Contact

Confidentiality of medical records

Back to top

Confidentiality of medical records

5 Sep 2012 4 min read Article

Information about a person's health and health care is generally considered to be highly sensitive and personal, therefore deserving of the strongest protection under the law. This is according to Simone Gill, Director in the Technology, Media and Telecommunications (TMT) practice at Cliffe Dekker Hofmeyr business law firm.

Gill says that South African healthcare legislation and codes of conduct do account for this protection but that the Protection of Personal Information Bill, (PoPI Bill) will have a significant impact on data privacy, including in respect of personal healthcare information when it is promulgated.

“Non-compliance with the provisions of the  PoPI Bill could result in either a fine or imprisonment,” Gill notes.

 Mariska van Zweel, Associate in the TMT practice explains, “Even though the right to privacy is not absolute and may be disclosed under certain restrictive circumstances, personal health information contained in medical records is protected in South African healthcare legislation and the Constitution.

“The Health Professions Act (HPA), imposes guidelines and prescribes standards of competence on healthcare providers, including via the mandatory guidelines imposed by the Health Professions Council of South Africa (HPCSA) (a body established pursuant to the HPA) in terms of which medical practitioners may only disclose patient information with the express consent of a patient or when required:

  • in terms of statutory provisions;
  • at the instruction of a court or law; or
  • where justified in the public interest.

“The HPCSA also imposes guidelines relating to storage, confidentiality and protection of patient information. In addition, the National Health Act, No 61 of 2003 (Health Act) specifically protects the privacy and confidentiality of patient records (which includes information pertaining to a patient's health status, treatment or stay in a health establishment) and provides, in particular, that such information may only be disclosed if the patient consents to disclosure in writing, or a court order or law justifies such disclosure, or where non-disclosure of such information represents a serious threat to public health,” says van Zweel.

She says that the current draft of the PoPI Bill defines 'personal information' widely and specifically includes information relating to the 'medical history of a person'. In addition, special personal information' as contemplated in the current draft of the Bill includes information concerning a person's 'health'.

Gill explains that the PoPI Bill prohibits the processing of special personal information.

 “A limited number of exemptions do exist, including, without limitation, where the data subject has consented to the processing of health related information and, specifically with regard to special personal information concerning a person's health, the processing of personal information by certain prescribed data processors, including (without limitation) medical professionals, healthcare institutions or social services (if such information is required for the proper treatment and care of a person), insurance companies, medical aid schemes, medical aid scheme administrators and managed healthcare organisations, who may process health care information if it is necessary for assessing risk to be insured or covered by a medical aid scheme; the performance of an insurance or medical aid agreement or enforcement of any contractual rights and obligations.

“Such data processors/responsible parties will however need to follow and comply with the processing conditions imposed by the Bill, including concerning patient consent, security of information and data subjects' rights to have access to and request correction of personal information,” Gill explains.

Health care information may only be processed where the processing is subject to an obligation of confidentiality by virtue of office, employment, profession, legal provision or as may be established by a written agreement between the responsible party and the person to whom the health care information relates. Notice of any breach of the security resulting in unauthorised disclosure of health information will, in terms of the Bill, have to be reported to the data subject in accordance with the provisions of the Bill.

“Although the Bill is not yet promulgated, its core principles are unlikely to change significantly. Although the Bill does provide for a one year compliance period, participants in the healthcare industry will, if they have not already done so, need to revisit and consider their processes and procedures to ensure that they are able to comply with the Bill.

“It is essential for organisations to implement awareness campaigns to ensure that staff and managers have a good understanding of their obligations under the Bill and applicable laws. It is to be noted that non-compliance with the provisions of the Bill may result in a civil damages claim or criminal prosecution resulting in a fine or imprisonment,” Gill adds.

