PAIA/POPIA Manual for
Group of Companies
1. INTRODUCTION TO THE GROUP......................................................................................................................... 3
2. PRACTICES AND THEIR CONTACT DETAILS...................................................................................................... 3
3. GUIDE OF THE INFORMATION REGULATOR.................................................................................................... 14
4. RECORDS HELD BY THE PRACTICE.................................................................................................................. 15
5. INFORMATION AVAILABLE IN TERMS OF LEGISLATION............................................................................... 16
6. RECORDS AUTOMATICALLY AVAILABLE......................................................................................................... 17
7. PURPOSE OF PROCESSING PERSONAL INFORMATION............................................................................. 18
8. DATA SUBJECTS, THEIR PERSONAL INFORMATION AND POTENTIAL RECIPIENTS OF
9. PERSONAL INFORMATION SENT ACROSS THE BORDERS OF THE REPUBLIC OF SOUTH AFRICA 21
10. SECURITY MEASURES TO PROTECT PERSONAL INFORMATION............................................................ 22
11. PROCEDURE TO OBTAIN ACCESS TO RECORDS OR INFORMATION..................................................... 22
12. FEES PAYABLE TO OBTAIN THE REQUESTED RECORDS OR INFORMATION..................................... 23
13. AVAILABILITY OF THIS MANUAL.......................................................................................................................... 23
All the Group to which this Manual applies, are structured as personal liability (incorporated) companies incorporated under the laws of South Africa and are administered by the Path 24 Group of Companies. These practices are conducted in accordance with the requirements of the Health Professions Act 56 of 1974 and are subject to the authority of the Health Professions Council of South Africa (“HPCSA”). The practitioners practicing at these practices are registered at the HPCSA and provide health care services within the scope and ambit of their registration, competence and training. The practitioners are bound by the Ethical Rules of the HPCSA, which include the duty to preserve patient confidentiality.
2. COMPANIES AND THEIR CONTACT DETAILS
This Manual is applicable to the following companies:
Company Name: CENTRAL LABORATORY MANAGEMENT SERVICES (PTY) LTD
Registration Number: 2015/226147/07
Physical Address: 185 Meyer Street, Germiston, 1401
Postal Address: P O Box 2489, Saxonwold, 2132
Telephone Number: 010 026 8021
Email address: info@path24.co.za
Website address: www.path24.co.za
Information Officer: Mohammed Peer
Deputy Information Officer: Imraan Varachhia
Email address: info@path24.co.za
Practice Name: Dr Hajee and Swanepoel Inc
Practice Number: 1090321
Registration Number: 2023/639027/21
Head of the Practice: Dr Suleiman Hajee
Physical Address: 185 Meyer Street, Germiston, 1401
Postal Address: P.O.Box 2489, Saxonwold, 2132
Telephone Number: 010 026 8021
Email address: info@path24.co.za
Website address: www.path24.co.za
Information Officer: Mohammed Peer
Deputy Information Officer: Imraan Varachhia
Email address: info@path24.co.za
3. GUIDE OF THE INFORMATION REGULATOR
The Information Regulator compiled a Guide, in terms of Section 10 of the Promotion of Access to Information Act 2 of 2000 (“PAIA”), to assist persons wishing to exercise their rights in terms of this Act. This Guide contains, amongst others, the following information:
· The purpose of PAIA;
· The manner, form and costs of a request for access to information held by a body;
· Legal remedies when access to information is denied;
· Assistance that the Information Regulator can provide;
· Mechanisms to obtain the contact details of Information Officers; and
· Relevant legislation.
The Guide is available in all the official languages on the website (https://www.justice.gov.za/inforeg/) of the Information Regulator or can be obtained from the Information Regulator at:
Physical address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Postal address: P O Box 31533, Braamfontein, Johannesburg, 2017
Email address: enquiries@inforegulator.org.za
The Guide can also be obtained upon request from the Information Officer of a practice. A copy of the Guide is available for public inspection during normal office hours at the various practices.
