An introduction to the protection of personal information in the healthcare practice

8. The 8 conditions for lawful processing of PI

8.2. Purpose Specification (Section 13-14)

Topics

  1. Define processing purpose
  2. Communicate purpose
  3. Retention
  4. Restriction
  5. Destruction


1. Define processing purpose

PI must be collected for a specific, explicitly defined and lawful purpose related to a function or activity of the RP.

This means that it is necessary to define the purpose for collection before collection starts and to document the purposes for collection of different types of PI so that:

  1. employees know the purposes for collection
  2. the process is auditable for purposes of reporting during investigations or legal action.

All processing depends on the purpose for which PI is processed, so it will do the practice well to take some time to review all forms where PI is collected and make sure that the purposes are defined, since not all PI is collected for the same purpose.

Examples of different purposes for collection:

  1. Personal (identifying) particulars of the patient are collected to comply with the minimum requirement of the HPCSA of information to be included in a patient’s medical record.
  2. Medical aid details are collected so that the practice can submit claims to the medical aid on behalf of patients.
  3. Next of kin details are collected so that the practice can contact them in case of emergency.


2. Communicate purpose

The RP must take steps to ensure that the DS is aware of the purpose of the collection of the PI unless the exceptions are applicable. (See discussion under the chapter on Openness).
This means that forms collecting PI should indicate the purpose of the collection so that it is easy to prove that the DS took congnisance of the purpose for collection.


3. Retention

Records of PI must not be retained any longer than is necessary for achieving the purpose for which the information was collected or subsequently processed, unless:

  1. retention of the record is required or authorised by law
  2. the RP reasonably requires the record for lawful purposes related to its functions or activities
  3. retention of the record is required by a contract between the parties thereto
  4. the DS or a CP where the DS is a child has consented to the retention of the record.

Records of PI may be retained for longer periods for historical, statistical or research purposes if the RP has established appropriate safeguards against the records being used for any other purposes.

A RP that has used a record of PI of a DS to make a decision about the DS, must:

  1. retain the record for such period as may be required or prescribed by law or a code of conduct; or
  2. if there is no law or code of conduct prescribing a retention period, retain the record for a period which will afford the DS a reasonable opportunity, taking all considerations relating to the use of the PI into account, to request access to the record.


4. Restriction

The RP must restrict processing of PI if:

  1. its accuracy is contested by the DS, for a period enabling the RP to verify the accuracy of the information;
  2. the RP no longer needs the PI for achieving the purpose for which the information was collected or subsequently processed, but it has to be maintained for purposes of proof;
  3. the processing is unlawful and the DS opposes its destruction or deletion and requests the restriction of its use instead; or
  4. the DS requests to transmit the PI into another automated processing system.

This PI may, with the exception of storage, only be processed for purposes of proof, or with the DS’s consent, or with the consent of a CP in respect of a child, or for the protection of the rights of another natural or legal person or if such processing is in the public interest.

Where processing of PI is restricted as a result of the above reasons, the RP must inform the DS before lifting the restriction on processing.


5. Destruction

A RP must destroy or delete a record of PI or de-identify it as soon as reasonably practicable after the RP is no longer authorised to retain the record as described above.

The destruction or deletion of a record of PI must be done in a manner that prevents its reconstruction in an intelligible form.