Privacy Statement
|
Privacy Statement
of
Merryn Manley Physiotherapy “Physio@Merryn” (Practice)
Please read this Privacy Statement carefully to understand how your personal information will be handled by Merryn Manley Physiotherapy “Physio@merryn”. Every term of this Statement is material. If you do not agree with the processing of your personal information as set out in this Statement, we may in our sole discretion decide whether to provide or continue with the provision of physiotherapy services to you, unless we have a legal obligation to do so, or to otherwise engage with you.
ABOUT THE PRACTICE
This is a private physiotherapy practice, which provides physiotherapy services to patients. The practice is subject to various laws protecting the privacy and confidentiality of data subjects (e.g. the Health Professions Act and the National Health Act), including patients, as well as the ethical rules and policies of the Health Professions Council of South Africa (HPCSA).
The practice’s contact details are as follows:
Address: First Floor, Naturally Yours Center, corner Main Road & Culross Road, Bryanston
E-mail: info@physioatmerryn.co.za
Telephone: 073 323 1188
Website: www.physioatmerryn.co.za
INFORMATION OFFICER
The contact details of the practice’s Information Officer are as follows:
Name: Merryn Manley
E-mail info@physioatmerryn.co.za
Telephone: 073 323 1188
DEFINITION OF TERMS
-
- “Personal information” refers to information relating to identifiable, living, natural persons as well as identifiable, existing juristic persons, and includes, but is not limited to -
- information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
- information relating to the education or the medical, financial, criminal or employment history of the person;
- any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
- the biometric information of the person;
- the personal opinions, views or preferences of the person;
- correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
- the views or opinions of another individual about the person; and
- the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person, and “information” has a similar meaning unless the context requires otherwise.
- “Personal information” refers to information relating to identifiable, living, natural persons as well as identifiable, existing juristic persons, and includes, but is not limited to -
-
- “Processing” refers to any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including -
- the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
- dissemination by means of transmission, distribution or making available in any other form; or
- merging, linking, as well as restriction, degradation, erasure or destruction of information.
- “Processing” refers to any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including -
-
- “POPIA” means the Protection of Personal Information Act (Act 4 of 2013) and Regulations made in terms thereof.
-
- “We” / “us” refers to the practice and the practice owners / partners / directors.
-
- “You” / “your” refers to the data subject (i.e. the person or entity) whose personal information is in the possession of or under the control of or processed by the practice.
APPLICATION OF THE PRIVACY STATEMENT
This Privacy Statement applies to personal information that we have in our possession or under our control as well as information that we collect or receive from or about you (for example, when you obtain physiotherapy services at the practice and/or submit information via your patient file). It stipulates, amongst others, how we collect your personal information, the type of information collected, why that information is collected, the circumstances under which that information will be shared with others, the security measures that we have implemented to protect your personal information and your right to obtain access to and correct the information in our possession or under our control.
OUR COMMITMENT
We understand that your personal information is important to you and that you may be anxious about disclosing it. Your privacy and the security of your information are just as important to us and we therefore want to make sure you understand how your information will be processed. We acknowledge that we are required by law to keep your personal information confidential and secure. We are committed to conducting our practice in accordance with the law in order to ensure that the confidentiality of your personal information is protected and maintained. We take this commitment to look after your personal information seriously. We have implemented a number of processes to make sure that your personal information is used in the right way.
PRIVACY PRINCIPLES
We apply the following principles in order to protect your privacy:
- No more personal information about you than what is necessary is collected;
- Your personal information is only used for the purposes specified in this Privacy Statement, unless you are advised otherwise;
- Your personal information is not kept by us if it is no longer needed; and
- Other than as specified in this Privacy Statement or otherwise agreed with you, we do not share your personal information with third parties.
WHEN YOU PROVIDE INFORMATION ABOUT ANOTHER INDIVIDUAL / ENTITY
You must make sure that if you provide personal information about any individual or entity to us, you may lawfully do so (e.g. with their consent). We will accept that you are acting lawfully. You should make sure that they are familiar with this Privacy Statement and understand how we will use and disclose their information.
COLLECTION OF YOUR PERSONAL INFORMATION
We obtain personal information directly from you when you become a patient or an employee, when you log onto our website or when you provide information to us. Information may also be collected from other sources, depending on the circumstances, such as your next-of-kin, another health care practitioner involved in your care, the hospital / facility admission form, a credit bureau, a public record or when you make information publicly available. The information that we request from you is necessary to provide you with physiotherapy services or to manage the employment or other relationship. Information is generally collected for the purposes as set out below.
PROCESSING AND DISCLOSURE OF PATIENTS' PERSONAL INFORMATION
There are various laws that permit the processing of your personal information such as the National Health Act, the Health Professions Act and POPIA. We will only process, which includes collect, use, store or disclose, your personal information in accordance with the law or otherwise with your consent and will always strive to keep your information confidential, whether you supply it directly to us or whether it is collected lawfully from other sources.