4. RECORDS HELD BY THE PRACTICE
The practices hold the following categories of records:
Documents related to the establishment of the practices, their incorporation, their directors and shareholders as required in terms of the Companies Act 71 of 2008; shareholders’ agreements; other statutory records; governance documents (e.g., practice policies, minutes of meetings); practice code number registrations and other related documents.
Employment contracts; statutory council registration and related records; conditions of employment and workplace policies; salary registers; relevant tax records; leave records; essential services’ permits and correspondence.
Medical records; patient forms; payment-related records and correspondence.
Referral notes and reports.
Records related to clinical trials / research studies.
Evacuation plan; health and safety incident reports.
Financial statements; auditors’ reports; accounting records; bank statements; invoices, statements and receipts; remittance advices; VAT records; tax returns and related documentation.
Asset registers; purchase records; financing and lease agreements; sale and purchase agreements; registers and records kept in terms of the Medicines and Related Substances Act 101 of 1965; stock sheets; delivery notes and orders.
Agreements and related documentation with service providers, contractors, consultants, suppliers, vendors, medical schemes, locums and professional assistants; agreements and documents related to clinical trials.
Complaints, legal documents and legal opinions.
Official documents published; benefit schedules and correspondence.
Policies, cover, claims and related records.
5. INFORMATION AVAILABLE IN TERMS OF LEGISLATION
The practices hold records as may be required in terms of the legislation specified in the table below subject to the specific protection offered by these laws.
Applicable Legislation |
Category of Records |
Basic Conditions of Employment Act 75 of 1997 and Labour Relations Act 66 of 1995 |
Employment contracts and related documentation |
Children’s Act 38 of 2005 |
Consent forms |
Companies Act 71 of 2008 |
Memorandum of Incorporation / Articles of Association and other statutory records |
Consumer Protection Act 68 of 2008 and Medical Schemes Act 131 of 1998 |
Invoices related to medical treatment provided |
Disaster Management Act 57 of 2002 |
COVID-19 screening records |
Electronic Communications and Transaction Act 25 of 2002 |
Proof of electronic transactions (Data messages) |
Applicable Legislation |
Category of Records |
Employment Equity Act 55 of 1998 |
Employment equity reports |
Health Professions Act 56 of 1974 and Nursing Act 33 of 2015 |
Proof of registration of healthcare practitioners |
Income Tax Act 58 of 1962 and Tax Administration Act 28 of 2011 |
Tax-related information of directors, employees and the companies |
Medicines and Related Substances Act 101 of 1965 |
Records related to prescriptions and orders of medicine |
National Health Act 61 of 2003 |
Medical records and consent documents, where necessary |
Occupational Health and Safety Act 85 of 1993 and Compensation for Occupational Injuries and Diseases Act 130 of 1993 |
Health and safety incidents; ergonomics records; claims and records related to treatment of occupational diseases and injuries |
Promotion of Access to Information Act 2 of 2000 |
PAIA Manual and PAIA Guide |
Protection of Personal Information Act 4 of 2013 |
PAIA Manual and policies related to the protection of personal information, including a record-keeping policy |
Road Accident Fund Act 56 of 1996 |
Records and invoices related to treatment of injuries sustained in road accidents |
Skills Development Levies Act 9 of 1999 and Skills Development Act 97 of 1998 |
Records related to payment of levies and skills development reports |
Unemployment Contributions Act 4 of 2002 and Unemployment Insurance Act 63 of 2001 |
Records related to payment of UIF contributions and relevant employee records |
Value Added Tax Act 89 of 1991 |
VAT records |
6. RECORDS AUTOMATICALLY AVAILABLE
The information on the website is automatically available without having to request access by completing Form 2. Access and usage of the information on the website are subject to the Website Terms and Conditions as well as the Privacy Policy of Path24.