The information and material published on this website is provided for general purposes only and does not constitute legal advice. We make every effort to ensure that the content is updated regularly and to offer the most current and accurate information. Please consult one of our lawyers on any specific legal problem or matter. We accept no responsibility for any loss or damage, whether direct or consequential, which may arise from reliance on the information contained in these pages. Please refer to our full terms and conditions. Copyright © 2024 Cliffe Dekker Hofmeyr. All rights reserved. For permission to reproduce an article or publication, please contact us cliffedekkerhofmeyr@cdhlegal.com.

You might also be interested in

23 Apr 2024

by Leila Moosa

The right to disconnect from work-related communications

Leila Moosa, Senior Associate in our Employment Law practice joined Rofhiwa Madzena on eNCA to unpack the right to disconnect from work-related communications outside of working hours, in light of increasing international trends that recognise this right in varying degrees.

05:55 Minutes

28 Aug 2023

by Jean Ewang

Taking liberties: Unmasking of an employee’s sick leave trickery

In the recent judgment of SARS v Benneth Mathebula and Others (JR 2243/21) ZALCJHB 222 (21 July 2023) the Labour Court was called upon to reconsider the fairness, or otherwise, of Mr Mathebula’s dismissal from the South African Revenue Service (SARS) due to his dishonesty regarding his sick leave.

Employment Law

4 min read

19 May 2023

by Hugo Pienaar and Leila Moosa

Preparing for the Department

Prof Hugo Pienaar and Leila Moosa discuss employment policy and procedure requirements that employers should have front of mind when considering how the employment equity amendments may impact their business and its implementation of the Employment Equity Act, 1998.

Employment Law

13:53 Minutes

31 Jan 2024

by Alex Kanyi and Billy Oloo

Tax stability and predictability for economic sustainability

Prior to deciding to introduce or redomicile a business in any country, an investor must always consider how favourable, stable, and predictable the country’s tax system is. The primary rationale for this is the need for certainty and guarantee regarding the future sustainability of investment in the host country. This predictability ensures that the investor can plan for their business, which includes planning ahead for tax liabilities and allocating resources appropriately and efficiently. On the other hand, a tax regime that is unstable and unpredictable has the opposite effect, that is, it hinders an investor’s power to consciously make investment decisions, which would ultimately be a deterrent, leading to capital flight and reduced economic activity. Foreign direct investment (FDI) is particularly sensitive to tax stability and predictability, as investors weigh the risks associated with potential changes in tax laws. Countries with consistent and transparent tax regimes are more likely to attract FDI, contributing to economic development and job creation. 

Corporate & Commercial Law

4 min read

22 Feb 2024

by Lerato Motlhabi and Tendai Jangara

Obtaining and managing evidence in corporate forensic investigations: Legality, sources and integrity

The manner in which evidence is obtained and relied upon during forensic investigations plays a critical role in the whole investigative process, especially in establishing investigation findings and making recommendations that can be acted upon. In the context of internal corporate investigations, it is often challenging to obtain the required information from employees who are subjected to the investigation processes where such information is not known or accessible to the employer. While it is known that forensic investigators have the capabilities to obtain the necessary information, in order to maintain the integrity of the evidence, information must be obtained legally and directly from the relevantsources. 

Corporate & White Collar Investigations

4 min read

4 Apr 2024

by Alex Kanyi, Abednego Mutie and Mike Ogutu

Tax amnesty: A sham or simply misunderstood?

In an effort to improve tax revenue collection, the Government of Kenya has embarked on a ‘confess and your sins shall be forgiven’ campaign. In 2020, the previous Government put in place the Voluntary Tax Disclosure Programme, whereas the current Government has introduced a tax amnesty programme. In this article we will take a deep dive into both modes of amnesty, provides recommendations for future amnesty programmes and make the rallying call to taxpayers to quickly take advantage of the Tax Amnesty Programme before the 30 June 2024 deadline.

Tax & Exchange Control

7 min read

This website uses cookies to enhance the browsing experience. For more information, please see our Cookie Policy.

Accept Decline