POPIA DIY, the 10-week POPIA action plan for your practice
Because nobody knows your practice better than you do.
POPI DIY. Because you know your practice best
Let’s face it, there are some things you shouldn’t try to do yourself. Off the top of our heads we’d list anything to do with electricity, diagnosing yourself from the internet (it’s never lupus), or applying self-tan lotion. It shouldn’t be done. But when it comes to protecting the personal information of your patients – who better to take charge of the process than you?
Over the next ten weeks, we’re going to send you a new mission every Monday to help you protect the personal information of your staff and patients. The action plan is designed to:
- Help you understand what personal information is, and help you identify the processes through which you collect, use, store and destroy it in your business
- Increase your awareness of privacy risks in your practice
- Help you protect the personal information of your patients more effectively
- Get you ten steps closer to complying with the Protection of Personal Information Act (POPI).
Protecting the personal information of your patients is not just about POPI compliance, it’s about trust. Your patients trust you with their personal information, and without that trust you won’t be able to do business. The reputational damage of a privacy breach tends to be much more severe than any other consequence of non-compliance. Think we’re bluffing? Here’s an infographic of the most disastrous data breaches of the last 5 years.
Who is this for?
If you have a medical practice, or a small business this programme is ideal for you.
It is not ideal if:
- you are a listed company or business with more than 10 staff members
- your core business is processing personal information or if a breach would mean a business interruption (e.g. you buy and sell personal information, you are a retailers of consumer goods and services who does e-commerce or has a loyalty card, you do direct marketing on a large scale, you’re a software company who processes personal information or processes personal information on behalf of other companies)
- you already have a compliance or risk manager or in-house lawyers
- you are part of a larger group of companies, particularly if the group shares information with each other
But even if you fall in one of these categories, the tool is great if you just want to start wrapping your head around what the POPIA is about and what it would take to plan your own POPIA project. If you are already worried about the implications of POPIA for your business, and need a project with a bit more heft, get hold of us. We can help you get going or even run the project for you.
What we’ll cover
WEEK 1
Demystifying personal information
WEEK 2
Focus on forms: How you collect personal information
WEEK 3
Clearing the clutter: How to manage PI on paper
WEEK 4
Electronic documents: Protecting digital information
WEEK 5
Electronic documents: Protecting your records
WEEK 6
What are operators and do you have them?
WEEK 7
Oh @#$% a breach! What should you do?
WEEK 8
Is sharing always caring? Giving patients access to their own records
WEEK 9
Reviewing the risks you identified and drafting your privacy notice
WEEK 10
A recap of the programme and a final chance for your questions