Please read this Privacy Policy carefully to understand how your personal information
will be handled by the Intercare Group. Every term of this Policy is material.
About Intercare
The Intercare Group of Companies provides healthcare services at various facilities such as dedicated units for acute and sub-acute care and rehabilitation, as well as ambulatory day surgery centres. Various Intercare Group Companies provide support services to primary health care practitioners who practise their professions at Intercare facilities (primary care and wellness centres).
Application of this Privacy Policy
This Privacy Policy applies to
- Intercare Holdings Proprietary Limited (Registration number 2009/003376/07) and all its subsidiaries and associates;
- Intercare Group Hospital Holdings Proprietary Limited (Registration number 2012/032574/07) and all its subsidiaries and associates; and
- All incorporated or personal liability companies that provide primary care services and operate from Intercare premises.
A reference to Intercare in this Policy includes all these entities.
The details of Information and Deputy Information Officers of all the various entities are contained in the relevant PAIA manuals available on the Intercare website
Explanation of Terms
- “Data subject” refers to the person or entity to whom the personal information relates.
- “Intercare” refers to the entities listed above as the context requires.
- “Personal information” has the meaning assigned to it in POPIA and refers to information relating to human beings and certain juristic persons. It includes information such as race, gender, pregnancy, age, health status and medical information, date of birth, identity number, contact details and confidential correspondence.
- “Processing” has the meaning assigned to it in POPIA and refers to any operation or activity concerning personal information, such as the collection, receipt, recording, storage, updating, alteration, use, distribution, erasure or destruction of the information.
- “POPIA” means the Protection of Personal Information Act (Act 4 of 2013) and its Regulations.
- “We” / “us” refers to Intercare or any of the entities listed above as may be required in the context.
- “You” / “your” refers to the data subject (i.e., the person or entity) whose personal information is processed by the practice.
Application of the Privacy Policy
This Privacy Policy applies to personal information that we have in our possession or under our control and personal information that we collect or receive from or about you. It stipulates, amongst others, how we collect the information, the type of information collected, why that information is collected, the circumstances under which that information will be shared with others, the security measures that we have implemented to protect the information and how you may obtain access to and correct your information.
Our Commitment
We understand that your personal information is important to you. Your privacy and the security of your information are just as important to us and we want to make sure you understand how your information will be processed. We are committed to conducting our business in accordance with the law. We will, therefore, only process, which includes collect, use, store or disclose, your personal information in accordance with the law or otherwise with your consent and will always strive to keep your information confidential. We take this commitment to look after your personal information seriously. We have implemented a number of processes to make sure that your personal information is used in the right way.
When You Provide Information about Another Individual / Entity
You must make sure that if you provide personal information about any individual or entity to us, you may lawfully do so (e.g., with their consent). We will accept that you are acting lawfully. You should make sure that they are familiar with this Privacy Policy and understand how we will use and disclose their information.
Collection of Your Personal Information
We collect personal information directly from you when
- you become a client of an Intercare company;
- you become a patient of a medical or dental practice;
- you are admitted to one of our facilities;
- you supply information on our website or when you provide information to us.
Information may also be collected from other sources, depending on the circumstances, when it is, for example, not possible to obtain the information directly from you or to protect your legitimate interests such as ensuring your safety during medical or dental treatment or a medical or dental procedure. The information may be collected from persons, such as your next-of-kin, another healthcare practitioner involved in your care or when you make information publicly available.
The information that we collect about patients is necessary to ensure their safety during treatment and to provide them with the requested medical or dental services.
Processing of Your Personal Information
We generally process the personal information listed below, if applicable in the circumstances, and retain it as part of our records. Other personal information may be collected and processed if it is required in the circumstances.
Clients
- Organisation’s name and contact details;
- Names, titles and contact details of relevant persons;
- Agreements and related information;
- Financial information, including invoices;
- Official documentation, including newsletters and statements; and
- Correspondence.
Patients
There are various laws that permit the processing of personal information of patients such as the National Health Act, POPIA and the Medical Schemes Act.
- Names and surnames, identity numbers, passport numbers, dates of birth, age, contact details, addresses, nationality and gender;
- Names and contact details of next-of-kin;
- Health status, medical information, including medical history and Covid-19 screening information;
- Medical scheme information or information about other relevant funders;
- Procedures performed / treatment provided and relevant reports (e.g., radiological images and reports, pathology results);
- Billing and payment details; and
- Information recorded on practice / facility documentation, such consent forms.
Healthcare Practitioners employed by the Practice or working at Intercare Facilities
- Names and surnames, titles, identity numbers, dates of birth, age, contact details, addresses, HPCSA / statutory council number, position or role in the practice, nationality, gender, race, qualifications, specialisation, interests and other information included on CVs;
- Membership of professional societies;
- Relevant medical and disability information, including Covid-19 screening information;
- Signatures of official signatories of the practice and proof of residence, if required by the bank;
- Employment-related information;
- Bank details;
- Professional indemnity cover; and
- Correspondence.