7. PURPOSE OF PROCESSING PERSONAL INFORMATION
The practices process personal information of data subjects for the following purposes:
7.1 to conduct and manage the practices in accordance with the law, including the administration of the practices and claiming and collecting payment for services rendered from relevant funders, patients and/or responsible persons / entities;
7.2 for treatment and care of patients;
7.3 for communication purposes;
7.4 for the maintenance of practice and patient records;
7.5 for employment and related matters of practitioners;
7.6 for reporting to persons and bodies, including referring practitioners, as required and authorised in terms of the law or by the data subjects;
7.7 for historical, statistical and research purposes;
7.8 for clinical trials / research studies;
7.9 for procurement;
7.10 for enforcement of the practice’s rights; and/or
7.11 for any other lawful purpose related to the activities of the practice.
8. DATA SUBJECTS, THEIR PERSONAL INFORMATION AND POTENTIAL RECIPIENTS OF
INFORMATION
The practices hold the personal information in respect of the categories of data subjects specified below as may be relevant in the circumstances. The potential recipients of this information are also specified. Information and records are only disclosed to recipients as may be necessary in the circumstances and authorised in terms of the law or otherwise with the consent of the relevant data subjects.
8.1 Practitioners
Full names and surnames; titles; contact details; addresses; identity numbers; race; gender; nationality; qualifications; registered professions and categories of registration; HPCSA registration numbers; employment related information; Curriculum Vitae (“CVs”) and information included therein; references; relevant health information; health and safety-related incidents; records created in the performance of their duties; proof of professional indemnity
insurance; leave records; remuneration; employment benefits; absenteeism information; bank details; tax numbers and related tax information; next-of-kin details and correspondence.
Other practitioners; South African Revenue Service (“SARS”); relevant statutory and other public bodies (e.g., Board of Healthcare Funders of SA [“BHF”]); funders; relevant service providers, contractors and suppliers; patients; banks; professional societies; bodies performing peer review; hospitals; members of the public (through the website and booking platforms); legal and professional advisers; insurers; law enforcement structures; auditors; executors of estates; and potential purchaser of practice.
8.2 Job Applicants
Names and surnames; titles; CVs and information included therein; contact details; addresses; identity numbers; race; gender; nationality; qualifications; registered professions and categories of registration; statutory council registration numbers; employment history and related information; relevant health information; interview notes; references and correspondence.
Practitioners; relevant service providers, contractors and suppliers; legal and professional advisers; auditors; law enforcement structures; and potential purchaser of practice.
8.3 Patients
Names and surnames; titles; contact details; addresses; identity numbers / dates of birth; gender; nationality; employers and their contact details; medical history; health information, including diagnoses and procedures performed; COVID-19 screening information; referral notes; clinical trial / research study participation information; adverse events; next-of-kin / guarantors / authorised persons’ details; amounts due for services rendered; and correspondence.
Treating and referring practitioners; relevant service providers, contractors and suppliers; relevant statutory and other public bodies; funders (e.g., medical schemes, the Compensation Commissioner, the Road Accident Fund); hospitals; legal and professional advisers; auditors; executors of estates; next-of-kin / guarantors / authorised persons; debt collectors; attorneys; law enforcement structures; and potential purchaser of practice.
8.4 Referring Practitioners
Names and surnames; titles; contact details; addresses; practice code numbers; registered professions; and correspondence.
Practitioners; relevant service providers, contractors and suppliers; relevant statutory and other public bodies; funders; auditors; law enforcement structures; legal and professional advisers; and potential purchaser of practice.
8.5 Hospitals / Health Care Facilities
Names; contact details; relevant employees’ / office bearers’ / contact persons’ details; website addresses; practice code numbers; hospital/facility privilege-related information and correspondence.
Practitioners; relevant service providers, contractors and suppliers; auditors; legal and professional advisers; and potential purchaser of practice.
