Personal information (PI) means information relating to an identifiable, living individual or an existing business (‘juristic person’). This includes the information you may have of your patients, your employees, service providers, and members of the public. We call these DATA SUBJECTS.

Here’s some examples:

• Identifiers such as: a name, identity number, staff number, account number, customer number, company registration number, tax number, photos and videos or any other ‘assignment’ to the person used to identify them.
• Demographic information such as: race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health or well-being, disability, religion, conscience, belief, culture, language and birth.
• Contact details such as: physical and postal addresses, email addresses, telephone numbers, online identifiers (e.g. a person’s twitter handle), location information.
• Financial information such as: bank and other account numbers, bank statements, salary information, financial statements.
• Usernames and passwords.
• Background information such as: education, financial, employment, medical, criminal or credit history.
• Biometric information: this refers to techniques of identification that are based on physical, physiological, or behavioural characterisation such as blood typing, fingerprinting, DNA analysis, retinal scanning, and voice recognition.
• A person’s opinions, views, and preferences.
• Private or confidential correspondence and any further correspondence that would reveal the contents of the original correspondence.
• Views or opinions about a person or patient (such as consultation notes and trade references).

We’ve included a poster that you can use as reference.

People care about how their PI is treated – just think about how you feel when you are completing a form that asks for your PI. But why should your practice care about the PI of your staff and patients?

#1 Personal information and trust are assets
There is value to having high quality PI (which is one of the requirements of POPIA compliance) that is kept secure (another requirement).

#2 Keep your reputation intact
Privacy has become increasingly important to patients as the internet is playing a central role in how patients interact and transact with each other and with organisations. Privacy breaches not only result in a loss of profit, but also affects patients’ trust in your practice.

#3 When it is done right, POPIA compliance saves you money
Implementing the POPIA principles in your organisation should lead to a reduction in operational costs.

#4 Legal compliance
Compliance reduces the risks of restrictions on processing activities, fines, and lawsuits. The POPIA established a new Information Regulator who has wide-ranging powers to prohibit the processing of PI which it deems unlawful.

We have a responsibility to protect the PI of our patients, co-practitioners, employees, and service providers. We must consider it in each small task we perform: when a patient completes a form, when we make an appointment, speak on the phone, or send test results via email.

We need to be mindful of how we treat PI and not unwittingly share it with the wrong people or lose it. Creating awareness in your practice about the basic principles of good information governance is the first and most important step towards taking care of PI.