Suppliers, Vendors and Other Persons or Entities
- Organisation’s name and contact details;
- Names, titles and contact details of relevant persons (including next-of-kin of patients and guarantors / authorised persons of patients);
- Agreements and related information;
- Financial information, including invoices;
- Official documentation, including newsletters and statements;
- Covid-19 screening information of visitors; and
- Correspondence.
Consent
If you consent to the processing of your personal information, you may withdraw your consent at any time. This does not affect the processing of personal information that has already occurred. If you withdraw your consent, your personal information will only be processed as provided for in the law.
Objection to Processing
When we process your personal information to protect your legitimate interests or based on the legitimate interests of Intercare or those of a third party to whom we supply the information, you may object to our processing, if it is reasonable to do so. This must occur on the form prescribed by POPIA, available at the reception of the relevant entity and from the Information Officer. This does not affect your personal information that we have already processed. If you object and we agree with your objection, your personal information will only be processed as provided for in the law.
Purposes of Processing of Your Personal Information
Medical and dental practices as well as Intercare facilities generally process your personal information for the following purposes:
- to conduct and manage the practice or facility in accordance with the law, including the administration of the practice and claiming and collecting payment for services rendered from relevant funders, patients and/or responsible persons / entities;
- for treatment and care of patients;
- for communication purposes (e.g., reminders of patient appointments);
- for the maintenance of practice / facility records and patients’ medical records;
- for employment / contracting and related matters of health care practitioners;
- for reporting to persons and bodies, including referring practitioners, as required and authorised in terms of the law or by the data subjects;
- for historical, statistical and research purposes;
- for clinical trials / research studies;
- for identification of patients;
- for enforcement of the practice’s rights; and/or
- for any other lawful purpose related to the activities of our practice.
Other Intercare Group Companies generally process your personal information for the following purposes:
- to conduct and manage the company in accordance with the law, including the administration of the company and claiming and collecting payment for services rendered from clients;
- for the provision of client services;
- for client and potential client engagement and management of relationships;
- for conclusion and performance of contracts;
- for the maintenance of company and staff records;
- for employment and related matters of staff;
- for communication purposes;
- for reporting to persons and bodies, as required and authorised in terms of the law or by the data subjects;
- for historical, statistical and research purposes;
- for clinical trials / research studies;
- for procurement;
- for enforcement of the company’s rights; and/or
- for any other lawful purpose related to the activities of the company.
Disclosure of Your Personal Information
We will share only relevant personal information about you with the persons and entities specified below if it is necessary and lawful in the circumstances.
Patients
- Treating and/or referring practitioners;
- Hospitals;
- Paramedics and ambulance services;
- Emergency room practitioners;
- Hospital staff;
- Next-of-kin and other persons as may be required and authorised in the circumstances;
- Guarantors for payment of invoices;
- Relevant funders such as the patient’s medical scheme;
- Practitioners and employees of the practice / at the facility and service providers (such as relevant Intercare Group Companies) who assist us to provide the services and who perform functions related to the administration of the practice on a need-to-know basis, subject to confidentiality undertakings;
- Mediclinic in respect of patients admitted to facilities (Mediclinic’s hospital system is used by Intercare facilities due to the shareholding of Mediclinic in these facilities);
- Debt collectors / attorneys;
- Our insurers;
- Our professional and legal advisers, including our accountants / auditors;
- Law enforcement structures, including courts and tribunals;
- Regulatory and other public or private bodies, persons or entities, as may be required or permitted in terms of the law, including to comply with any legal obligation or to protect the rights, property or safety of our practice, employees, patients, the public or others; and
- The purchaser of the practice, if applicable.
Healthcare Practitioners at Medical and Dental Practices and Intercare Facilities
- Practitioners and employees of the practice and service providers (such as relevant Intercare Group Companies) who assist us to provide the services and who perform functions related to the administration of the practice / facility on a need-to-know basis, subject to confidentiality undertakings;
- Next-of-kin in emergency situations;
- Funders;
- Our insurers;
- Suppliers and vendors;
- Entities performing peer review;
- Our professional and legal advisers, including our accountants / auditors;
- Law enforcement structures, including courts and tribunals;
- Regulatory and other public or private bodies, persons or entities, as may be required or permitted in terms of the law, including to comply with any legal obligation or to protect the rights, property or safety of our practice, employees, patients, the public or others; and
- The purchaser of the practice, if applicable.
Referring and Other Healthcare Practitioners
- Next-of-kin of patients;
- Relevant funders such as the patient’s medical scheme;
- Hospitals;
- Practitioners and employees and service providers (such as relevant Intercare Group Companies) who assist us to provide the services and who perform functions related to the administration of the practice / the facility on a need-to-know basis, subject to confidentiality undertakings;
- Our professional and legal advisers, including our accountants / auditors;
- Law enforcement structures, including courts and tribunals;
- Regulatory and other public or private bodies, persons or entities, as may be required or permitted in terms of the law, including to comply with any legal obligation or to protect the rights, property or safety of our business, employees, patients, the public or others; and
- Any successor in title.
