top of page

Legal Information

Patient consent for the use of MedConnex services

Patient/Parent/Guardian/Mandated person:


This section is relevant for the patient/designated Representative:


I, the undersigned, state as follows:

  • I am the patient/parent/guardian;
  • The doctor named on this form has explained fully to me the issues listed and ticked above;
  • The consultation shall be done by means of electronic media, ie: _Video telecommunication__(please specify), as authorized by the revised Telemedicine Guidelines issued by the HPCSA, during the period of the Covid-19 National Lockdown;
  • I understand that I may withdraw my consent at any point during the consultation;
  • I understand that I may withdraw consent to, or refuse, treatment at any time.
  • I understand there may be technological difficulties in the connectivity during the use of Telehealth.
  • I understand that there are no subscriptions required when using the electronic platforms mentioned above, and that I will carry my own costs for any infrastructure and/or running costs associated with such service being rendered;
  • I understand that the session may be recorded, for record keeping purposes, with my consent;
  • I understand that patient confidentiality shall be maintained, and that should I want a third person to attend the session with me, I will provide my written consent to such attendance prior to the consultation, failing which, the consultation may be cancelled or rescheduled;
  • I confirm that I understand everything that has been explained to me, I have also received answers to all my questions and been informed that, if I want more information, I should ask the doctor;
  • I understand that problem(s) and complications may occur even when the best care, judgment, and skills are used. No guarantees have been made to me by the doctor;
  • I agree to the operation, investigation or treatment as explained to me, and to the use of the type of products as may be considered necessary and in my best interests and can be justified for medical reasons;
  • I have told the doctor that I DO NOT want the procedures below to be carried out without having the opportunity to consider them (None if left blank)_____________________________________________
  • I acknowledge that the healthcare provider may recommend an in-person visit to my nearest healthcare facility or a face-to-face consultation if they determine that a Telehealth consultation may not be optimal for my well-being. In such circumstances, I acknowledge that I remain responsible for the consultation fee associated with the time and assessment provided by the healthcare provider;
  • I acknowledge that my results may be reported to the National Institute of Communicable Diseases (NICD) and/or any other relevant health department, as required by law, if the healthcare provider suspects that I may have contracted Covid-19 or any other notifiable conditions.

Doctor:


This section is relevant for the Doctor/designated Representative:

  • I shall service the patient by means of electronic media, ie: Video telecommunication    (please specify), as authorized by the revised Telemedicine Guidelines issued by the HPCSA;
  • I have informed the patient that they may withdraw their consent at any point during the consultation;
  • I have explained the following to the patient in terms of which, in my judgment, are suited to the understanding of the patient and/or to one of the parents or guardians of the patient:
  • That there may be technological difficulties in the connectivity during the use of Telehealth;
  • That the session may be recorded, for record keeping purposes, with the patient’s consent;
  • Patient confidentiality shall be maintained, should the patient want a third person to attend the session with them, they are required to provide their written consent to such attendance prior to the consultation, failing which, the consultation may be cancelled or rescheduled;
  • The patient’s health and status condition;
  • The range of diagnostic procedures and treatment options generally available to the patient;
  • The benefits, risks, costs and consequences generally associated with each option;
  • The patient’s right to refuse health services and the implications, risks, and obligations of such refusal;
  • The nature and purpose of the proposed operation, investigation or treatment, namely;
  • That the patient may be required to have a face-to-face consultation at a healthcare facility closest to them;
  • That the patient’s results would be reported by to the National Institute of Communicable Diseases (NICD) and/or any other relevant health department, should I believe that the patient may have contracted Covid-19 or any other notifiable condition, as required by law.

Patient Consent for use of Telehealth Services
Privacy Policy

Privacy Policy

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

  • Account means a unique account created for You to access our Service or parts of our Service.
  • Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
  • Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to MEDCONNEX INC., 21 Jenny Lane, Blouberg Sands, Cape Town, 7441, Western Cape.
  • Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
  • Country refers to: South Africa
  • Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
  • Personal Data is any information that relates to an identified or identifiable individual.
  • Service refers to the Website.
  • Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
  • Third-party Social Media Service refers to any website or any social network website through which a User can log in or create an account to use the Service.
  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  • Website refers to MedConnex, accessible from www.medconnex.co.za
  • You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

  • Email address
  • First name and last name
  • Phone number
  • Address, State, Province, ZIP/Postal code, City
  • Usage Data

Usage Data

Usage Data is collected automatically when using the Service.

Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

Information from Third-Party Social Media Services

The Company allows You to create an account and log in to use the Service through the following Third-party Social Media Services:

  • Google
  • Facebook
  • Instagram
  • Twitter
  • LinkedIn

If You decide to register through or otherwise grant us access to a Third-Party Social Media Service, We may collect Personal data that is already associated with Your Third-Party Social Media Service's account, such as Your name, Your email address, Your activities or Your contact list associated with that account.

You may also have the option of sharing additional information with the Company through Your Third-Party Social Media Service's account. If You choose to provide such information and Personal Data, during registration or otherwise, You are giving the Company permission to use, share, and store it in a manner consistent with this Privacy Policy.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may include:

  • Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.
  • Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser.

We use both Session and Persistent Cookies for the purposes set out below:

  • Necessary / Essential Cookies

    Type: Session Cookies

    Administered by: Us

    Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.

  • Cookies Policy / Notice Acceptance Cookies

    Type: Persistent Cookies

    Administered by: Us

    Purpose: These Cookies identify if users have accepted the use of cookies on the Website.

  • Functionality Cookies

    Type: Persistent Cookies

    Administered by: Us

    Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.

For more information about the cookies we use and your choices regarding cookies, please visit our Cookies Policy or the Cookies section of our Privacy Policy.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

  • To provide and maintain our Service, including to monitor the usage of our Service.
  • To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.
  • For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service.
  • To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
  • To provide You with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.
  • To manage Your requests: To attend and manage Your requests to Us.
  • For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred.
  • For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience.

We may share Your personal information in the following situations:

  • With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of our Service, to contact You.
  • For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
  • With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.
  • With business partners: We may share Your information with Our business partners to offer You certain products, services or promotions.
  • With other users: when You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside. If You interact with other users or register through a Third-Party Social Media Service, Your contacts on the Third-Party Social Media Service may see Your name, profile, pictures and description of Your activity. Similarly, other users will be able to view descriptions of Your activity, communicate with You and view Your profile.
  • With Your consent: We may disclose Your personal information for any other purpose with Your consent.

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

Delete Your Personal Data

You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You.

Our Service may give You the ability to delete certain information about You from within the Service.

You may update, amend, or delete Your information at any time by signing in to Your Account, if you have one, and visiting the account settings section that allows you to manage Your personal information. You may also contact Us to request access to, correct, or delete any personal information that You have provided to Us.

Please note, however, that We may need to retain certain information when we have a legal obligation or lawful basis to do so.

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other legal requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

  • Comply with a legal obligation
  • Protect and defend the rights or property of the Company
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of Users of the Service or the public
  • Protect against legal liability

Security of Your Personal Data

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

Children's Privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.

If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, You can contact us:


Last updated: January 13, 2024

Terms of Usage

Terms of Usage

1 Introduction


1.1 Introduction

    1.1.1This document outlines the terms and conditions ("Terms and Conditions") for the use of the MedConnex website, owned by MedConnex Inc ("the Practice").

    1.1.2The Terms and Conditions are applicable to all apply to all natural and or juristic persons accessing or using the MedConnex website ("you," "your," or "user").

    1.1.3Your use of the website implies that you have read, understood, and agreed to abide by these Terms and Conditions.

1.2Age and Legal Capacity

    1.2.1By using the MedConnex website, you affirm that you are 18 (eighteen) years or older and possess full legal capacity.

    1.2.2If you are under 18 (eighteen) or lack legal permission to enter into a binding agreement, you may only use the website under the supervision of a parent or legal guardian. You must obtain their authorization, permission, and consent to be bound by these Terms and Conditions.

1.3Acceptance of Terms

    1.3.1User Acknowledgment

      1.3.1.1By accessing or utilizing the MedConnex website, you explicitly acknowledge and agree to be bound by the following Terms and Conditions. Your continued use of the website constitutes your unreserved acceptance of these terms.

