The Protection of Personal Information Act (POPIA)
Dr Graham and staff respect your privacy and are committed to ensuring that your personal information is collected and used properly, lawfully and transparently.
This privacy notice explains how we use, store, process and disclose the personal information you provide to us or which we receive from other medical service providers related to your medical care, in accordance with the requirements of the Protection of Personal Information Act (“POPIA”).
Please read the following carefully to understand our practices regarding your Personal Information. By providing your Personal Information to us or by using our services or website, you are consenting to the practices as described or referred to in this privacy notice.
About Dr Roger Graham
Dr Graham is a registered plastic surgeon with a special interest in reconstructive and skin cancer surgeries.
Dr Graham and his practice staff understand patient confidentiality and have signed a confidentiality agreement with regards to your personal information.
According to the Act ‘‘personal information’’ means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person. With regards to the service you receive from Dr Roger Graham, your special personal information will be collected and stored. This will mostly include your health information that you have shared with Dr Roger Graham and medical information resulting from your consultations, referral letters from your other medical service providers, medical investigations and surgeries.
The information we collect
We collect and process your personal information required to contact you, for Dr Roger Graham’s confidential notes regarding your medical treatment and for the necessary sharing with other relevant medical persons or entities for the purposes of your medical treatment with Dr Graham.
We collect information directly from you where you provide us with your personal details and the special personal information you share with Dr Roger Graham. We also collect your information shared by your other medical service providers, e.g. your referring doctor.
How we use your information
We will use your personal information only for the purposes for which it was collected and agreed to with you. This would include sharing relevant contact details and relevant medical information with other medical service providers and your medical insurance necessary only for your medical treatment with Dr Roger Graham. In the unfortunate event of no payment or incomplete payment by yourself to Dr Roger Graham for the agreed to services, we will share your personal information excluding your special personal information with our debt collectors or legal team for the purpose of obtaining payment.
Retaining your information
All information is only used and retained for the sole purpose of providing a history of your medical care and treatment with Dr Roger Graham. Your information will be retained for your medical purposes for 6 years as from the date they become dormant, in print form and then digitally. Once Dr Roger Graham stops practicing as a medical doctor., the print and digital records will be transferred to another medical practitioner who takes over the care of Dr Roger Graham’s patients or to a medical practitioner of your choosing or to yourself. The HPCSA recommends that medical information should be retained for not less than 6 years after becoming dormant and for at least 25 years for special conditions.
Disclosure of information
We may disclose your personal information to other relevant service providers who are involved in your medical treatment at the time of your treatment with Dr Roger Graham. These relevant service providers include insurance companies, managed healthcare organisations, medical schemes and medical scheme administrators.
We may also disclose your contact and personal information, but not your special personal information, to our debt collection service providers or legal team if there is inadequate prompt payment from you for the agreed to services you received from Dr Roger Graham.
We will share your information with third party service providers for the purposes of our off-site digital storage of information on our I.T. billing system and for scanning to digital format for our own storage of said digital format and then confidential destruction of the print information, such as dormant patient folders.
We share your information with non-clinical third parties such as our accountant(s), for the purposes of running and administering our monthly accounting operations and subject to them being bound to confidentiality.
The National Health Act, 2003 also permits us to disclose your Personal Information in the following circumstances:
- You consent to this disclosure in writing;
- A court order or any law requires that disclosure; or
- Non-disclosure of the information represents a serious threat to public health.
Next of Kin
As a patient or account payer you may supply Dr Roger Graham with your next of kin’s personal information for the purpose of contact. It is your responsibility to ensure that your next of kin would not object to the provision and or processing of their Personal Information.
We do need to communicate with you regarding your medical treatments and your accounts with Dr Roger Graham, in order to do this, we will be utilising various communication tools. These include email, encrypted emails for sensitive information, WhatsApp, postal service and telephonically. Email is not a secure method of information transmission; if you choose to send or receive such information via email, you do so at your own risk. We do endeavour to send sensitive information via encrypted email, if this is your preferred method of communication, to reduce the security risk.
We are obliged to provide adequate protection for the personal information we hold and to stop unauthorised access and use of your personal information. We will, on an on-going basis, continue to review our security controls and related processes to ensure that your personal information remains secure.
Our security policies and procedures cover:
- Physical security;
- Computer and network security;
- Access to personal information;
- Secure communications;
- Security in contracting out activities or functions;
- Retention and disposal of information;
- Acceptable usage of personal information;
- Investigating and reacting to security incidents.
When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that your personal information is kept secure.
Your rights and access to information
You have the following rights in relation to your Personal Information, where legally permissible:
- Right of access: the right to make a written request for details of your Personal Information and a copy of that Personal Information. To do this, simply contact us and specify what information you require. We will need a copy of your ID document to confirm your identity before providing details of your personal information.
- Right to rectification: the right to have inaccurate information about you corrected or removed.
Changes to our Privacy Notice
This privacy notice was last updated on 23 July 2021.
Dr Roger Graham
125 North Suites Mediclinic Constantiaberg, Burnham Road, Plumstead, 7800, South Africa