Clients
- Directors and employees of the relevant entity and service providers (such as relevant Intercare Group Companies) who assist us to provide the services and who perform functions on a need-to-know basis, subject to confidentiality undertakings;
- Our professional and legal advisers, including our accountants / auditors;
- Debt collectors / attorneys;
- Our insurers;
- Law enforcement structures, including courts and tribunals;
- Regulatory and other public or private bodies, persons or entities, as may be required or permitted in terms of the law, including to comply with any legal obligation or to protect the rights, property or safety of our business, employees, the public or others; and
- Any successor in title of the relevant entity.
Other Persons (such as persons responsible for patients’ accounts) and Entities
- Practitioners and employees of the practice / at the facility and service providers (such as relevant Intercare Group Companies) who assist us to provide the services and who perform functions related to our business on a need-to-know basis, subject to confidentiality undertakings;
- Our professional and legal advisers, including our accountants / auditors;
- Debt collectors / attorneys;
- Our insurers;
- Law enforcement structures, including courts and tribunals;
- Regulatory and other public or private bodies, persons or entities, as may be required or permitted in terms of the law, including to comply with any legal obligation or to protect the rights, property or safety of our practice, employees, patients, the public or others; and
- Any successor in title of the relevant entity.
Record-Keeping
We maintain records of your personal information for as long as it is necessary for lawful purposes related to the conducting of our business, including to provide treatment and care to patients, comply with legal obligations, resolve complaints, attend to litigation (if applicable), enforce agreements and for historical, statistical and research purposes subject to the provisions of the law.
Information Sent Across the Borders of the Republic of South Africa
We process and store your information in records within the Republic South Africa. If we must provide your personal information to any third party in another country, we will obtain your prior consent unless such information may be lawfully provided to that third party.
Security of Your Personal Information
We are committed to ensuring the security of your personal information in order to protect it from unauthorised processing and access as well as loss, damage or unauthorised destruction. We have implemented and continually review and update our information protection measures to ensure the security, integrity, and confidentiality of your information in accordance with industry best practices. These measures include the physical securing of the offices where information is held, the locking of cabinets with physical records, password control to access electronic records, off-site data back-ups and stringent policies in respect of electronic record storage and dissemination. In addition, only those employees and service providers that require access to your information to discharge their functions and to render services to us are granted access to your information and only if they have concluded agreements with or provided undertakings regarding the implementation of appropriate security measures, maintaining confidentiality and processing the information only for the agreed purposes. We will inform you and the Information Regulator, if any person has unlawfully obtained access to your personal information, subject to the provisions of the law.
Right to Access your Personal Information
You have the right to request access to your personal information in our possession or under our control and information of third parties to whom we supplied that information subject to restrictions imposed in legislation. If you wish to exercise this right, please complete the prescribed form, available at the reception of the relevant entity and from its Information Officer and submit it to the receptionist / Information Officer. Costs may be applicable to such request, which can be obtained from the receptionist / Information Officer. Please consult our PAIA Manual for further information.
Accuracy of Your Personal Information
It is important that we always have accurate information about you on record as it could impact on communication with you and your health, if applicable. You must therefore inform us as soon as any of your information has changed. You may also request us to correct or delete any information. Such a request must be made in writing on the prescribed form, available at the reception of the relevant entity and from its Information Officer and be submitted to the receptionist / Information Officer. You must provide sufficient detail to identify the information and the correction / deletion required. Information will only be corrected / deleted, if we agree that the information is incorrect or should be deleted. It may not be possible to delete all the information if we may lawfully retain it. Please enquire at reception or contact the Information Officer to discuss how we can assist you with your request. If we correct any information and the corrected information will impact on any decision made or to be made about you, we will send the corrected information to persons to whom the information has been disclosed in the past if they should be aware of the changed information.
Changes to this Privacy Policy
We reserve the right in our sole and absolute discretion, to revise or supplement this Privacy Policy from time to time to reflect, amongst others, any changes in our practice or the law. We will publish the updated Privacy Policy on our website. It will also be available at the reception of all the entities subject to this Policy. Any revised version of the Policy will be effective as of the date of posting on the website, so you should always refer back to the website for the latest version of the Policy. It is your responsibility to make sure you are satisfied with any changes before continuing to use our services. If you have any questions concerning this Policy, please contact our Information Officer.
Concerns and Complaints about the Processing of Your Personal Information
All enquiries, requests or concerns regarding this Policy or relating to the processing of your personal information by the practice should be addressed to the Information Officer. You may also lodge a complaint with the Information Regulator at [email protected]. We would appreciate it if you would give us the opportunity to consider your complaint before you approach the Information Regulator.
Laws Applicable to this Privacy Policy
This Privacy Policy is governed by the laws of the Republic of South Africa.