employees, patients, the public or others.

Relevant personal information of other persons and entities will be shared, as may be necessary in the circumstances, with our professional advisers, auditors / accountants, funders, regulators, relevant public and private bodies, law enforcement structures and the RSSA. The information will only be shared as permitted in terms of the law or as otherwise agreed to with such a person.

We expressly reserve the right to transfer any and all personal information that we have in our possession or under our control, without limitation, to a purchaser or other successor in title of the practice that acquires rights to that information in the event of a merger, restructuring, reorganisation, dissolution, or other sale or transfer of the practice or some or all of its assets.

14.   Record-Keeping

We maintain records of your personal information for as long as it is necessary for lawful purposes in accordance with the law, including to fulfil your requests, provide services to you, comply with legal obligations, resolve disputes, enforce agreements and as proof. These records may be held in electronic format. We may also retain your personal information for historical, statistical and research purposes, subject to the provisions of the law.

15.   Sending Information Across the Borders of the Republic of South Africa

We process and store your information in records within the Republic South Africa, including in ‘clouds’, which comply with the requirements of POPIA to ensure the protection of your privacy. If we must provide your personal information to any third party in another country, we will obtain your prior consent unless such information may be lawfully provided to that third party.

16.   Security of Your Personal Information

We are committed to ensuring the security of your personal information in order to protect it from unauthorised processing and access as well as loss, damage or unauthorised destruction. We continually review and update our information protection measures to ensure the security, integrity, and confidentiality of your information in accordance with industry best practices. There are inherent risks in the electronic transfer and storage of personal information. We have implemented measures to prevent any unauthorised access to your personal information, which includes technical and organisational measures and internal policies to prevent unauthorised access, loss or use of your personal information. These measures include the physical securing of the offices where information is held, the locking of cabinets with physical records, password control to access electronic records, off-site data back-ups and stringent policies in respect of electronic record storage and dissemination. In addition, only those employees and service providers that require access to your information to discharge their functions and to render services to us are granted access to your information and only if they have concluded agreements with or provided undertakings to us requiring them to implement appropriate security measures, maintain the confidentiality of your information and refrain from processing your information for any purpose other than for the rendering of services to us. We will inform you and the Information Regulator, if any person has unlawfully obtained access to your personal information, subject to the provisions of the law.

17.   Right to Access your Personal Information

You have the right to access your personal information subject to restrictions imposed in legislation. You may request access to your information in our possession or under our control and information of third parties to whom we supplied that information. If you wish to exercise this right, please complete and submit the prescribed form to the practice’s Information Officer. Costs may be applicable to such request. The relevant form and costs can be obtained from the Information Officer. Our PAIA Manual, which is also available from our Information Officer, describes how you should request access to this information and any charges that may be applicable.

18.   Accuracy of Your Personal Information

It is important that we always have accurate information about you on record as it could impact on communication with you and your health, if applicable. You must therefore inform us as soon as any of your information has changed.

If you discover that the information, we have about you is incorrect or out of date, you may ask that it be corrected by contacting our Information Officer. You may also request that we correct or delete any information. Such a request must be made in writing on the prescribed form to the Information Officer and must provide sufficient detail to identify the information and the correction or deletion required. Information will only be corrected or deleted, if we agree that the information is incorrect or should be deleted. It may not be possible to delete all of the information if there is a legal basis to retain the information. However, please contact the Information Officer to discuss how we can assist you with your request. If we correct any information and the corrected information will impact on any decision made or to be made about you, we will send the corrected information to persons to whom the information has been disclosed in the past if they should be aware of the changed information.

19.   Marketing of Products and Services

If you have provided consent, we may occasionally inform you, electronically or otherwise, about supplementary products and services offered by us that may be useful or beneficial to you. You may at any time withdraw your consent and opt-out from receiving such information. You may not opt-out of patient-related communications, which are not promotional in nature.

20.   Changes to this Policy

We reserve the right in our sole and absolute discretion, to revise or supplement this Privacy Policy from time to time to reflect, amongst others, any changes in our business or the law. We will publish the updated Privacy Policy on our website at http//www.morton.co.za. It will also be available at the practice reception. Any revised version of the Policy will be effective as of the date of posting on the website, so you should always refer back to the website for the latest version of the Policy. It is your responsibility to make sure you are satisfied with any changes before continuing to use our services. If we make a material change to this Policy, you will be notified with a notice on the website and in the practice that our privacy practices have changed and you will obtain a link/access to the new Policy. In the event that we make a material change to how we use your personal information, we will provide you with an opportunity to opt-out of such new or different use. If you have any questions concerning this Policy, please contact our Information Officer.

21.   Concerns and Complaints about the Processing of Your Personal Information

All enquiries, requests or concerns regarding this Policy or relating to the processing of your personal information should be addressed to the Information Officer. If you believe that we process your personal information contrary to this Privacy Policy or in contravention of the law, please contact the Information Officer immediately. You may also lodge a complaint with the Information Regulator at inforeg@justice.gov.za  / +27 (0)10 023 5207 / +27 (0)82 746 4173.

22.   Laws applicable to this Privacy Policy

This Privacy Policy is governed by the laws of the Republic of South Africa.