PoPI in the Healthcare Industry

 

This is a true story.

PoPI and the Medical Industry - capsulesMike Michaels* needed to lose weight and the process was frustrating. He requested his doctor to prescribe a drug called Glucophage, to see if it would speed up the weight loss process. While the drug is usually prescribed for diabetics, research has shown promise for its used as a weight loss supplement.  After a trial period Mike, however, discontinued the treatment as it proved to be ineffective in his case.

The story does, however, not end there.

Completely unrelated to the weight loss experiment, he contacted his insurance company to arrange for an increase in personal insurance coverage. The insurer came back with a request that he be tested for diabetes before the policy would be approved. Confused, Mike wanted to know why. The insurer informed him that they have records that he had been prescribed glucosamine by Dr X, and that the prescription had been filled on the 28th of October at XYZ pharmacy and that Mike had paid cash for it. Based on that they were concerned that there might be the risk of diabetes since the drug is usually prescribed to diabetics.

Where did the insurance company get this information from? But more importantly, who gave permission that it be shared? Mike Michaels was very sure that he had never given permission that his personal, sensitive information be shared across industries.

This is not a unique incidence.

(*alias used to protect privacy)

PoPI and the Health Industry - clip board

 

 

The Healthcare Industry arguably processes the most, and the most sensitive, personal information amongst all of the industries.

Every year millions of patient health data records are processed in the Healthcare Industry in South Africa.

The question is this:

have patients provided informed consent for the information that are being processed by all the role-players in the health data record eco-system? And furthermore, do healthcare providers know and understand what happens to the confidential data of their patients once it has been submitted for payment?

Guarding patient confidentiality is nothing new to the healthcare profession, yet these processes aren’t sufficient anymore when it comes to the Protection of Personal Information Act. In fact, there are significant shortcomings.

PoPI and Patient Health Data Privacy


Download this

FREE report

to see how the current patient health data processes fair when compared to the requirements of the PoPI Act

 

PoPI & Patient Health Data Privacy: Do Healthcare Providers Fully Understand Their Obligations and Risks?

 

Download PoPI and Patient Health Data

 

South Africa has been lagging globally when it comes to the protection of personal information, but there is also benefit in that.

We can learn from others.

That is exactly what we’ve found in the Philippines, where we’ve participated in and observed the process of developing their National Privacy Legislation for the past few years. Their winning formula is the fostering of open dialogue and taking note of where the world has moved to.

We bring that learning to everything that we do in the health industry.

 

“Privacy by design advances the view that Data Privacy cannot be assured solely by compliance with regulatory frameworks. Privacy assurance must be an organisation’s default mode of operation. Its initiatives must be proactive, not reactive, preventative, and not remedial. It should be considered even before a breach.”

Dr Boying Lallana, of the National Privacy Commission of the Philippines, December 2016

 

LinkedInJoin our LinkedIn Group "PoPI in Healthcare"

for the latest discussions around privacy, the implementation of PoPI and what we can learn from around the world

 

 

As featured on 

 

e-Health news

 ITWeb

 

 

PoPI in the Medical Industry - nurses and doctors

 

 

How far does the average health care practice fall short of the requirements of the PoPI Act?

 

That depends.

Based on our work with a number of clients, the most common issues were found to revolve around:

• Staff practices •

• Contracts •

• Third Party Suppliers •

• Internal systems •

• Patient consent •

Each of these areas constitutes a notable risk when it comes to compliance with the PoPI Act. The complexity of structures and affiliations further increase these risks.

 

 

 

What you need to do

 

A few basic steps will get you on the road to privacy compliance.

 

  1. Understand the requirements of the PoPI Act and how it applies to your situation.
  1. Determine how far you fall short.
  1. Implement remedial actions to narrow the gap, making sure you keep records of all processes as required by the PoPI Act.

 

Interpreting the PoPI Act - given your particular situation - is key to the process since this law is Principle-based, which differs substantially from the usual Rule-based regulation.

Learn more about this here.

 

 

PoPI and the Medical Industry - check list

 

 

Why not invite us to come and do an “Introduction to PoPI” presentation to your team

at your next management meeting?

Drop us a line to talk about PoPI in the Medical Industry

 

 

 

 

MediPoPI

How we can help

 

We bring Insider Knowledge from both the legislative and the Health Care Practice sides to facilitate and simplify the implementation of compliance projects in the Health Care Industry.

Because we understand the time constraints that practitioners work under, we’ve created packages to streamline

  • what needs to be done,
  • how to do it, and
  • what it needs to look like 

Our MediPoPI suite of products is custom-built, with a range of packages to accommodate differing complexities.

 

 

The place to start

 

Understanding where you are right now determines how far you need to go.

PoPI and the Medical IndustryWhat is your Protection of Personal Information Rating?

 

Do you currently have an AAA rating, or are you closer to a Junk Status?

Our proprietary rating system provides a clear assessment of your current situation, from where you can make informed decisions about how to proceed.

This rating isn’t just an internal compliance barometer. It can also form a key component of your patient relationship management strategy ensuring patients of your commitment to the protection of their privacy.

 

R12,750 for the initial rating

R2,500 per subsequent annual review

 

 

Want to know more about the rating system? We’ll be happy to set up a call to talk you through it.

Get in touch about PoPI and the Medical Industry

 

 

Once you are clear on the task ahead, choose one of our custom packages.

 

PoPI for Medical Practitioners

 

MediPoPI for 

Healthcare Practioners

 

  • How to guides
  • Templates
  • Examples
  • References
  • Case Studies
  • Do It Yourself style

R15,000 (excl. VAT)

 

 

PoPI for Pathologists

 

MediPoPI for 

Pathologists

 

  • How to guides
  • Templates
  • Examples
  • References
  • Case Studies
  • Personal hands-on guidance

R15,000 (excl. VAT) + fees

 

 

PoPI for Radiologists

 

MediPoPI for 

Radiologists

 

  • How to guides
  • Templates
  • Examples
  • References
  • Case Studies
  • Personal hands-on guidance

R15,000 (excl. VAT) + fees

 

 

PoPI for Hospitals

 

MediPoPI for 

Hospitals

 

  • How to guides
  • Templates
  • Examples
  • References
  • Case Studies
  • Hands-on guidance

R1,565/bed (excl. VAT)

PoPI and Clinics

 

MediPoPI for 

Clinics

 

  • How to guides
  • Templates
  • Examples
  • References
  • Case Studies
  • Personal hands-on guidance

R14,500/employed health professional (excl. VAT) + fees

PoPI for Third Party Providers

 

MediPoPI for 

Third Party Providers
 

  • How to guides
  • Templates
  • Examples
  • References
  • Case Studies
  • Personal hands-on guidance

Hourly Rates

 

 

Let's chat about MediPoPI

Let's set up a call to talk about your particular situation

 

 

Do not underestimate the PoPI Act and its requirements

 Loss of patient trust due to health data breaches

 is a very high price to pay.

 

Let's Chat about PoPI in the Medical Industry