Lindsay Hattingh

Physiotherapist

Privacy Policy

Privacy Statement of LINDSAY HATTINGH PHYSIOTHERAPY

Date of latest revision: June 2021

The purpose of this Privacy Statement is to set out how we collect, use, share and otherwise process your personal information, in a manner that is compliant, ethical, and adheres to industry best practice and applicable protection of personal information legislation as enacted from time to time.

Please read this Privacy Statement carefully to understand how your personal information will be handled by Lindsay Hattingh Physiotherapy (“the practice”). If you do not agree with the processing of your personal information as set out in this Statement, we may at our sole discretion decide whether to provide or continue with the provision of physiotherapy services to you, unless we have a legal obligation to do so, or to otherwise engage with you.

About the Practice

This is a private physiotherapy practice, which provides physiotherapy services to patients. The practice is subject to various laws protecting the privacy and confidentiality of data subjects (e.g. the Health Professions Act and the National Health Act), including patients, as well as the ethical rules and policies of the Health Professions Council of South Africa (HPCSA).

The practice’s contact details are as follows:

Address: 40 Constantia Main Road, Constantia, 7806
Practice number: 0168564
E-mail: lindsay@physio.za.net
Telephone: 021 712 8134
Website: www.lindsayhattingh.co.za
Information Officer: Lindsay Hattingh

Definition of Terms

“Your personal information” refers to personal and special personal information about you and your dependents (as relevant). It includes but is not limited to information about gender, pregnancy, marital status, age, physical or mental health, disability, language, e-mail address, physical address, telephone number, amongst other things. It also includes correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence; Thus, your personal information comprises information you may have given to us yourself or we may have collected from other sources (e.g. pathology laboratory).

Process(ing) (of) information means the lawful and reasonable manual or automated activity of collecting, recording, organising, storing, updating, modifying, merging, distributing, removing or deleting personal information to ensure that such processing is adequate, relevant and not excessive given the purpose for which it is processed.

“POPIA” means the Protection of Personal Information Act (Act 4 of 2013) and Regulations made in terms thereof.

“We” / “us” refers to the practice and the practice owner.

“You” / “your” refers to to you the patient and any of your dependents (the data subject) - which may include your spouse, partner, children - whose personal information is in the possession of or under the control of or processed by the practice.

“Competent person” means anyone who is legally competent to consent to any action or decision being taken for any matter concerning a patient or dependent - for example a parent, legal guardian or a legal representative appointed by a court to manage the finances, property, or estate of another person unable to do so because of mental or physical incapacity.

Application of the Privacy Statement

This Privacy Statement applies to personal information that we have in our possession or under our control, and information that we collect or receive from or about you. It stipulates, amongst others, how we collect your personal information, the type of information collected, why that information is collected, the circumstances under which that information will be shared with others, the security measures that we have implemented to protect your personal information and your right to obtain access to and correct the information in our possession or under our control.

Your privacy and the security of your information is of the utmost importance to us and we therefore want to make sure you understand how your information will be processed. We acknowledge that we are required by law to keep your personal information confidential and secure. We are committed to conducting our practice in accordance with the law in order to ensure that the confidentiality of your personal information is protected and maintained. We take this commitment to look after your personal information seriously. We have implemented a number of processes to make sure that your personal information is used in the right way.

Privacy Principles and recoRd keeping

We apply the following principles in order to protect your privacy:

  • No more personal information about you than what is necessary is collected;
  • We maintain records of your personal including to fulfil your requests, provide services to you, comply with legal obligations, resolve disputes, enforce agreements and as proof. These records may be held in electronic format.
  • We may also retain your personal information for historical, statistical and research purposes, subject to the provisions of the law.
  • Your personal information is only used for the purposes specified in this Privacy Statement, unless you are advised otherwise;
  • Your personal information is kept for as long as it is necessary in accordance with the law (generally after 6 years of not attending the practice your medical file will be destroyed); and
  • Other than as specified in this Privacy Statement or otherwise agreed with you, we do not share your personal information with third parties.
  • Collection of Your Personal Information

We obtain personal information directly from you when you become a patient, when you book online or when you provide information to us. Information may also be collected from other sources, depending on the circumstances, such as, but not limited to your next-of-kin, another health care practitioner involved in your care, the hospital / facility admission form and public record. The information that we request from you is necessary to provide you with physiotherapy services or to manage the relationship.