    1.3.2Disagreement with Terms

      1.3.2.1If you do not agree with any part of these Terms and Conditions, we kindly request that you refrain from using the MedConnex website.

      1.3.2.2Your access and use of the website imply your understanding and consent to abide by these terms, and it is your responsibility to review them periodically for any amendments.

1.4Amendments and Replacements

1.4.1The Practice reserves the right to amend and/or replace any or all of the Terms and Conditions at its discretion. Amended terms supersede previous versions and are available on the website.

1.4.2Users, by accessing and/or using the website, consent to the amended and/or replaced Terms and Conditions. If dissatisfied with amendments, refrain from using the website.

1.5Contact Information

1.5.1For inquiries or clarification about these Terms and Conditions, please contact us at info@medconnex.co.za or (+27) 087 153 2300.

2Definitions

2.1In these Terms and Conditions, unless the context requires otherwise:

2.1.1"MedConnex Inc" or "the Practice" refers to the telehealth practice operating under the legal entity of a personal liability company, registered with the following details

  • Full Name: MedConnex Inc.
  • CIPC Registration Number: 2023/835219/21
  • Physical Address (Domicilium citandi et executandi): 21 Jenny Lane, Blouberg Sands, 7441, Cape Town, South Africa
  • Telephone Number: (+27) 87 153 2300
  • Website Address: https://www.medconnex.co.za
  • Email Address: info@medconnex.co.za
  • Names of Office Bearer(s): Dr Rephaim Mpofu

2.1.2"Website" refers to the online platform owned and operated by MedConnex Inc, accessible at www.medconnex.co.za.

2.1.3"User" or "You" refers to any individual accessing or using the MedConnex website, including but not limited to visitors, registered users, or any person obtaining information from this website.

2.1.4"Terms and Conditions" or "Terms" refer to this document, outlining the rules and regulations governing the use of the MedConnex website.

2.1.5"Service" refers to the features, products, and information provided by MedConnex Inc through its website.

2.1.6"Third-Party" refers to any entity, website, or content not directly controlled or owned by MedConnex Inc.

2.1.7"Virtual Consultation" refers to online medical consultations facilitated through the MedConnex website with qualified healthcare professionals.

2.1.8“Telemedicine Consultation” means the telephonic or video call medical consultation with a “MedConnex” doctor.

2.1.9“Telemedicine Platform” means the platform upon which the Telemedicine Consultation will take place, accessed by both the Patient and healthcare practitioner from a smart phone or similar device.

2.1.10"Content" encompasses all information, materials, text, graphics, images, and other data present on the MedConnex website.

2.1.11"Linked Websites" refers to external websites accessible through hyperlinks on the MedConnex website.

2.1.12"Practice's Discretion" indicates actions or decisions made by MedConnex Inc at its sole judgment and authority.

2.1.13"Personal Information" includes but is not limited to identifiable information about an individual, such as name, contact details, and medical history.

2.1.14"Affiliate" refers to any entity that controls, is controlled by, or is under common control with MedConnex Inc, where "control" means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote.

2.1.15"Effective Date" refers to the date when these Terms and Conditions come into effect, as indicated at the beginning of the document.

2.1.16"Modification" refers to any change, amendment, or update made to the Terms and Conditions by MedConnex Inc.

2.1.17"Privacy Policy" refers to the document outlining the practices and policies related to the collection, use, and protection of user information, accessible here.

2.1.18"Cookie Policy" refers to the document outlining the practices and policies related to the use of cookies on the MedConnex website, accessible here.

3. Content of the website

3.1 Overview

3.1.1 The Website provides various information about MedConnex Inc, encompassing details about our products (including images and technical specifications), services (including those offered by third-party providers), advice on product installation and use, contact information, terms, and policies.

3.1.2MedConnex Inc reserves the right, without notice, to make improvements, changes, or discontinue any aspect or feature of the Website, along with modifying information or content.

3.1.3The Practice may update the details on the Website without prior notice.

3.1.4MedConnex Inc may engage third-party services to provide information on the Website. The Practice has no control over such information and makes no representations or warranties regarding its accuracy, appropriateness, or correctness. Users acknowledge that information provided by third-party services is used at their own risk. It is advisable to independently verify such information for accuracy.