We generally collect and process the following personal information about patients and retain it as part of our records:
- Name, identity number, date of birth, age, contact details, address and gender;
- Name and contact details of next-of-kin;
- Health status and disability;
- Funder (e.g. medical scheme) information;
- Physiotherapy services provided;
- Reports from special investigations such as radiology reports and pathology results;
- Account and payment details; and
- Patient documentation, including consent forms, invoices, photos, videos and correspondence
When you become a patient of the practice, we will use your personal information as follows:
- to provide you with appropriate care;
- to communicate with you in respect of your care, including reminding you of appointments and collecting payments for services rendered;
- for administrative purposes, including preparing invoices and collecting payment for services rendered;
- to refer you to other practitioners;
- to report to referring practitioners;
- for participation in clinical trials (if necessary)
- record-keeping;
- for historical, statistical and research purposes;
- as proof;
- for enforcement of the practice’s rights;
- for any other lawful purpose related to the activities of a private physiotherapy practice; and/or
- as may be requested or authorised by you.
We do not use your personal information for commercial or direct marketing purposes.
Depending on the circumstances, your personal information will be disclosed to the following persons and entities:
- relevant treating or referring practitioners to ensure appropriate care;
- next-of-kin (if it is necessary in the circumstances);
- your funder (such as your medical scheme upon its request, for example, to allocate benefits);
- your insurance company (upon your request);
- bodies performing peer review of our practitioners / clinical practice audits;
- our professional advisers as well as employees and service providers who assist us to provide the services and who perform functions related to the administration of the practice, subject to confidentiality agreements;
- debt collectors and credit bureaus, if your accounts are outstanding;
- public and private bodies (such as regulators), as may be required in terms of the law;
- law enforcement structures, including courts and tribunals;
- as required or permitted by law, including to comply with any legal obligation or to protect the rights, property or safety of our business, employees, patients, the public or others; and
- a purchaser of the practice, if applicable.
PROCESSING OF PERSONAL INFORMATION OF DATA SUBJECTS (Other than Patients)
There are various laws that permit the processing of your personal information such as labour laws and POPIA. We will only process, which includes collect, use, store or disclose, your personal information in accordance with the law or otherwise with your consent and will always strive to keep your information confidential, whether you supply it directly to us or whether it is collected lawfully from other sources.
We generally process the following personal information about you, as may be applicable in the circumstances, and retain it as part of our records:
- Health care practitioners and employees
- Name, identity number, date of birth, age, contact details, address, HPCSA number, position or role in the practice, nationality, gender, race, qualifications, specialisation and interests, curriculum vitae, references and photos;
- Membership of the SASP® and HPCSA;
- Relevant medical and disability information;
- Signatures of official signatories of the practice and proof of residence, if required by the bank;
- Employment-related information;
- Bank details;
- Professional indemnity cover information; and
- Correspondence.
- Suppliers, Service Providers, Other Stakeholders in the Health Care Industry, including Public Bodies and Regulators
- Organisation name and contact details;
- Names, titles and contact details of relevant persons and officers;
- Black-Economic Empowerment (BEE) status of suppliers, if applicable
- Agreements and related information;
- Invoices;
- Official documentation, including newsletters and statements; and
- Engagement-related information and correspondence.
Other personal information may be collected and processed, as may be necessary and applicable in the circumstances.
PURPOSE OF PROCESSING OF PERSONAL INFORMATION OF DATA SUBJECTS (Other than Patients)
We generally process personal information for one or more of the following purposes:
- to conduct and manage the practice in accordance with the law, including the administration of the practice and claiming and collecting payment for services rendered;
- for communication purposes;
- for the maintenance of practice records;
- for employment and related matters of employees and other practitioners;
- for reporting to persons and bodies as required and authorised in terms of the law or by you;
- for historical, statistical and research purposes;
- for proof;
- for enforcement of the practice’s rights; and/or
- for any other lawful purpose related to the activities of a private physiotherapy practice.
We do not use your personal information for commercial or direct marketing purposes.
DISCLOSURE OF PERSONAL INFORMATION OF DATA SUBJECTS (Other than Patients)
Relevant personal information of data subjects (other than patients) will be shared, as may be necessary in the circumstances, with our professional advisers, relevant employees (on a need-to-know basis), our auditors / accountants, regulators, relevant public and private bodies, law enforcement structures, a purchaser of the practice, if applicable, and patients if the need arises (e.g. details of another practitioner to whom the practice wishes to refer the patient). The information will only be shared as permitted in terms of the law or as otherwise agreed to with such a person.
LINKS TO SOCIAL NETWORKING SERVICES
We use social networking services such as WhatsApp, LinkedIn and Facebook to communicate with the public about our services. When you communicate with us through these services, the relevant social networking service may collect your personal information for its own purposes. These services have their own privacy policies, which are independent of this Privacy Statement.
CONSENT
If you provide consent to us to process your personal information, you may withdraw your consent at any time. This does not affect the processing of personal information that has already occurred. If you withdraw your consent, your personal information will only be processed as provided for in the law, and, if the circumstances make it reasonable and lawful for us to do so, we may terminate our relationship with you.