8.6 Service Providers, Contractors, Vendors and Suppliers
Names and surnames; titles; organisation names and details; relevant employees’ / office bearers’ / contact persons’ details; contact details; addresses; website addresses; opinions; correspondence; COVID-19 screening information (visitors); market information; price structures; financial arrangements and VAT numbers.
Practitioners; relevant service providers, contractors and suppliers; banks; auditors; legal and professional advisers; law enforcement structures and potential purchaser of practice.
8.7 Insurers
Names and contact details; premiums; benefits and correspondence.
Practitioners; relevant service providers, contractors and suppliers; auditors; legal and professional advisers; relevant public bodies; law enforcement structures and potential purchaser of the practice.
8.8 Public and private bodies and other persons
Names; contact details; relevant employees’ / office bearers’ / contact persons’ details; fee / benefit structures; rules; information published in the public domain (e.g., benefit schedules, policies); payment-related information (e.g., invoices, remittances, statements); other business-related information VAT numbers; COVID-19 screening information of visitors; and correspondence.
Practitioners; relevant service providers, contractors and suppliers; legal and professional advisers; patients; debt collectors; auditors; public; relevant public and private bodies; law enforcement structures and potential purchaser of the practice.
9. PERSONAL INFORMATION SENT ACROSS THE BORDERS OF THE REPUBLIC OF SOUTH AFRICA
The practices are not planning to send any other personal information about any data subject to any other third party in a foreign country. Should this be required, relevant data subject consent will be obtained, if required, unless the information may be lawfully transferred across the borders. Transfers of such information will occur in accordance with the requirements of the law.
10. SECURITY MEASURES TO PROTECT PERSONAL INFORMATION
The practices are committed to ensuring the security of the personal information in their possession or under their control in order to protect it from unauthorised processing and access as well as loss, damage or unauthorised destruction. They continually review and update their information protection measures to ensure the security, integrity and confidentiality of this information in accordance with industry best practices. The measures they adopt to ensure the security of personal information, includes technical and organisational measures and internal policies to prevent unauthorised access, loss or use of personal information, for example, the securing of record storage areas; access control to records; and off-site data back-ups. In addition, only those practitioners and employees that require access to the information to treat patients and discharge their functions are permitted access to the relevant information and only if they have concluded agreements with or provided undertakings to the practices requiring them to implement appropriate security measures and to maintain the confidentiality of the information. Service providers, suppliers and vendors are required to adhere to the strict policies and processes implemented by the practices and are subject to sanctions for any security breach. All security breaches are taken seriously and are addressed in accordance with the law.
11. PROCEDURE TO OBTAIN ACCESS TO RECORDS OR INFORMATION
The fact that information and records are held by the practices as listed in this Manual should not be construed as conferring upon any requester any right to that information or record. PAIA grants a requester access to records of a private body, if the record is required for the exercise or protection of any right. If a public body lodges a request, the public body must be acting in the public interest. Access to records and information is not automatic. Any person, who would like to request access to any of the above records or information, is required to complete a request form (Form 2), which is available from reception or the Information Officer of the practices and the Information Regulator at the contact details stipulated above.
The requester must provide sufficient detail on the request form to enable the Information Officer to identify the record and the requester. The requester must identify the right he/she is seeking to exercise or protect and explain why the record requested is required for the exercise or protection of that right. If a request is made on behalf of another person, the requester must submit proof of the capacity in which the request is made to the satisfaction of the Information Officer. Access to the requested records or information or parts of the records
or information may be refused in terms of the law. Requesters will be advised of the outcome of their requests.
12. FEES PAYABLE TO OBTAIN THE REQUESTED RECORDS OR INFORMATION
Fees may be charged for requesting and accessing information and records held by the practice. These fees are prescribed in terms of PAIA. Details of the fees payable may be obtained from reception or the Information Officer. The fees are also available from the Information Regulator
13. AVAILABILITY OF THIS MANUAL
A copy of this Manual is available for inspection, free of charge, at the practices and on the website. A copy of the Manual may also be requested from the Information Officer against payment of a fee as may be advised.