1. About the Practice
This is a private radiology practice, which provides radiological services (such as, but not limited to, X-rays, scans, mammograms and sonars) to patients. The practice is subject to various laws protecting the privacy and confidentiality of data subjects, including patients, as well as the ethical rules and policies of the Health Professions Council of South Africa (HPCSA).
The practice’s Head Office contact details are as follows:
Address: 5th Floor, 5 St Georges Building, St Georges Mall, Cape Town, 8001
Tel.: 021 425 3100
2. Information Officer
The contact details of the practice’s Information Officer are as follows:
Name: Ari Fonarov
Tel.: 021 425 3100
3. Definition of Terms
- “Personal information” refers to information relating to identifiable, living, natural persons as well as identifiable, existing juristic persons, and includes, but is not limited to –
- information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
- information relating to the education or the medical, financial, criminal or employment history of the person;
- any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
- the biometric information of the person;
- the personal opinions, views or preferences of the person;
- correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
- the views or opinions of another individual about the person; and
- the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person,
and “information” has a similar meaning unless the context requires otherwise.
- “Processing” refers to any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including –
- the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
- dissemination by means of transmission, distribution or making available in any other form; or
- merging, linking, as well as restriction, degradation, erasure or destruction of information.
- “POPIA” means the Protection of Personal Information Act (Act 4 of 2013) and Regulations made in terms thereof.
- “We” / “us” refers to the practice and the practice owners and directors.
- “You” / “your” refers to the data subject (i.e. the person or entity) whose personal information is in the possession of or under the control of or processed by the practice.
5. Our Commitment
We understand that your personal information is important to you and that you may be anxious about disclosing it. Your privacy and the security of your information are just as important to us and we, therefore, want to make sure you understand how your information will be processed. We acknowledge that we are bound by the applicable law to keep your personal information confidential and protect such information. We are committed to conducting our business in accordance with the law in order to ensure that the confidentiality of your personal information is protected and maintained. We take this commitment to look after your personal information seriously. We have implemented a number of processes to make sure that your personal information is used in the right way.
6. Privacy Principles
We apply the following principles in order to protect your privacy:
- No more personal information about you than what is necessary is collected;
- Your personal information is not kept by us if it is no longer needed; and
7. When You Provide Information about Another Person / Entity
8. Collection of Your Personal Information
We obtain personal information directly from you when you become a patient, when you log onto our website or when you provide information to us. Information may also be collected from other sources, depending on the circumstances, such as your next-of-kin, a regulator, another health care practitioner involved with your care, a credit bureau or a public record or when you make information publicly available. The information that we request from you is necessary to provide you with medical or other services. Information is generally collected for the purposes as set out below.
9. Processing of Your Personal Information
There are various laws that permit the processing of your personal information such as the National Health Act, the Protection of Personal Information Act (POPIA) and the Health Professions Act. We will only process, which includes collect, use, store or disclose, your personal information in accordance with the law or otherwise with your consent and will always strive to keep your information confidential, whether you supply it directly to us or whether it is collected lawfully from other sources. We generally process the following personal information of you, as may be applicable in the circumstances, and retain it as part of our records:
- Name, identity number, date of birth, age, contact details, address, nationality and gender;
- Name and contact details of next-of-kin;
- Health status and disability;
- Funder (e.g. medical scheme) information;
- Medical services provided;
- Radiological images and reports;
- Billing and payment detail;
- and Patient documentation, including consent forms, invoices and correspondence with us.
- Health care practitioners and employees
- Name, identity number, date of birth, age, contact details, address, HPCSA number or professional registration number in another country, position or role in the practice, nationality, gender, race, qualifications, specialisation and interests, curriculum vitae, references and photos;
- Membership of the Radiological Society of South Africa (RSSA) and any other professional society of practitioners;
- Relevant medical and disability information;
- Signatures of official signatories of the practice and proof of residence, if required by the bank;
- Employment-related information;
- Bank details;
- Professional indemnity cover information; and
- Suppliers, Service Providers, Other Stakeholders in the Health Care Industry, including Public Bodies and Regulators
- Organisation name and contact details;
- Names, titles and contact details of relevant persons and officers;
- Black-Economic Empowerment (BEE) status of suppliers;
- Agreements and related information;
- Official documentation, including newsletters and statements; and
- Engagement-related information and correspondence.
Other personal information may be collected and processed, as may be necessary and applicable in the circumstances.
If you provide consent to us to process your personal information, you may withdraw your consent at any time. This does not affect the processing of personal information that has already occurred. If you withdraw your consent, your personal information will only be processed as provided for in the law, and, if the circumstances make it reasonable and lawful for us to do so, we may terminate our relationship with you.
11. Objection to Processing
In certain instances, you may object to the processing of your personal information, if it is reasonable to do so, unless we may do so in terms of the law. This must occur on the form prescribed by POPIA. This does not affect the personal information already processed. If you object and we agree with your objection, your personal information will only be processed as provided for in the law. If you exercise this right and, if the circumstances make it reasonable and lawful for us to do so, we may terminate our relationship with you.
