Demystifying personal information

This week we will look at

  • what personal information is
  • what data subjects are
  • why privacy matters
  • privacy awareness in your practice

Personal information (PI) means information relating to an identifiable, living individual or an existing business (‘juristic person’). This includes the information you may have of your patients, your employees, service providers, and members of the public. We call these DATA SUBJECTS.

Here’s some examples:

  • Identifiers such as: a name, identity number, staff number, account number, customer number, company registration number, tax number, photos and videos or any other ‘assignment’ to the person used to identify them.
  • Demographic information such as: race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health or well-being, disability, religion, conscience, belief, culture, language and birth.
  • Contact details such as: physical and postal addresses, email addresses, telephone numbers, online identifiers (e.g. a person’s twitter handle), location information.
  • Financial information such as: bank and other account numbers, bank statements, salary information, financial statements.
  • Usernames and passwords.
  • Background information such as: education, financial, employment, medical, criminal or credit history.
  • Biometric information: this refers to techniques of identification that are based on physical, physiological, or behavioural characterisation such as blood typing, fingerprinting, DNA analysis, retinal scanning, and voice recognition.
  • A person’s opinions, views, and preferences.
  • Private or confidential correspondence and any further correspondence that would reveal the contents of the original correspondence.
  • Views or opinions about a person or patient (such as consultation notes and trade references).

We’ve included a poster that you can use as reference.

People care about how their PI is treated – just think about how you feel when you are completing a form that asks for your PI. But why should your practice care about the PI of your staff and patients?

#1 Personal information and trust are assets
There is value to having high quality PI (which is one of the requirements of POPIA compliance) that is kept secure (another requirement).

#2 Keep your reputation intact
Privacy has become increasingly important to patients as the internet is playing a central role in how patients interact and transact with each other and with organisations. Privacy breaches not only result in a loss of profit, but also affects patients’ trust in your practice.

#3 When it is done right, POPIA compliance saves you money
Implementing the POPIA principles in your organisation should lead to a reduction in operational costs.

#4 Legal compliance
Compliance reduces the risks of restrictions on processing activities, fines, and lawsuits. The POPIA established a new Information Regulator who has wide-ranging powers to prohibit the processing of PI which it deems unlawful.

We have a responsibility to protect the PI of our patients, co-practitioners, employees, and service providers. We must consider it in each small task we perform: when a patient completes a form, when we make an appointment, speak on the phone, or send test results via email.

We need to be mindful of how we treat PI and not unwittingly share it with the wrong people or lose it. Creating awareness in your practice about the basic principles of good information governance is the first and most important step towards taking care of PI.

This week your task is to introduce the concept of privacy and raise awareness about the need to protect the PI in your practice of your patients, employees, and service providers.

Here are a few tools you can use to create awareness in your practice:

  • Send this email to your employees and set aside time for everyone to talk about the concept of privacy. Ask everyone to think about the actions they take and processes they follow each day that involves PI.
  • Put this poster up in your back office or administration area to use as reference.

As we work through this 9-week programme, keep the conversation going and involve everyone in finding the best solution for your practice.

We’ve included a workbook that you’re going to use during this programme. We’ll start working on it next week. In the meantime, save it somewhere safe.

In your workbook, you can record any GAPS you identify in your processes, as well as risks relating to information governance in your practice. You’ll be making a list and doing a risk review using the GAPS tab.

We’ve included examples and guidance throughout the workbook to help you.

Remember that you have a free one-hour consultation included with this programme!
Use it, and contact us if you have any questions about this week’s topic.