Privacy Statement of Bhakti Lala Physiotherapist
|Initial approval date||28/06/2021|
|Date of last review||28/06/2021|
Please read this Privacy Statement carefully to understand how your personal information will be handled by Bhakti Lala Physiotherapist (“the practice”).
Every term of this Statement is material. If you do not agree with the processing of your personal information as set out in this Statement, we may in our sole discretion decide whether to provide or continue with the provision of physiotherapy services to you, unless we have a legal obligation to do so, or to otherwise engage with you.
This is a private physiotherapy practice, which provides physiotherapy services to patients. The practice is subject to various laws protecting the privacy and confidentiality of data subjects (e.g. the Health Professions Act and the National Health Act), including patients, as well as the ethical rules and policies of the Health Professions Council of South Africa (HPCSA).
The practice’s contact details are as follows:
- Address: Suite 2, Sunninghill Village Shopping Centre, 97 Edison Crescent c/o Maxwell Drive, Sunninghill
- E-mail: email@example.com
- Telephone: 083 7735 228
The contact details of the practice’s Information Officer are as follows:
- Name: Bhakti Lala
- E-mail: firstname.lastname@example.org
- Telephone: 083 7735 228
- “Personal information” refers to information relating to identifiable, living, natural persons as well as identifiable, existing juristic persons, and includes, but is not limited to –
- information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
- information relating to the education or the medical, financial, criminal or employment history of the person;
- any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
- the biometric information of the person;
- the personal opinions, views or preferences of the person;
- correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
- the views or opinions of another individual about the person; and
- the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person,
and “information” has a similar meaning unless the context requires otherwise.
- “Processing” refers to any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including –
- the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
- dissemination by means of transmission, distribution or making available in any other form; or
- merging, linking, as well as restriction, degradation, erasure or destruction of information.
- “POPIA” means the Protection of Personal Information Act (Act 4 of 2013) and Regulations made in terms thereof.
- “We” / “us” refers to the practice and the practice owners / partners / directors.
- “You” / “your” refers to the data subject (i.e. the person or entity) whose personal information is in the possession of or under the control of or processed by the practice.
This Privacy Statement applies to personal information that we have in our possession or under our control, and information that we collect or receive from or about you (for example, when you obtain physiotherapy services at the practice and/or submit information via the practice’s website). It stipulates, amongst others, how we collect your personal information, the type of information collected, why that information is collected, the circumstances under which that information will be shared with others, the security measures that we have implemented to protect your personal information and your right to obtain access to and correct the information in our possession or under our control.
We understand that your personal information is important to you and that you may be anxious about disclosing it. Your privacy and the security of your information are just as important to us and we therefore want to make sure you understand how your information will be processed. We acknowledge that we are required by law to keep your personal information confidential and secure. We are committed to conducting our practice in accordance with the law in order to ensure that the confidentiality of your personal information is protected and maintained. We take this commitment to look after your personal information seriously. We have implemented a number of processes to make sure that your personal information is used in the right way.
We apply the following principles in order to protect your privacy:
- No more personal information about you than what is necessary is collected;
- Your personal information is only used for the purposes specified in this Privacy Statement, unless you are advised otherwise;
- Your personal information is not kept by us if it is no longer needed; and
- Other than as specified in this Privacy Statement or otherwise agreed with you, we do not share your personal information with third parties.
You must make sure that if you provide personal information about any individual or entity to us, you may lawfully do so (e.g. with their consent). We will accept that you are acting lawfully. You should make sure that they are familiar with this Privacy Statement and understand how we will use and disclose their information.
We obtain personal information directly from you when you become a patient or an employee, when you log onto our website or when you provide information to us. Information may also be collected from other sources, depending on the circumstances, such as your next-of-kin, another health care practitioner involved in your care, the hospital / facility admission form, a credit bureau, a public record or when you make information publicly available. The information that we request from you is necessary to provide you with physiotherapy services or to manage the employment or other relationship. Information is generally collected for the purposes as set out below.
There are various laws that permit the processing of your personal information such as the National Health Act, the Health Professions Act and POPIA. We will only process, which includes collect, use, store or disclose, your personal information in accordance with the law or otherwise with your consent and will always strive to keep your information confidential, whether you supply it directly to us or whether it is collected lawfully from other sources.