3.2Scope of Medical Advice

3.2.1While MedConnex Inc provides health information on the Website, only advice obtained during virtual consultations with The Practices’ qualified healthcare professionals should be considered as formal medical advice.

3.2.2Information presented on the Website serves an informational purpose and may not be comprehensive. Users are urged to confirm details and seek personalized advice from MedConnex doctors or other healthcare professional responsible for their medical care.

3.3Information Accuracy and Downloads

3.3.1MedConnex Inc makes no express or implied representations or warranties regarding the accuracy, completeness, or reliability of information, data, and/or content on the Website.

3.3.2The Practice does not guarantee that the Website or downloads will be error-free or meet any specific criteria of performance or quality.

3.3.3MedConnex Inc has taken reasonable measures to ensure the integrity of the Website and its contents; however, no warranty is given that files, downloads, or applications available via this Website are free of viruses or any other data that may affect the user's system.

3.3.4While efforts have been made to ensure the accuracy and completeness of the Website's content, no representations or warranties, whether express or implied, are made regarding the quality, timeliness, operation, integrity, availability, or functionality of the Website.

4Linked Third-Party Websites and Third-Party Content

4.1Website Links

4.1.1MedConnex Inc may include links to third-party websites on the Website for user convenience. However, such links do not imply endorsement of these websites, their owners, licensees, administrators, content, or security practices.

4.1.2While The Practice aims to link only to reputable websites or online partners, it does not accept responsibility or liability for information provided on other websites.

4.2Third-Party Content

4.2.1Linked websites or pages are beyond the control of MedConnex Inc. The Practice is not responsible for and provides no warranties or representations concerning the privacy policies or practices of linked or third-party websites.

4.2.2Users acknowledge that MedConnex Inc is not liable for the content, use, or inability to access any linked website, nor for any loss or damage incurred due to dealings with or the presence of third-party linked websites on the Website.

4.2.3Any interactions with linked websites, including advertisers, are solely between the user and the third-party website.

5Usage Restrictions

5.1General Restrictions

5.1.1The user agrees not to deal with any part of the Website in a way inconsistent with these Terms and Conditions, including but not limited to copying, reproducing, translating, adapting, modifying, leasing, licensing, sub-licensing, or otherwise dealing with any part of the Website.

5.1.2Prohibited actions include decompiling, disassembling, or reverse engineering any portion of the Website.

5.1.3The user shall not develop any derivative works or modify/enhance the Website. Any unauthorized modifications or enhancements become the property of The Practice.

5.1.4Removing identification, trademark, copyright, or other notices from the Website is strictly prohibited.

5.1.5Users must not post or transmit unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, sexually explicit, profane, or hateful content via the Website.

6Security

6.1Network Integrity

6.1.1To ensure security and reliable operation, The Practice reserves the right to take necessary actions to preserve the security, integrity, and reliability of its network and back-office applications.

6.2Prohibited Activities

6.2.1Users may not compromise the security of The Practice's networks or tamper with the Website. This includes unauthorized access attempts and delivering unauthorized, damaging, or malicious code, which is expressly prohibited.

6.2.2Offenses under the Electronic Communications and Transactions Act 25 of 2002 may result in criminal liability. Any resulting damage or loss may lead to civil damages claimed by The Practice.

7Intellectual Property Rights

7.1Definition of Intellectual Property Rights

7.1.1"Intellectual property rights" include all rights in and to intellectual property owned or controlled by The Practice, such as technology, source code, trade secrets, logos, systems, methods, trademarks, trade names, styles, designs, patents, and copyright.

7.2Ownership and Protection

7.2.1Copyright and other intellectual property rights in content, trademarks, software, data, material, and proprietary material on the Website belong to or are licensed to The Practice. Such rights are protected by local and international legislation and treaties.

7.3User Content License

7.3.1By submitting reviews, comments, or other content to The Practice for posting on the Website, the user grants The Practice and its affiliates a non-exclusive, royalty-free, perpetual, irrevocable right and license to use, reproduce, publish, translate, sublicense, copy, and distribute such content for the purpose of publication on the Website.