When you provide information about another invidiaul / entity, you must make sure that you may lawfully do so (e.g. with their consent). We will accept that you are acting lawfully. You should make sure that they are familiar with this Privacy Statement and understand how we will use and disclose their information.

Processing and Disclosure of Patients’ Personal Information

There are various laws that permit the processing of your personal information such as the National Health Act, the Health Professions Act and POPIA. We will only process, which includes collect, use, store or disclose, your personal information in accordance with the law or otherwise with your consent and will always strive to keep your information confidential, whether you supply it directly to us or whether it is collected lawfully from other sources.

We generally collect and process the following personal information about patients and retain it as part of our records:

  • Name, identity number, date of birth, contact details, address and gender;
  • Health status and disability;
  • Funder (e.g. medical scheme) information;
  • Physiotherapy services provided;
  • Reports from special investigations such as radiology reports and pathology results;
  • Account and payment details; and
  • Patient documentation, including consent forms, invoices, photos, videos and correspondence.

When you become a patient of the practice, we will use your personal information as follows:

  • to provide you with appropriate care;
  • to communicate with you in respect of your care, including reminding you of appointments and collecting payments for services rendered;
  • for administrative purposes, including preparing invoices and collecting payment for services rendered;
  • to refer you to other practitioners;
  • procuring tests and diagnostic procedures
  • to report to referring practitioners;
  • record-keeping;
  • for historical, statistical and research purposes;
  • as proof;
  • for enforcement of the practice’s rights;
  • for any other lawful purpose related to the activities of a private physiotherapy practice; and/or
  • as may be requested or authorised by you.

We do not use your personal information for commercial purposes.

Depending on the circumstances, your personal information will be disclosed to the following persons and entities:

  • relevant treating practitioners to ensure appropriate care;
  • contracted third party who requires this information in order to provide a healthcare service to you or your dependents;
  • next-of-kin (if it is necessary in the circumstances);
  • your funder - such as your medical scheme upon its request, for example, to allocate benefits (where applicable);
  • your insurance company (upon your request);
  • bodies performing peer review of our practitioners / clinical practice audits;
  • our professional advisers as well as employees and service providers who assist us to provide the services and who perform functions related to the administration of the practice, subject to confidentiality agreements;
  • debt collectors and credit bureaus, if your accounts are outstanding;
  • public and private bodies (such as regulators), as may be required in terms of the law;
  • law enforcement structures, including courts and tribunals;
  • as required or permitted by law, including to comply with any legal obligation or to protect the rights, property or safety of our business, employees, patients, the public or others; and
  • a purchaser of the practice, if applicable.

Processing of Personal Information of Data Subjects (Other than Patients)

We will only process your personal information in accordance with the law or otherwise with your consent and will always strive to keep your information confidential, whether you supply it directly to us or whether it is collected lawfully from other sources.

Suppliers, Service Providers, Other Stakeholders in the Health Care Industry, including Public Bodies and Regulators

Organisation name and contact details; Names, titles and contact details of relevant persons and officers; Agreements and related information; Invoices; Official documentation, including newsletters and statements; and Engagement-related information and correspondence. Other personal information may be collected and processed, as may be necessary and applicable in the circumstances.

Purpose of Processing of Personal Information of Data Subjects (Other than Patients)

We generally process personal information for one or more of the following purposes: to conduct and manage the practice in accordance with the law, including the administration of the practice and claiming and collecting payment for services rendered; for communication purposes; for the maintenance of practice records; for reporting to persons and bodies as required and authorised in terms of the law or by you; for historical, statistical and research purposes; for proof; for enforcement of the practice’s rights; and/orfor any other lawful purpose related to the activities of a private physiotherapy practice.

We do not use your personal information for commercial purposes.

Disclosure of Personal Information of Data Subjects (Other than Patients)

Relevant personal information of data subjects (other than patients) will be shared, as may be necessary in the circumstances, with our professional advisers, relevant employees (on a need-to-know basis), our auditors / accountants, regulators, relevant public and private bodies, law enforcement structures, a purchaser of the practice, if applicable. The information will only be shared as permitted in terms of the law or as otherwise agreed to with such a person.