12. Purpose of Processing Your Personal Information
We generally process your personal information for the following purposes:
- to conduct and manage the practice in accordance with the law, including the administration of the practice and claiming and collecting payment for services rendered from relevant funders, patients and/or responsible persons / entities;
- for treatment and care of patients, including referrals to other practitioners and reporting to referring practitioners;
- for communication purposes;
- for the maintenance of practice records and patients’ medical records;
- for employment and related matters of employees and other practitioners;
- for reporting to persons and bodies as required and authorised in terms of the law or by you;
- for historical, statistical and research purposes;
- for clinical trials;
- for proof;
- for enforcement of the practice’s rights; and/or
- for any other lawful purpose related to the activities of a private radiology practice.
We do not use your personal information for commercial purposes.
13. Disclosure of Your Personal Information
In order to provide patients with medical services, we will share only relevant personal information, as may be necessary in the circumstances, with –
- business, employees, patients, the public or others.
Relevant personal information of other persons and entities will be shared, as may be necessary in the circumstances, with our professional advisers, auditors / accountants, funders, regulators, relevant public and private bodies, law enforcement structures and the RSSA. The information will only be shared as permitted in terms of the law or as otherwise agreed to with such a person.
We expressly reserve the right to transfer any and all personal information that we have in our possession or under our control, without limitation, to a purchaser or other successor in title of the practice that acquires rights to that information in the event of a merger, restructuring, reorganisation, dissolution, or other sale or transfer of the practice or some or all of its assets.
We maintain records of your personal information for as long as it is necessary for lawful purposes in accordance with the law, including to fulfil your requests, provide services to you, comply with legal obligations, resolve disputes, enforce agreements and as proof. These records may be held in electronic format. We may also retain your personal information for historical, statistical and research purposes, subject to the provisions of the law.
15. Sending Information Across the Borders of the Republic of South Africa
We process and store your information in records within the Republic South Africa, including in ‘clouds’, which comply with the requirements of POPIA to ensure the protection of your privacy. If we must provide your personal information to any third party in another country, we will obtain your prior consent unless such information may be lawfully provided to that third party.
16. Security of Your Personal Information
We are committed to ensuring the security of your personal information in order to protect it from unauthorised processing and access as well as loss, damage or unauthorised destruction. We continually review and update our information protection measures to ensure the security, integrity, and confidentiality of your information in accordance with industry best practices. There are inherent risks in the electronic transfer and storage of personal information. We have implemented measures to prevent any unauthorised access to your personal information, which includes technical and organisational measures and internal policies to prevent unauthorised access, loss or use of your personal information. These measures include the physical securing of the offices where information is held, the locking of cabinets with physical records, password control to access electronic records, off-site data back-ups and stringent policies in respect of electronic record storage and dissemination. In addition, only those employees and service providers that require access to your information to discharge their functions and to render services to us are granted access to your information and only if they have concluded agreements with or provided undertakings to us requiring them to implement appropriate security measures, maintain the confidentiality of your information and refrain from processing your information for any purpose other than for the rendering of services to us. We will inform you and the Information Regulator, if any person has unlawfully obtained access to your personal information, subject to the provisions of the law.
17. Right to Access your Personal Information
You have the right to access your personal information subject to restrictions imposed in legislation. You may request access to your information in our possession or under our control and information of third parties to whom we supplied that information. If you wish to exercise this right, please complete and submit the prescribed form to the practice’s Information Officer. Costs may be applicable to such request. The relevant form and costs can be obtained from the Information Officer. Our PAIA Manual, which is also available from our Information Officer, describes how you should request access to this information and any charges that may be applicable.
18. Accuracy of Your Personal Information
It is important that we always have accurate information about you on record as it could impact on communication with you and your health, if applicable. You must therefore inform us as soon as any of your information has changed.
If you discover that the information, we have about you is incorrect or out of date, you may ask that it be corrected by contacting our Information Officer. You may also request that we correct or delete any information. Such a request must be made in writing on the prescribed form to the Information Officer and must provide sufficient detail to identify the information and the correction or deletion required. Information will only be corrected or deleted, if we agree that the information is incorrect or should be deleted. It may not be possible to delete all of the information if there is a legal basis to retain the information. However, please contact the Information Officer to discuss how we can assist you with your request. If we correct any information and the corrected information will impact on any decision made or to be made about you, we will send the corrected information to persons to whom the information has been disclosed in the past if they should be aware of the changed information.
19. Marketing of Products and Services
If you have provided consent, we may occasionally inform you, electronically or otherwise, about supplementary products and services offered by us that may be useful or beneficial to you. You may at any time withdraw your consent and opt-out from receiving such information. You may not opt-out of patient-related communications, which are not promotional in nature.
20. Changes to this Policy
21. Concerns and Complaints about the Processing of Your Personal Information