We generally collect and process the following personal information about patients and retain it as part of our records:
- Name, identity number, date of birth, age, contact details, address and gender;
- Name and contact details of next-of-kin;
- Health status and disability;
- Funder (e.g. medical scheme) information;
- Physiotherapy services provided;
- Reports from special investigations such as radiology reports and pathology results;
- Account and payment details; and
- Patient documentation, including consent forms, invoices, photos, videos and correspondence. When you become a patient of the practice, we will use your personal information as follows:
- to provide you with appropriate care;
- to communicate with you in respect of your care, including reminding you of appointments and collecting payments for services rendered;
- for administrative purposes, including preparing invoices and collecting payment for services rendered;
- to refer you to other practitioners;
- to report to referring practitioners;
- for participation in clinical trials;
- for historical, statistical and research purposes;
- as proof;
- for enforcement of the practice’s rights;
- for any other lawful purpose related to the activities of a private physiotherapy practice; and/or
- as may be requested or authorised by you.
We do not use your personal information for commercial purposes.
Depending on the circumstances, your personal information will be disclosed to the following persons and entities:
- relevant treating practitioners to ensure appropriate care;
- next-of-kin (if it is necessary in the circumstances);
- your funder (such as your medical scheme upon its request, for example, to allocate benefits);
- your insurance company (upon your request);
- bodies performing peer review of our practitioners / clinical practice audits;
- our professional advisers as well as employees and service providers who assist us to provide the services and who perform functions related to the administration of the practice, subject to confidentiality agreements;
- debt collectors and credit bureaus, if your accounts are outstanding;
- public and private bodies (such as regulators), as may be required in terms of the law;
- law enforcement structures, including courts and tribunals;
- as required or permitted by law, including to comply with any legal obligation or to protect the rights, property or safety of our business, employees, patients, the public or others; and
- a purchaser of the practice, if applicable.
There are various laws that permit the processing of your personal information such as labour laws and POPIA. We will only process, which includes collect, use, store or disclose, your personal information in accordance with the law or otherwise with your consent and will always strive to keep your information confidential, whether you supply it directly to us or whether it is collected lawfully from other sources.
We generally process the following personal information about you, as may be applicable in the circumstances, and retain it as part of our records:
Health care practitioners and employees
- Name, identity number, date of birth, age, contact details, address, HPCSA number, position or role in the practice, nationality, gender, race, qualifications, specialisation and interests, curriculum vitae, references and photos;
- Membership of the SASP®;
- Relevant medical and disability information;
- Signatures of official signatories of the practice and proof of residence, if required by the bank;
- Employment-related information;
- Bank details;
- Professional indemnity cover information; and
Suppliers, Service Providers, Other Stakeholders in the Health Care Industry, including Public Bodies and Regulators
- Organisation name and contact details;
- Names, titles and contact details of relevant persons and officers;
- Black-Economic Empowerment (BEE) status of suppliers;
- Agreements and related information;
- Official documentation, including newsletters and statements; and
- Engagement-related information and correspondence.
Other personal information may be collected and processed, as may be necessary and applicable in the circumstances.
We generally process personal information for one or more of the following purposes:
- to conduct and manage the practice in accordance with the law, including the administration of the practice and claiming and collecting payment for services rendered;
- for communication purposes;
- for the maintenance of practice records;
- for employment and related matters of employees and other practitioners;
- for reporting to persons and bodies as required and authorised in terms of the law or by you;
- for historical, statistical and research purposes;
- for proof;
- for enforcement of the practice’s rights; and/or
- for any other lawful purpose related to the activities of a private physiotherapy
We do not use your personal information for commercial purposes.
Relevant personal information of data subjects (other than patients) will be shared, as may be necessary in the circumstances, with our professional advisers, relevant employees (on a need-to-know basis), our auditors / accountants, regulators, relevant public and private bodies, law enforcement structures, a purchaser of the practice, if applicable. The information will only be shared as permitted in terms of the law or as otherwise agreed to with such a person.
We use social networking services such as WhatsApp, LinkedIn, Twitter and Facebook to communicate with the public about our services. When you communicate with us through these services, the relevant social networking service may collect your personal information for its own purposes. These services have their own privacy policies, which are independent of this Privacy Statement.
If you provide consent to us to process your personal information, you may withdraw your consent at any time. This does not affect the processing of personal information that has already occurred. If you withdraw your consent, your personal information will only be processed as provided for in the law, and, if the circumstances make it reasonable and lawful for us to do so, we may terminate our relationship with you.
