Privacy Policy

1. INTRODUCTION

NRC Group acknowledges the rights of privacy and dignity of all persons. This includes the right to protection of private information. In compiling this policy the statutory framework contained in the laws of South Africa was given due consideration. See references for further detail. The inherent right to privacy is protected in the Constitution of the Republic of South Africa and various other pieces of legislation applicable to Healthcare. See Legal Framework in this policy. Our Privacy Policy governs the way we, at National Renal Care Group, treat your personal information. We respect your privacy and treat your personal information as confidential. Our Privacy Policy explains how we use, collect and share your personal information. All patient information will be protected from unauthorised access, loss or damage and respected as confidential by all staff members, contractors, volunteers or learners.

2. WHAT IS PERSONAL INFORMATION?

2.1 Personal information means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to-

1. information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
2. information relating to the education or the medical, financial, criminal or employment history of the person;
3. any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier, user image (digital platforms) or other particular assignment to the person;
4. the biometric information of the person;
5. the personal opinions, views or preferences of the person;
6. correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
7. the views or opinions of another individual about the person; and
8. the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.

2.2 Personal information will be collected from you directly. This is done during the admission at a Chronic Renal Clinic and / or stay in hospital process and / or voluntary participation in digital platforms.

2.3 Where the law requires that information regarding certain diseases be notified to the authorities, National Renal Care Group will do so without delay.

2.4 We may also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal information, but is not considered personal information in law as this information does not, directly or indirectly, reveal your identity.

3. PROCESSING OF PERSONAL DATA EXAMPLES

The following principles will be adhered to and considered with when dealing with patient rights.

3.1 It is important to recognise for each process or decision that the following is considered before release of information.

1. Does it justify the purpose?
2. Is the minimum patient identifiable detail disclosed?
3. Access to information is on a strict to know basis only?
4. Everyone involved with patient information understands his/her responsibilities in this regard.
5. Compliance to the law is a priority?
6. If you answer no to any of these questions, it is recommended that you consider your decision.

3.2 Right to refuse or permit the sharing of information

1. National Renal Care Group abides by the requirements of the National Health Act 61 of 2003 as well as the Patient Rights Charter; both of which grants a patient full participation in his/her health care management.
2. National Renal Care Group does not use data for marketing purposes – however, to ensure continuous improving of the care and service offering, patients may be asked to complete service experience questionnaires.
3. Providing of Patient Names to clergy may only be done with the explicit written consent of the patient and in line with the National Renal Care Group Patient Terms and Conditions.

3.3 Sharing with Managed Care and Third parties

1. In accordance with medical aid membership a Renal Care Service Provider/health care worker is obliged to share full medical information, ICD-10 treatment and diagnostic codes with the medical aid the member belongs to.
2. Without this, there may be a dispute regarding payment, in which case the Patient will be liable for the full amount.

3.4 Privacy within the unit

1. Patient records will be archived by the Renal Care Clinic as defined in the terms and conditions of the Patient Terms and Conditions document. Records remain active whilst patient received treatment in the Renal Care Clinic. On discharge the record becomes inactive, and shall only be made available in terms of the stipulations of the Promotion to Access of Information Act 2 of 2000.
2. It is important that the environment within the Clinic gives due consideration to privacy of patients i.e. tone of voice, closure of curtains, records out of reach of general public during visiting hours, not discussing patients in corridors or public places.

3.5 National Renal Care Group premises may have CCTV cameras in place that will record movement on premises. Except for this, filming and video of patients is strictly prohibited and subject to informed written consent.

3.6 Clinical research and trials are completed in accordance with legislative requirements as set out in the National Health Act 61 of 2003 and subject to Ethics approval for all retrospective studies. All research participants shall be required to submit written consent.

4. DUTIES AND RIGHTS ABOUT PERSONAL INFORMATION

4.1 On admission, proof of identity will be required from all patients.

4.2 On admission, proof of medical aid membership will be required from all patients who are members of medical aids.

4.3 Patient Terms and Conditions will be required to be signed BEFORE commencement of treatment, to ensure relevant consent has been provided ito POPIA.

4.4 All existing personal information of patients need to be updated with every subsequent visit to the Renal Care Clinic.

5. RETENTION OF PERSONAL INFORMATION

All patient information shall be archived as per regulatory requirements.