7.3.2Users retain any and all rights in their personal information submitted.

7.4Reserved Rights

7.4.1All rights not expressly granted are reserved, and no right, title, or interest in any proprietary material or information on the Website is granted to the user.

7.5Use Restrictions

7.5.1Without express written permission, users may not copy or retransmit proprietary material, including but not limited to text, images, and multimedia content, from the Website.

7.6Ownership Acknowledgment

7.6.1The user acknowledges that The Practice is the proprietor of all material on the Website and has no right, title, or interest in such material.

7.7Authorized Use

7.7.1Users are authorized to view, copy, temporarily download, and print Website content for personal, non-commercial, and informational purposes only, subject to these Terms and Conditions.

8Risk, Limitation of Liability, and Indemnity

8.1Indemnification

8.1.1The Patient agrees to indemnify MedConnex, excluding Loss resulting from gross negligence or willful misconduct.

8.2Assumption of Risk

8.2.1The user acknowledges that the use of this website and its information is entirely at their own risk, assuming full responsibility and risk of loss resulting from such use.

8.3Transmission Risks

8.3.1Internet transmission, including email, is subject to monitoring and interception risks. The user bears all risks associated with transmitting information in this manner, and MedConnex is not liable for any loss, harm, or damage suffered by the user.

8.3.2MedConnex may request independent verification of emailed information, and the user consents to such verification if deemed necessary.

8.4Limitation of Liability – General

8.4.1To the extent permissible by law, neither MedConnex nor its affiliates shall be liable for any damages related to the use of the website or the information contained on it, except for losses arising from gross negligence or willful misconduct.

8.5Financial Liability

8.5.1MedConnex disclaims liability for damages, specifically related to financial matters, arising from the use of the website or its content, except for losses due to gross negligence or willful misconduct.

8.6Liability for Faulty Execution

8.6.1The liability of MedConnex for faulty execution of the website shall be limited to rectifying the malfunction within a reasonable time and free of charge.

8.6.2MedConnex is not liable for loss of profits or for special, incidental, consequential, or punitive losses or damages, except for losses arising from gross negligence or willful misconduct.

8.7Indemnification Specific to the use of MedConnex Health Services

8.7.1The Patient agrees to indemnify MedConnex, excluding Loss resulting from gross negligence or willful misconduct.

8.7.2MedConnex and the Medical Practitioner accept no liability for any loss or damage arising from the access or use of the Virtual Platform, Virtual Health Service, or other products or services, except for losses due to gross negligence or willful misconduct.

8.8Waiver of Claims

8.8.1The Patient, the Guardian, the Guarantor, or the Responsible Person holds MedConnex and its Medical Practitioner harmless, undertaking to indemnify them against damages and losses.

8.8.2Any claims against MedConnex and its Medical Practitioner are waived, excluding gross negligence or willful misconduct.

8.9Monetary Limitation

8.9.1Notwithstanding any other provisions, MedConnex's liability shall not exceed double the monetary value paid for the Virtual Consultation service, except for gross negligence.

9Privacy and cookie Policy

9.1Privacy Commitment

9.1.1The Practice is steadfast in its commitment to preserving personal information, processing it strictly in line with the Privacy Policy and Cookies Policy.

9.1.2Users are offered the option to delve into the complete Privacy Policy and Cookies Policy for a thorough comprehension of how their personal information is garnered, processed, and shielded.

9.2Consent to Data Processing

9.2.1Users explicitly consent to the collection and processing of personal information when utilizing the Website and its services.

9.2.2For an in-depth overview of data processing practices, users are encouraged to refer to the comprehensive Privacy Policy.

9.3Medical Records and Data Processing

9.3.1The Patient acknowledges that, in providing the Services, it may be necessary for The Practice and/or any other involved third parties to process personal information.

9.3.2By accepting these Terms and Conditions, the Patient provides consent to The Practice or relevant third parties to process personal information as defined by law for the purpose of providing the Services.

9.3.3The Patient authorizes The Practice and any of its medical practitioners to disclose the Patient’s medical records to all medical practitioners providing care to the Patient or to whom the Patient has been referred, as permitted by the National Health Act 61 of 2003 and the Protection of Personal Information Act 4 of 2013.

