Popia Manual



This POPIA (Protection of Personal Information Act) manual is designed specifically for Eyangakithi Medicals, outlining our commitment to the protection of personal information and compliance with the POPIA of 2013. It details the policies, procedures, and practices we implement to safeguard personal data collected from our patients, staff, and other stakeholders.

1. Introduction to POPIA

The POPIA aims to promote the right to privacy in South Africa while ensuring the lawful processing of personal information. Eyangakithi Medicals recognizes the importance of protecting personal data and has established this manual to guide our practices in compliance with the Act.

2. Data Protection Principles

Eyangakithi Medicals adheres to the following data protection principles:

2.1 Lawfulness, Fairness, and Transparency

• Lawfulness: Personal information is processed only when there is a legal basis, such as consent, contractual necessity, or compliance with legal obligations.
• Fairness: Processing is conducted in a manner that respects the rights of individuals.
• Transparency: We provide clear information about how personal information is collected, used, and shared.

2.2 Purpose Limitation

• Personal information is collected for specific, legitimate purposes related to medical care and is not processed in a manner incompatible with those purposes.

2.3 Data Minimization

• We collect only the personal information necessary for the purposes identified, ensuring that we do not hold excessive data.

2.4 Accuracy

• We take steps to ensure that personal information is accurate, complete, and kept up to date. Patients are encouraged to inform us of any changes to their information.

2.5 Storage Limitation

• Personal information is retained only as long as necessary for the purposes for which it was collected or as required by law.

2.6 Integrity and Confidentiality

• We implement appropriate security measures to protect personal information from unauthorized access, loss, destruction, or damage.

3. Collection of Personal Information

Eyangakithi Medicals collects personal information through various means, including:

• Direct Interactions: Information provided by patients during consultations, registration forms, and health assessments.
• Online Platforms: Data collected from our website or patient portals, including appointment bookings and inquiries.
• Third-Party Sources: Information obtained from other healthcare providers, insurers, or medical aid schemes with patient consent.

3.1 Types of Personal Information Collected

• Identification Information: Full name, date of birth, gender, ID number.
• Contact Information: Home address, phone number, email address.
• Medical History: Previous illnesses, surgeries, allergies, family medical history.
• Treatment Information: Current medications, treatment plans, diagnostic results.
• Financial Information: Billing details, insurance information, payment history.

4. Use of Personal Information

Eyangakithi Medicals utilizes personal information for the following purposes:

• Provision of Medical Services: To assess, diagnose, and treat patients effectively.
• Communication: To provide updates regarding appointments, test results, and treatment plans.
• Billing and Payment Processing: To facilitate invoicing and payment collection from patients and insurers.
• Compliance: To meet legal and regulatory obligations, including reporting to health authorities.
• Quality Improvement: To conduct audits and reviews to enhance service delivery and patient care.

5. Protection of Personal Information

Eyangakithi Medicals employs a variety of security measures to protect personal information, including:

5.1 Technical Measures

• Encryption: Sensitive data is encrypted during transmission and storage to prevent unauthorized access.
• Access Controls: Strict access permissions are enforced to ensure that only authorized personnel can access personal information.
• Firewalls and Antivirus Software: Advanced security software is used to protect our systems from cyber threats.

5.2 Organizational Measures

• Data Protection Training: Regular training sessions for staff on data protection policies and practices.
• Incident Response Plan: Established procedures for responding to data breaches, including notification protocols.

6. Patient Rights Under POPIA

Patients have specific rights regarding their personal information, which include:

6.1 Right of Access

• Patients may request access to their personal information held by Eyangakithi Medicals. Requests can be made in writing to the data protection officer.

6.2 Right to Rectification

• Patients have the right to request the correction of inaccurate or incomplete personal data.

6.3 Right to Erasure

• Under certain conditions, patients may request the deletion of their personal information, particularly if it is no longer necessary for the purposes for which it was collected.

6.4 Right to Restrict Processing

• Patients can request a restriction on the processing of their personal information in specific circumstances, such as contesting its accuracy.

6.5 Right to Data Portability

• Patients have the right to receive their personal information in a structured, commonly used, and machine-readable format, and to transmit it to another data controller.

6.6 Right to Object

• Patients can object to the processing of their personal information for direct marketing purposes or based on legitimate interests.

7. Retention of Personal Information

Eyangakithi Medicals retains personal information for the duration necessary to fulfill the purposes for which it was collected, as well as to comply with legal, regulatory, and insurance requirements. Our data retention policy specifies:

• Medical Records: Retained for a minimum of 10 years after the last treatment date, or as required by law.
• Financial Records: Retained for a minimum of 5 years for auditing and tax purposes.

8. Sharing of Personal Information

Eyangakithi Medicals may share personal information with third parties under the following circumstances:

• Healthcare Providers: Sharing information with other medical professionals involved in a patient’s care, such as specialists or laboratories.
• Insurance Companies: Providing necessary information to insurers for billing and claims processing.
• Regulatory Authorities: Disclosing information as required by law or regulation, including public health reporting.
• Service Providers: Engaging third-party service providers (e.g., IT support, billing services) who are contractually obligated to protect personal information.

9. Complaints and Queries

Patients who have concerns about the processing of their personal information can contact our Data Protection Officer (DPO) at:

• Email: dpo@eyangakithimedicals.com
• Phone: [Insert Phone Number]
• Address: [Insert Physical Address]

We will investigate all complaints and respond promptly, typically within 30 days.

10. Review and Update of the POPIA Manual

This POPIA manual is subject to regular review and updates to ensure ongoing compliance with the law and best practices. Any changes will be communicated to patients and staff through appropriate channels, including notices in our practice and updates on our website.

Eyangakithi Medicals is committed to protecting personal information and maintaining the trust of our patients. By adhering to the principles of POPIA, we strive to provide quality medical care while safeguarding personal data. For any further inquiries regarding our POPIA practices, please do not hesitate to reach out to us.