6. SECURING YOUR PERSONAL INFORMATION

National Renal Care Group shall ensure that the appropriate measures are taken to safeguard personal information of other persons; which steps will include physical, technological and procedural safeguards which restrict access to systems, as well as all steps to ensure the safe archiving of records. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so. National Renal Care Group will not be held liable under any circumstances if such information is compromised or disclosed through conduct outside the control of National Renal Care Group such as hacking, “Trojan Horses”, or infection by “viruses” or software that are intended to damage and detrimentally interfere with our operations.

7. OUR COOKIE POLICY

A cookie is a small piece of data sent from our website to your computer or device or internet browser where it is saved. The cookie contains information to personalise your experience on our website and applications. The cookie has the ability to identify your device, computer or smart phone. By using our website and applications you agree that cookies may be forwarded from the relevant website or application to your computer or device. We may use the cookie to enable us to know you visited our website. You have the right to choose whether or not to accept cookies. However, please note that if you do not accept our cookies, you may not be able to use the full functionality of our website or mobile applications.

8. CHANGES TO THIS PRIVACY POLICY

Our Privacy policy and procedures are regularly reviewed and updated on our website. This document was updated in October 2022.

9. REQUEST FOR ASSISTANCE REGARDING PRIVACY RIGHTS

9.1 A data subject who wishes to object to the processing of personal information in terms of section 11(3)(a) of the Act, must submit the objection to National Renal Care Group (Form 1). National Renal Care Group will, through its Information Officer(s) provide such reasonable assistance as is necessary, free of charge, to enable the data subject to make an objection on Form 1.

9.2 Request for correction or deletion of personal information or destruction or deletion of record of personal information must submit a request to National Renal Care Group on Form 2. The information Officer(s) will provide reasonable assistance free of charge.

10. LEGAL FRAMEWORK

10.1 The Constitution South Africa Act No 108 of 1996 (s14) deals pertinently with the right to privacy and confidentiality.

10.2 The Children’s Act No 38 of 2005 (13) states that each child has the right to confidentiality regarding his health status except when maintaining such confidentiality is not in the best interest of the child.

10.3 The Choice of Termination of Pregnancy Act No 92 of 1996 (7) provides that the identity of a woman who obtained a termination of pregnancy shall remain confidential at all times.

10.4 The Electronic Communications and Transactions Act No 25 of 2002 applies in respect of electronic transactions or data messages and state that data controller should have the express written permission of the data subject for the processing, collecting, collation or disclosure of information of a person.

10.5 The Medical Schemes Act No 131 of 1998 (57) deals with the business of a medical scheme and the duties of the Board of Trustees to ensure all reasonable steps are taken to protect the information of members.

10.6 The Mental Health Care Act No 17 of 2002 (8) states that a person’s human dignity and privacy must be respected.

10.7 The National Health Act No 61 of 2003 (14) stipulates that the information is confidential and may not be disclosed if not consented to.

10.8 The Nursing Act No 33 of 2005, regulations deal dealing with acts of omission specifies that information obtained concerning a patient in the course of professional activities may not be disclosed without consent.

10.9 The Pharmacy Act no 53 of 1974, rules relating to good pharmacy practice deals extensively with disclosure of information obtained in the course of professional activities without express consent will constitute unethical or unprofessional conduct.

10.10 The Promotion of Access to Information Act No 2 of 2000 deals with rights of access to information and clearly state that personal information may not be disclosed to third-party unless the party has given permission for disclosure of information.

10.11 The Protection of Personal Information Act No 4 of 2013 provides clear guidance on the protection rights of personal information

11. REFERENCES

11.1 The Constitution of the Republic of South Africa No 108 of 1996 as amended. South Africa.

11.2 Confidentiality NHS Code of Practice. November 2003. Department of Health NHS. Obtained from http://www.connectingforhealth.nhs.uk on 27 May 2013.

11.3 The Patient Rights Charter. Department of Health. Obtained from http://www.doh.gov.za/docs/legislation/patientsright/chartere.html on 20 May 2013.

11.4 National Health Act No 61 of 2003.

11.5 The Children’s Act No 38 of 2005.

11.6 The Choice of Termination of Pregnancy Act No 92 of 1996.

11.7 The Electronic Communications and Transactions Act No 25 of 2002. South Africa.

11.8 The Medical Schemes Act No 131 of 1998. South Africa.

11.9 The Mental Health Care Act No 17 of 2002. South Africa.

11.10 The Nursing Act No 33 of 2005 and it regulations.

11.11 The Pharmacy Act no 53 of 1974and its regulations.

11.12 The Promotion of Access to Information Act No 2 of 2000. South Africa.

11.13 The Protection of Personal Information Act No 4 of 2013.

11.14 Core Standards, Department of Health 2013