An introduction to the protection of personal information in the healthcare practice

8. The 8 conditions for lawful processing of PI

8.3. Processing Limitation (Sections 9-12)

Topics

  1. Lawful manner
  2. Reasonable manner
  3. Minimality with regards to the purpose
  4. The 6 lawful grounds for processing
  5. Objection
  6. Lawful sources of collection.


1. Lawful manner

  • PI must be processed lawfully, which means that you  must have a valid lawful ground in order to process PI.
  • We have discussed the lawful grounds for processing. No single ground is better or more important than the others, but it must be determined which ground is most appropriate to use depending on the purpose and relationship with the individual.
  • Most lawful grounds require that processing is necessary for a specific purpose. If you can reasonably achieve the same purpose without the processing, you won’t have a lawful ground.
  • You must determine your lawful ground before you begin processing, and you should document it.
  • Take care to get it right first time - you should not swap to a different lawful ground at a later date without good reason. In particular, you cannot usually swap from consent to a different ground.
  • Your privacy notice should include your lawful grounds for processing as well as the purposes of the processing.
  • If your purposes change, you may be able to continue processing under the original lawful ground if your new purpose is compatible with your initial purpose (unless your original lawful ground was consent).
  • If you are processing SPI / PI of children you need to identify both a lawful ground for general processing and any additional condition for processing this type of PI.
  • If you are processing criminal conviction PI or PI about offences you need to identify both a lawful ground for general processing and any additional condition for processing this type of PI.


2. Reasonable manner

  • PI must be processed in a reasonable manner that does not infringe the privacy of the DS.
  • You need to consider whether people will reasonably expect you to use their PI in this way in the particular circumstances. You should consider all relevant factors, including:
    • Do you have an existing relationship with the individual?
    • If you have an existing relationship, what is the nature of that relationship?
    • How have you used their PI in the past?
    • Did you collect PI directly from the DS?
    • What did you tell individuals at the time?
    • If you obtained the PI from a third party, what did they tell individuals about reuse of the PI by third parties for other purposes?
    • How long ago was the PI collected? Are there any changes in technology or other context since that time that would affect current expectations?
    • Is your intended purpose and method obvious or widely understood?
    • Are you intending to do anything new or innovative?
    • Do you have any actual evidence about expectations, eg from market research, focus groups or other forms of consultation?
    • Are there any other factors in the particular circumstances that mean they would or would not expect the processing?
  • This is an objective test. You do not have to show that every individual does in fact expect you to use their PI in this way. Instead, you have to show that a reasonable person would expect the processing in light of the particular circumstances.

3. Minimality with regards to the purpose

PI may only be processed if, given the purpose for which it is processed, it is:

  1. adequate &
  2. relevant &
  3. not excessive.

The HPCSA & record keeping

The Health Professions Council of South Africa places healthcare practitioners (persons registered with the HPCSA) under an obligation to keep proper medical records.

The HPCSA has published guidelines on the keeping of patient records (HPCSA Pretoria 2008), and compliance with these guidelines is critical for both continuity of patient care and for defending complaints or negligence claims.

A health record is defined as any relevant record made by a healthcare practitioner at the time of or subsequent to a consultation and / or examination or the application of health management, and contains the information about the health of an identifiable individual recorded by a healthcare professional, either personally or at his or her direction.

The following documents are regarded as the essential components of a health record, depending on the nature of the individual case:

  1. Hand-written contemporaneous notes taken by the health care practitioner;
  2. Notes taken by previous practitioners attending to health care or other health care practitioners, including a typed patient discharge summary or summaries;
  3. Referral letters to and from other health care practitioners;
  4. Laboratory reports and other laboratory evidence such as histology sections, cytology slides and printouts from automated analysers, X-ray films and reports, ECG traces, etc;
  5. Audiovisual records such as photographs, videos and tape-recordings;
  6. Clinical research forms and clinical trial data;
  7. Other forms completed during the health interaction such as insurance forms, disability assessments and documentation of injury on duty;
  8. Death certificates and autopsy reports.

The HPCSA requires that the following minimum information be included in a patient’s medical record:

  1. Personal (identifying) particulars of the patient;
  2. The biological, psychological and social history of the patient, including allergies and idiosyncrasies;
  3. The time, date and place of every consultation;
  4. The assessment of the patient’s condition;
  5. The proposed clinical management of the patient;
  6. The medication and dosage prescribed;
  7. Details of referrals to specialists, if any;
  8. The patient’s reaction to treatment or medication, including adverse effects;
  9. Test results;
  10. Imaging investigation results;
  11. Information on the times that the patient was booked off from work and the relevant reasons;
  12. Written proof of informed consent, where applicable.

Medical records must be objective recordings of what a health care practitioner has been told or discovered through investigation or examination, must be clear and legible, made contemporaneously and signed and dated. The records should be stored securely for a period of not less than six (6) years from the date on which they become dormant. Adherence to the guidelines can make all the difference with regard to a clinical negligence claim being successfully defended, so it is vital to keep this PI in the pursuit of the legitimate interest of the healthcare practitioner and the practice.

The HPCSA further requires that records should be complete, but concise, containing all the facts and drawn conclusions which are essential for patient care.


4. The 6 lawful grounds for processing

See the chapter on the 6 lawful grounds for processing.


5. Objection 

A DS may object, at any time, to the processing of personal information:

  1. in terms of the following legal grounds for processing:
    1. processing protects a legitimate interest of the DS;
    2. processing is necessary for pursuing the legitimate interests of the RP or of a third party to whom the information is supplied.
  2. in the prescribed manner, on reasonable grounds relating to his, her or its particular situation, unless legislation provides for such processing; or
  3. for purposes of direct marketing as discussed in the chapter of additional rights & responsibilities.

If a DSt has objected to the processing of PI in as mentioned above, the RP may no longer process the PI.


6. Lawful sources of collection

Section 12 of the POPIA states that all Personal information must be collected directly from the DS, with the following exceptions:

  1. if the information is contained in or derived from a public record - take note that the internet is not a public record held by a public body and information collected from the internet is therefore not applicable to this rule
  2. if the information has deliberately been made public by the DS
  3. the DS or a CP where the DS is a child has consented to the collection of the information from another source
  4. collection of the information from another source would not prejudice a legitimate interest of the DS;
  5. collection of the information from another source is necessary:
    1. to avoid prejudice to the maintenance of the law by any public body, including the prevention, detection, investigation, prosecution and punishment of offences
    2. to comply with an obligation imposed by law or to enforce legislation concerning the collection of revenue as defined in section 1 of the South African Revenue Service Act, 1997 (Act No. 34 of 1997)
    3. for the conduct of proceedings in any court or tribunal that have commenced or are reasonably contemplated
    4. in the interests of national security
    5. to maintain the legitimate interests of the responsible party or of a third party to whom the information is supplied
  6. compliance would prejudice a lawful purpose of the collection
  7. compliance is not reasonably practicable in the circumstances of the particular case.