POPIA
DIY
FOR DOCTORS
WEEK 2:
Focus on forms
This week we’re looking at instances where you collect personal information (PI). For example, patient forms, employee forms, the CVs of candidates, and vendor forms.
According to the POPIA, you shouldn’t collect more information than you need, so this week you are going to make a list of the PI you collect and what you use it for.
WEEK 3:
Clearing the clutter – how to manage personal information on paper
Most of the time, when we think of information security, we conjure up images of nerdy hackers trying to get into our electronic records. The reality is that there are criminals, they call themselves ‘dumpster-divers’, who lurk outside hospitals, medical practices, office buildings and on landfills looking for pieces of paper with personal information (PI) on it.
A great deal of PI is printed or written on paper. Think about it. Patient forms and files, medical records, notes, test results, appointment books, invoices, prescriptions, faxes. They all contain PI of someone and must be kept secure.
This week we are going to look at how you secure PI on paper and in files.
WHY?
The POPIA says that we must keep PI secure. This means that you must make sure that the PI does not fall into the wrong hands or that you do not accidentally delete or lose PI.
WEEK 4:
Electronic documents – protecting digital personal information
Last week we looked at how you can secure paper documents and files. For the next two weeks, we’re looking at how you should protect electronic personal information (PI). Think computers, cell phones, tablets, cloud storage, etc.
WEEK 6:
What are operators, and do you have them?
This week we will answer the following questions:
- What is an operator?
- Do you have operators?
- How can you ensure that your operators keep your PI safe?
WEEK 7:
Data breach – what should you do?
This week we’ll unpack data security breaches. We’ll look at what constitutes a breach, what procedures you should have in place in case of a breach and how you should respond if the worst happens.
WEEK 8:
Granting access to information
If you regularly receive these kind of requests you may already have a process to deal with them, but let’s review it and make sure that your process is working well.
This week we’re looking at your process for responding to patients’ requests for access to their PI.
WEEK 9:
Reviewing the risks you identified, and privacy notices.
This week we would like to tie everything together and review your list of risks.