In certain instances, you may object to the processing of your personal information, if it is reasonable to do so, unless we may do so in terms of the law. This must occur on the form prescribed by POPIA. This does not affect personal information already processed. If you object and we agree with your objection, your personal information will only be processed as provided for in the law. If you exercise this right and, if the circumstances make it reasonable and lawful for us to do so, we may terminate our relationship with you.
We maintain records of your personal information for as long as it is necessary for lawful purposes in accordance with the law, including to fulfil your requests, provide services to you, comply with legal obligations, resolve disputes, enforce agreements and as proof. These records may be held in electronic format. We may also retain your personal information for historical, statistical and research purposes, subject to the provisions of the law.
We process and store your information in records within the Republic South Africa, including in ‘clouds’, which comply legal requirements to ensure the protection of your privacy. If we must provide your personal information to any third party in another country, we will obtain your prior consent unless such information may be lawfully provided to that third party.
We are committed to ensuring the security of your personal information in order to protect it from unauthorised processing and access as well as loss, damage or unauthorised destruction. There are also inherent risks in the electronic transfer and storage of personal information. We have implemented and continually review and update our information protection measures to ensure the security, integrity, and confidentiality of your information in accordance with industry best practices. These measures include the physical securing of the offices where information is held, the locking of cabinets with physical records, password control to access electronic records, which passwords are regularly changed, off-site data back-ups and stringent policies in respect of electronic record storage and dissemination. In addition, only those employees and service providers that require access to your information to discharge their functions and to render services to us are granted access to your information and only if they have concluded agreements with or provided undertakings regarding the implementation of appropriate security measures, maintaining confidentiality and processing the information only for the agreed purposes.
We will inform you and the Information Regulator, if any person has unlawfully obtained access to your personal information, subject to the provisions of the law.
You have the right to have access to your personal information subject to restrictions imposed in legislation. You may request access to your information in our possession or under our control and information of third parties to whom we supplied that information. If you wish to exercise this right, please complete and submit the prescribed form to the Information Officer. Costs may be applicable to such request. The relevant form and costs can be obtained from the Information Officer. You may also consult our PAIA Manual.
It is important that we always have accurate information about you on record as it could impact on communication with you and your health, if applicable. You must therefore inform us as soon as any of your information has changed. You may also request that we correct or delete any information. Such a request must be made in writing on the prescribed form to the Information Officer and must provide sufficient detail to identify the information and the correction or deletion required. Information will only be corrected or deleted, if we agree that the information is incorrect or should be deleted. It may not be possible to delete all of the information if there is a legal basis to retain the information. However, please contact the Information Officer to discuss how we can assist you with your request. If we correct any information and the corrected information will impact on any decision made or to be made about you, we will send the corrected information to persons to whom the information has been disclosed in the past if they should be aware of the changed information.
If you have provided consent, we may occasionally inform you, electronically or otherwise, about supplementary products and services offered by us that may be useful or beneficial to you. You may at any time withdraw your consent and opt out from receiving such information.
We reserve the right in our sole and absolute discretion, to revise or supplement this Privacy Statement from time to time to reflect, amongst others, any changes in our business or the law. We will publish the updated Privacy Statement on our website at http://www.bodylogicphysio.co.za. It will also be available at the practice reception. Any revised version of the Statement will be effective as of the date of posting on the website, so you should always refer back to the website for the latest version of the Statement. It is your responsibility to make sure you are satisfied with any changes before continuing to use our services. If we make a material change to this Statement, you will be notified with a notice on the website and in the practice that our privacy practices have changed and you will obtain a link / access to the new Statement. In the event that we make a material change to how we use your personal information, we will provide you with an opportunity to opt out of such new or different use. If you have any questions concerning this Statement, please contact our Information Officer.
All enquiries, requests or concerns regarding this Statement or relating to the processing of your personal information should be addressed to the Information Officer.
If you believe that we process your personal information contrary to this Privacy Statement or in contravention of the law, please contact the Information Officer immediately. You may also lodge a complaint with the Information Regulator at complaints.IR@justice.gov.za / +27 (0)10 023 5207 / +27 (0)82 746 4173.
This Privacy Statement is governed by the laws of the Republic of South Africa.
© HealthCare Navigator CC 2020
This document or any part thereof may not be copied, sold, or distributed in any form without the written consent of Healthcare Navigator CC. The South African Society of Physiotherapy (SASP®) has permission to copy, distribute and use this document internally for its own operational purposes and to distribute it to its members. No further distribution may occur.