The Protection of Personal Information (POPI) Bill has been one of the most controversial to come before the South African parliament.
First introduced in 2009, its clauses sparked protests and consultation meetings across the country, culminating in large scale changes to the original Bill.
The changes and their implications have been widely discussed in the media, so I would rather use this forum to comment on what I see as the implications for the private health industry in South Africa.
The intent of the Bill is for there to be a single authority to administer both the Promotion of Access to Information Act and the Protection of Personal Information Act. My contention is that there may be problems in implementing the two competing Acts as one looks at protecting the right to privacy and the other wishes to promote access to information.
Many businesses have, over the years, gathered large quantities of personal information on customers and clients and it is not clear how they need to deal with the issue of existing records. And what should happen with this information once the Protection of Personal Information Act comes into law?
Once the law is passed, businesses will have a year to become fully compliant, but I believe that a lot of questions will have to be answered before compliance can become a reality. These questions are vital for medical schemes which, by nature of their business, have detailed and privileged information on their clients.
Most, if not all, medical schemes are reliant on various risk management tools to ensure the proper and adequate supervision of the treatment of the member whilst ensuring costs are controlled in the interests of the membership at large. These tools are invariably computerised and embody complex algorithms related to accepted best practice protocols for specific conditions.
How this structure will be affected is an area of great concern. There is a chance that the changes required by law may result in increased health care costs for the consumer. Clarity needs to be given about whether medical schemes and the processing of the private information they need could be exempted from the requirements of the Act.
So in summary, I am all for the general intention of the Bill, which is to protect individuals’ private information from abuse and profiteering. There are, however, some big practical barriers that need to be overcome which will negatively affect the man in the street if not addressed.
For those wanting to know more about the Bill and its progress and implications, Webber Wentzel has some interesting information.