OBJECTION TO PROCESSING
In certain instances, you may object to the processing of your personal information, if it is reasonable to do so, unless we may do so in terms of the law. This must occur on the form prescribed by POPIA. This does not affect personal information already processed. If you object and we agree with your objection, your personal information will only be processed as provided for in the law. If you exercise this right and, if the circumstances make it reasonable and lawful for us to do so, we may terminate our relationship with you.
RECORD-KEEPING
We maintain records of your personal information for as long as it is necessary for lawful purposes in accordance with the law, including to fulfil your requests, provide services to you, comply with legal obligations, resolve disputes, enforce agreements and as proof. These records may be held in electronic format. We may also retain your personal information for historical, statistical and research purposes, subject to the provisions of the law.
SENDING INFORMATION ACROSS THE BORDERS OF THE REPUBLIC OF SOUTH AFRICA
We process and store your information in records within the Republic South Africa, including in ‘clouds’, which comply legal requirements to ensure the protection of your privacy. If we must provide your personal information to any third party in another country (for example, if a patient relocates to a foreign country and requires a physiotherapy referral letter containing the patient’s medical information to be transferred to another health practitioner – third party - in that country) we will obtain your prior consent unless such information may be lawfully provided to that third party.
SECURITY OF YOUR PERSONAL INFORMATION
We are committed to ensuring the security of your personal information in order to protect it from unauthorised processing and access as well as loss, damage or unauthorised destruction. There are also inherent risks in the electronic transfer and storage of personal information. We have implemented and continually review and update our information protection measures to ensure the security, integrity, and confidentiality of your information in accordance with industry best practices. These measures include the physical securing of the offices where information is held, password control to access certain electronic records, which passwords are regularly changed, off-site data back-ups and stringent policies in respect of electronic record storage and dissemination. In addition, only those employees and service providers that require access to your information to discharge their functions and to render services to us are granted access to your information and only if they have concluded agreements with or provided undertakings regarding the implementation of appropriate security measures, maintaining confidentiality and processing the information only for the agreed purposes.
SECURITY BREACHES
We will inform you and the Information Regulator, if any person has unlawfully obtained access to your personal information, subject to the provisions of the law.
RIGHT TO ACCESS YOUR PERSONAL INFORMATION
You have the right to have access to your personal information subject to restrictions imposed in legislation. You may request access to your information in our possession or under our control and information of third parties to whom we supplied that information. If you wish to exercise this right, please complete and submit the prescribed form to the Information Officer. Costs may be applicable to such request. The relevant form and costs can be obtained from the Information Officer. You may also consult our PAIA Manual.
ACCURACY OF YOUR PERSONAL INFORMATION
It is important that we always have accurate information about you on record as it could impact on communication with you and your health, if applicable. You must therefore inform us as soon as any of your personal information has changed. You may also request that we correct or delete any information (e.g. acquiring a new married surname or new medical aid number). Such a request can be made verbally with our administrative staff, or must be made in writing on the prescribed form to the Information Officer and must provide sufficient detail to identify the information and the correction or deletion required. Information will only be corrected or deleted, if we agree that the information is incorrect or should be deleted. It may not be possible to delete all of the information if there is a legal basis to retain the information. However, please contact the Information Officer to discuss how we can assist you with your request. If we correct any information and the corrected information will impact on any decision made or to be made about you, we will send the corrected information to persons to whom the information has been disclosed in the past if they should be aware of the changed information.
MARKETING OF PRODUCTS AND SERVICES
If you have provided consent, we may occasionally inform you, electronically or otherwise, about supplementary products and services offered by us that may be useful or beneficial to you. You may at any time withdraw your consent and opt out from receiving such information.
CHANGES TO THIS PRIVACY STATEMENT
We reserve the right in our sole and absolute discretion, to revise or supplement this Privacy Statement from time to time to reflect, amongst others, any changes in our business or the law. We will publish the updated Privacy Statement on our website at http://www/physioatmerryn.co.za It will also be available at the practice reception. Any revised version of the Statement will be effective as of the date of posting on the website, so you should always refer back to the website for the latest version of the Statement. It is your responsibility to make sure you are satisfied with any changes before continuing to use our services. If we make a material change to this Statement, you will be notified with a notice on the website and in the practice that our privacy practices have changed and you will obtain a link / access to the new Statement. In the event that we make a material change to how we use your personal information, we will provide you with an opportunity to opt out of such new or different use. If you have any questions concerning this Statement, please contact our Information Officer.
CONCERNS AND COMPLAINTS ABOUT THE PROCESSING OF YOUR PERSONAL INFORMATION
All enquiries, requests or concerns regarding this Statement or relating to the processing of your personal information should be addressed to the Information Officer. If you believe that we process your personal information contrary to this Privacy Statement or in contravention of the law, please contact the Information Officer immediately. You may also lodge a complaint with the Information Regulator at complaints.IR@justice.gov.za/+27(0)10 023 5207 /+27 (0)82 746 4173.
LAWS APPLICABLE TO THIS PRIVACY STATEMENT
This Privacy Statement is governed by the laws of the Republic of South Africa.