Links to Social Networking Services

We use social networking services such as WhatsApp and Facebook to communicate with the public about our services. When you communicate with us through these services, the relevant social networking service may collect your personal information for its own purposes. These services have their own privacy policies, which are independent of this Privacy Statement.

Consent or Objection to Processing

If you provide consent to us to process your personal information, you may withdraw your consent at any time. This does not affect the processing of personal information that has already occurred. If you withdraw your consent, your personal information will only be processed as provided for in the law, and, if the circumstances make it reasonable and lawful for us to do so, we may terminate our relationship with you.

In certain instances, you may object to the processing of your personal information, if it is reasonable to do so, unless we may do so in terms of the law. This must occur on the form prescribed by POPIA. This does not affect personal information already processed. If you object and we agree with your objection, your personal information will only be processed as provided for in the law. If you exercise this right and, if the circumstances make it reasonable and lawful for us to do so, we may terminate our relationship with you.

Sending Information Across the Borders of the Republic of South Africa

We process and store your information in records within the Republic South Africa, including in ‘clouds’, which comply legal requirements to ensure the protection of your privacy. If we must provide your personal information to any third party in another country, we will obtain your prior consent unless such information may be lawfully provided to that third party.

Security of Your Personal Information

We are committed to ensuring the security of your personal information in order to protect it from unauthorised processing and access as well as loss, damage or unauthorised destruction. There are also inherent risks in the electronic transfer and storage of personal information. We have implemented and continually review and update our information protection measures to ensure the security, integrity, and confidentiality of your information in accordance with industry best practices. These measures include password control to access electronic records, which passwords are regularly changed, stringent policies in respect of electronic record storage and dissemination. In addition, only those employees and service providers that require access to your information to discharge their functions and to render services to us are granted access to your information and only if they have concluded agreements with or provided undertakings regarding the implementation of appropriate security measures, maintaining confidentiality and processing the information only for the agreed purposes.

We will inform you and the Information Regulator, if any person has unlawfully obtained access to your personal information, subject to the provisions of the law.

Right to Access your Personal Information

You have the right to have access to your personal information subject to restrictions imposed in legislation. You may request access to your information in our possession and information of third parties to whom we supplied that information. If you wish to exercise this right, please complete and submit the prescribed form to the Information Officer. Costs may be applicable to such request. The relevant form and costs can be obtained from the Information Officer. You may also consult our PAIA Manual.

Accuracy of Your Personal Information

It is important that we always have accurate information about you on record as it could impact on communication with you and your health, if applicable. You must therefore inform us as soon as any of your information has changed. You may also request that we correct or delete any information. Such a request must be made in writing on the prescribed form to the Information Officer and must provide sufficient detail to identify the information and the correction or deletion required. Information will only be corrected or deleted, if we agree that the information is incorrect or should be deleted. It may not be possible to delete all of the information if there is a legal basis to retain the information. However, please contact the Information Officer to discuss how we can assist you with your request.

Changes to this Privacy Statement

We reserve the right in our sole and absolute discretion, to revise or supplement this Privacy Statement from time to time to reflect, amongst others, any changes in our business or the law. We will publish the updated Privacy Statement on our website at www.lindsayhattingh.co.za. It will also be available at the practice. Any revised version of the Statement will be effective as of the date of posting on the website, so you should always refer back to the website for the latest version of the Statement. It is your responsibility to make sure you are satisfied with any changes before continuing to use our services. You have the right to opt out of such new or different use.

Concerns and Complaints about the Processing of Your Personal Information

All enquiries, requests or concerns regarding this Statement or relating to the processing of your personal information should be addressed to the Information Officer. If you believe that we processed your personal information contrary to this Privacy Statement or in contravention of the law, please contact the Information Officer immediately. You may also lodge a complaint with the Information Regulator (although we encourage you to first contact the Practice to resolve the complaint). at complaints.IR@justice.gov.za / +27 (0)10 023 5207 / +27 (0)82 746 4173. JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001 or PO Box 31533, Braamfontein, Johannesburg, 2017.

© 2024 Lindsay Hattingh Physiotherapy, All Rights Reserved. Privacy Policy. Terms and conditions. Medical Website Design by
Covid-19 online resource and news portal > www.sacoronavirus.co.za