This is the privacy statement of Connection Mental Healthcare, with its registered office at 3 Rodwell Road in St James, Cape Town. You can reach us via the contact form on this website or by calling us on 021 541 0643 .
GENERAL INFORMATION
Applicability of this statement
This privacy statement applies to all personal data, including medical data, that you provide to us verbally, in writing or digitally, for example via a registration form, a contact form on our website or through personal contact with our employees.
Connection Mental Healthcare is responsible within the meaning of the General Data Protection Regulation (GDPR) and POPIA (Protection of Personal Information Act) with regard to the processing of your personal data. This means that we determine which personal data is processed, for what purpose and in what way. We are responsible for ensuring that your personal data is processed properly and carefully. We attach great importance to your privacy and therefore exercise the utmost care in handling and protecting your personal data.
In this privacy statement we explain which data we process, for what purposes it is used and what your rights are under the AVG and other relevant regulations. In addition to the POPIA and GDPR, the rules of medical confidentiality are fully applicable to the processing of data.
Legal framework
We process data in accordance with the requirements set in the GDPR, POPIA and the specific rules that apply in the healthcare sector for the confidentiality and protection of medical data. See, for example, the Medical Treatment Contracts Act (WGBO), the Individual Healthcare Professions Act (BIG Act), the Healthcare Insurance Act (Zvw) and the Supplementary Provisions Processing of Personal Data in Healthcare Act (Wabvpz).
Basis and purpose of data processing
We process your data on the basis of the treatment agreement (see Article 6 of the GDPR). In order to perform the agreement (your treatment) as well as possible, it is necessary that we keep a patient file of yours. Your personal data is collected and stored by us in order to treat you well and to provide you with high-quality care and support. We also need your data to account for the quality of the care (effectiveness and lawfulness) and the financial settlement of the care/treatment.
If you register via our website or by telephone, for example to receive information about the treatment or to do a telephone screening, we also process the data you provide to us on this basis, because we need your data to determine whether we can offer you appropriate treatment.
If we process data for a purpose other than your treatment – for example a client satisfaction survey – we will request explicit permission for this.
Personal data that we process
Below you will find an overview of the personal data that we process in any case:
- Name
- Address
- Contact details
- Sex
- Date of birth
- BSN
- Insurance data
- Contact details of your contacts
- Referral from your GP and reason for your registration
- Consent statements
- Medical data such as results of (laboratory) tests, allergies, medication use and results of questionnaires
- Treatment plan and reporting of the progress of your treatment
- Correspondence with your referrer and any other healthcare providers involved (for which you have given explicit permission)
Employee access to file
Your personal data is well protected by us against unauthorised access. Employees who do not have a treatment relationship with you and are not directly involved in the care provided are, in principle, not given access to the medical file.
All employees within Connection Mental Healthcare are obliged to treat your data confidentially. These employees are subject to (derived) medical professional secrecy or are bound by a contractual confidentiality clause with us.
We keep track of each individual employee, care provider or practitioner when he/she has viewed your file (‘logging’). You are entitled to an electronic copy of this logging for a fee, so that you can see which employee, healthcare provider or practitioner has viewed or requested your file on which date.
Provision of personal data to third parties
In view of medical professional secrecy and the privacy rules of the AVG, we may in principle only provide your personal data to third parties if we have received your explicit permission to do so. Before we ask you for permission, we will inform you about the purpose, content and possible consequences of the provision of data to a third party.
In a number of cases, we have a legal right or even a legal obligation to provide your data to third parties without your prior consent, such as other healthcare providers who are directly involved in your treatment and your health insurer (insofar as necessary for the implementation of the insurance, such as claim assessment and physical control). We do not need your permission in that case. You can object to provision without your consent, but we may then not be able to provide you with proper medical treatment.
Retention period
Your personal data will not be kept longer than necessary. If you are or have been a patient with us, we are legally obliged to keep your patient file for 20 years. This period can be extended if necessary, for example for your health or the health of your children.
YOUR RIGHTS
As a patient you have legal rights with regard to your file with us. Below we inform you about your rights. If you wish to exercise any of these rights, you can do so by contacting your practitioner or a case manager in writing or orally.
Right to inspect your file
You have the right to see which personal data we process about you. Insofar as this information is included in a medical file within the meaning of the WGBO, you have the right to view your own medical file and to receive a copy thereof. We never ask for a fee for this inspection or for making a digital copy of the data.
Only you have the right to inspect your file, not your contacts or employer, for example. This is to protect your privacy. When viewing, you will only see the data that concerns you, such as treatment plan and treatment registrations. You are not entitled to inspect personal notes of healthcare providers, practitioners or employees. We can (partially) refuse access if the privacy of another person would be harmed as a result.
We will comply with your request for inspection as soon as possible, but at the latest within one month (see Article 12 GDPR).
The right to change or delete medical data
Under the GDPR, you have the right to have the personal data we hold about you supplemented, corrected or erased (‘right to be forgotten’). Insofar as your request to erase data relates to the medical file within the meaning of the WGBO, we do not have to comply with your request for destruction if it is reasonably likely that further storage may be of considerable importance to someone else. You should think of our interests in the context of accountability for the care we provide, or the interests of your descendants in the event of a hereditary disease.
Right to withdraw consent
If you give us permission to share your information with others, such as your contact persons or other healthcare providers, you have the right to withdraw that permission. From that moment on, we are no longer allowed to share information with that person.
File transfer
If you switch to another healthcare provider, it is important that the new healthcare provider or practitioner is aware of the healthcare provided by us. At your request, we will in principle always cooperate with the transfer of your file to your new healthcare provider or practitioner.
Under the GDPR, you can submit a request to us to send digital personal data in a readable computer file to you or another healthcare provider (‘data portability’). The right to data portability only applies to digital personal data that you have actively and consciously provided yourself. This also includes data that you have provided indirectly through the use of a service or device, such as through a blood draw, a pacemaker or a blood pressure monitor.
cookies
A cookie is a small text file that is stored on your computer, tablet or smartphone when you first visit our website. You can opt out of these cookies by setting your internet browser so that it no longer stores cookies. In addition, you can also delete all information previously saved via the settings of your browser.
CONTACT
We take the protection of your personal data and medical file seriously. We use appropriate measures based on the latest technology to prevent misuse, loss, unauthorised access, unwanted disclosure and unauthorised modification.
If you have the impression that your data is not properly secured or there are indications of misuse, please contact us via info@connection-mhc.co.za .
You can also send a request for correction, deletion, destruction or transfer of your file, or an objection to the processing of your personal data to info@connection-mhc.co.za . You can of course also contact us by telephone and make your request verbally.
Finally, we would like to point out that you have the option to submit a complaint to the Dutch and South African Data Protection Authority about the processing of your personal data by us.