Protection of Personal Information Act (POPIA) Manual for FamFirst Medical Centre

Last updated: 12 November 2024

In accordance with the Protection of Personal Information Act, No. 4 of 2013 (POPIA), FamFirst Medical Centre ("the Centre," "we," "us," or "our") is committed to protecting the privacy and personal information of our patients, employees, and all individuals whose data we process. This POPIA Manual serves to inform you about the types of personal information we collect, how it is used, and the measures we take to safeguard it.

1. Introduction

This document sets out FamFirst Medical Centre's commitment to comply with the Protection of Personal Information Act (POPIA), which was enacted to protect the personal information of South African citizens and residents. It outlines how we process and safeguard personal information collected from individuals in accordance with the principles set out in the Act.

2. Purpose of the Manual

The purpose of this manual is to:

• Inform you of our practices regarding the collection, use, retention, and processing of personal information.
• Ensure transparency regarding how we handle and safeguard your personal data.
• Provide a clear explanation of your rights under the POPIA, including the right to access, correction, and deletion of your personal information.

3. Contact Details of FamFirst Medical Centre

Name of Responsible Party: FamFirst Medical Centre
Physical Address: 45A, 5th Avenue, Newton Park, Gqeberha (formerly Port Elizabeth), Eastern Cape, 6045
Telephone Number: 041 011 0893
Email Address: admin@famfirst.doctor
Information Officer: Alison Dawson (Owner/Doctor)

4. Types of Personal Information We Collect

We collect personal information necessary to provide medical services and for administrative purposes, including but not limited to:

• Personal Identification Information: Full name, date of birth, gender, ID number, passport number, etc.
• Contact Information: Email address, telephone number, home address.
• Health Information: Medical history, current health status, medical treatment, diagnosis, prescriptions, allergies, and other relevant healthcare information.
• Payment Information: Payment details (if applicable), medical insurance details, or billing information.
• Communication Information: Correspondence, messages, or feedback you send to us through our website, email, or other communication channels.

5. Purpose for Collecting Personal Information

FamFirst Medical Centre collects and processes personal information for the following purposes:

• To provide medical treatment and services to patients.
• To maintain accurate medical and patient records.
• To communicate with patients regarding appointments, medical advice, or billing matters.
• To comply with legal, regulatory, or contractual obligations, including billing and payment for healthcare services.
• To send you health-related updates, newsletters, and information (with your consent).
• To manage administrative and operational matters of the Centre, such as scheduling and appointment management.

6. How We Use and Process Personal Information

We use your personal information solely for the purposes outlined above and for purposes directly related to our medical practice. The information may be processed manually or electronically using secure systems. We ensure that personal information is only accessible to authorized staff or third parties who are bound by confidentiality agreements and have a legitimate need to access such information.

We will not use or disclose your personal information in any manner that is inconsistent with the purposes for which it was collected.

7. Consent to Process Personal Information

In some cases, we require your explicit consent to process your personal information, such as when:

• You provide us with sensitive health data (e.g., medical records, prescriptions).
• You subscribe to our newsletters or marketing communications.

In these instances, your consent will be sought explicitly at the point of collection (via forms, website sign-ups, etc.). You can withdraw your consent at any time by contacting us at [Insert contact information].

8. Sharing and Disclosing Personal Information

FamFirst Medical Centre may share your personal information in the following circumstances:

• Service Providers: We may share your information with third-party service providers that assist us in operating our website, processing payments, and managing patient records. These third parties are required to protect your personal information and process it solely for the purposes for which it was shared.
• Legal and Regulatory Requirements: We may disclose personal information if required by law, court order, or regulatory authority, such as for auditing purposes or compliance with healthcare regulations.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, personal information may be transferred as part of the transaction. However, we will notify you if this happens and take steps to protect your data.

We will never sell or trade your personal information to any third parties for marketing purposes.

9. Retention of Personal Information

We will retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations (e.g., medical records retention requirements). After the retention period expires, we will securely delete or anonymize your information.

10. Your Rights Under POPIA

As a data subject under POPIA, you have the following rights:

• Right to Access: You have the right to request access to the personal information we hold about you.
• Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal information.
• Right to Deletion: You have the right to request the deletion of your personal information when it is no longer necessary for the purpose for which it was collected.
• Right to Object: You have the right to object to the processing of your personal information under certain conditions.
• Right to Withdrawal of Consent: If we process your data based on your consent, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact our Information Officer at admin@famfirst.doctor.

11. Security of Personal Information

We take the security of your personal information seriously. We implement reasonable administrative, technical, and physical measures to protect against unauthorized access, loss, misuse, or alteration of your personal information. These include:

• Data encryption (where applicable).
• Secure server environments.
• Restricted access to information on a need-to-know basis.

However, please note that no method of electronic transmission or storage is 100% secure, and while we strive to protect your data, we cannot guarantee its absolute security.

12. Complaints

If you believe that your rights under POPIA have been violated or if you have any concerns about the way we process your personal information, you have the right to lodge a complaint with the Information Regulator (South Africa):

Information Regulator (South Africa)
Phone: +27 10 023 5200
Email: enquiries@inforegulator.org.za
Website: https://inforegulator.org.za

13. Changes to This Manual

We may update or amend this PAIA Manual from time to time to reflect changes in our privacy practices, legal requirements, or operational procedures. Any updates will be posted on our website and the date of the latest revision will be indicated at the top of the document.

14. Contact Information

If you have any questions or concerns regarding this PAIA Manual or our data protection practices, please contact:

FamFirst Medical Centre

45A, 5th Avenue, Newton Park, Gqeberha (formerly Port Elizabeth), Eastern Cape, 6045
041 011 0893
admin@famfirst.doctor