Data Protection
HIPAA & POPIA Compliance
At Gardenview Medical Centre, we're committed to the highest standards of patient data protection under both local and international frameworks.
Gardenview Medical Centre is dedicated to safeguarding patient data in full accordance with South Africa's Protection of Personal Information Act (POPIA) and the United States' Health Insurance Portability and Accountability Act (HIPAA). Our comprehensive approach ensures your medical information remains private, secure, and properly managed.
Protected Health Information (PHI)
We protect all personally identifiable health information, including the following:
Medical Records
- Diagnoses & treatment plans
- Medication records
- Lab results & imaging
Personal Details
- Full name, ID number
- Contact and billing info
- Medical scheme membership
How We Protect It
We use layered protection across three pillars:
- End-to-end 256-bit encryption for stored and transmitted data
- Multi-factor authentication required for system access
- Data hosted in ISO-certified secure infrastructure
- Role-based permissions & activity audit logs
Your Rights Under HIPAA & POPIA
We respect and uphold your rights to:
-
Access your health data at any time, in digital or paper format.
-
Correct inaccurate data by submitting a request to your provider.
-
Limit information use and disclosures for certain purposes.
-
Receive confidential communication through your preferred channels.
Understanding POPIA & HIPAA
Both regulations protect patient data, but with some key differences:
| Feature | POPIA (South Africa) | HIPAA (United States) |
|---|---|---|
| Scope | All personal information | Healthcare data only |
| Consent Requirements | Explicit consent required for processing | Multiple permitted uses without explicit consent |
| Breach Notification | As soon as reasonably possible | Within 60 days |
| Penalties | Up to R10 million or imprisonment | Up to $1.5 million per violation category per year |
Data Protection Officer
Have questions or need to report a concern?
- Email: info@gardenviewmedical.co.za
- Phone: +27 11 123 4567
- Hours: MonβFri, 8:00β17:00
Data Breach Hotline
Suspect a breach? Contact us immediately:
- Email: info@gardenviewmedical.co.za
- Hotline: +27 11 123 4599 (24/7)
Our Privacy Framework
- Lawfulness, fairness & transparency
- Purpose limitation & data minimization
- Accuracy & storage limitation
- Integrity, confidentiality, accountability
- Privacy by design and by default
Downloadable Resources
Frequently Asked Questions
We only share your information with other healthcare providers involved in your care using secure electronic health record systems or encrypted communication channels. This sharing is done on a need-to-know basis, and only with your explicit consent unless in emergency situations where implied consent may apply.
Yes, you have the right to request restrictions on certain uses and disclosures of your health information. While we are not required to agree to all restriction requests, we will comply with any request to restrict disclosure to a health plan if the disclosure is for payment or health care operations and pertains to a health care item or service for which you have paid in full out-of-pocket.
In accordance with South African Health Professions Council guidelines and POPIA requirements, we retain adult patient records for a minimum of 6 years from the date they become dormant. For minors, records are kept until the patient turns 21. Certain types of medical records may be kept longer based on specific medical or legal requirements.
In the unlikely event of a data breach affecting your personal information, we will notify you as soon as reasonably possible as required by POPIA. The notification will include details of the breach, the information affected, and steps we're taking to mitigate the impact. We maintain a comprehensive incident response plan that includes immediate containment, thorough investigation, and implementation of additional safeguards to prevent future breaches.
Yes, you have the right to access and receive a copy of your medical records. You can submit a request in writing to our Data Protection Officer. We will provide the requested information within 30 days. We may charge a reasonable fee to cover the costs of copying and sending your records. If you believe your records contain inaccurate information, you also have the right to request corrections.