9.3.4The Patient consents to The Practice and any of its medical practitioners processing personal information for the purposes of the Protection of Personal Information Act, ensuring that such processing is limited to what is reasonably required.

10Electronic Communications

10.1Communication and Privacy

10.1.1By visiting the Website or sending emails, users implicitly consent to receiving electronic communications from MedConnex Inc, including updates and notifications regarding bookings and other services rendered.

10.1.2For more detail of how data is handled during electronic communications, please review the full privacy policy.

11User Responsibility

User Responsibility

11.1.1Users are required to adhere to all applicable laws, statutes, ordinances, and regulations governing their use of and access to the MedConnex Website.

12Notices

12.1Domicilium for Legal Notices

12.1.1The Practice designates the address specified in clause 2 above as its domicilium citandi et executandi ("Domicilium") for all matters related to these Terms and Conditions, including notice and process service.

12.2Communication and Notification

12.2.1Unless explicitly stated otherwise, notices will be communicated:

  • By email to info@medconnex.co.za (for The Practice).
  • To the email address provided by you.
  • Notice via email is considered given 48 hours after sending, unless an invalid email address is notified.

    • Alternatively, The Practice may provide notice by registered mail to the address you provided, with notice deemed given 7 days after mailing.

12.2.2You acknowledge that legal agreements, notices, or other communications required by law or these Terms and Conditions may be provided electronically, constituting "in writing." Receipt of a written notice or communication by a party, regardless of delivery to the chosen address, is valid.

13General Clauses

13.1Governing Law

13.1.1These Terms and Conditions are governed by the laws of the Republic of South Africa, applied to agreements made and performed within South Africa.

13.2Website Operation and Access

13.2.1The Website is operated by The Practice from its offices within the Republic of South Africa. Users accessing the Website from locations outside South Africa must comply with local laws.

13.3Service Interruptions

13.3.1The Practice does not guarantee continuous, uninterrupted, or secure access to its services, as Website operation may be affected by factors beyond its control, including but not limited to technological failures, acts of nature, or unforeseen events.

13.4Severability

13.4.1If any provision of these Terms and Conditions is deemed illegal, invalid, or unenforceable, it will be removed, and the remaining provisions will be enforced to the fullest extent allowed by law.

13.5Waiver

13.5.1The Practice's failure to act regarding a breach does not waive its right to act on subsequent or similar breaches. Each breach is assessed individually, and no waiver is implied by The Practice's silence.

13.6Assignment

13.6.1Your rights cannot be assigned, delegated, or ceded to a third party without The Practice's prior written consent. Any attempted assignment without such consent is void.

13.7Terms Not Recorded

13.7.1Parties are unequivocally bound only by terms expressly stated in these Terms and Conditions. Any other terms, representations, warranties, or promises not expressly recorded herein are of no effect.

13.8Head Notes

13.8.1Head notes are for reference only and do not affect the interpretation of related provisions.

13.9Interpretation

13.9.1The interpretation clause is included for the purpose of aiding understanding and does not alter the substantive terms of the agreement.

13.10General terms of use of the services

13.10.1The User agrees that he/she and/or any person acting on his/her behalf, will preserve the confidentiality of any patient information and that this obligation shall continue indefinitely.

13.10.2A breach of this requirement will constitute a material breach of these Terms of Use and The Practice shall be entitled to terminate the User’s access to the service with immediate effect, insofar as this action does not result in an immediate threat to the preservation of life or life-threatening morbidity.

13.10.3The User acknowledges that he/she is responsible for complying with the respective obligations under applicable privacy and data protection laws governing the collecting, processing and sharing of personal information.

13.10.4The User agrees that the use of The Practice and/or Services and any dispute arising out of the use of this Product is subject to the laws of the Republic South Africa.

13.11Entire Agreement

13.11.1These Terms and Conditions constitute the entire understanding and agreement between The Practice and you, superseding any other warranties or undertakings unless expressly contained in this agreement.

14Telemedicine Consultations

14.1Conduct of Telemedicine Consultations:

14.1.1All Telemedicine Consultations will be exclusively conducted through the Telemedicine Platform. The Patient holds the responsibility to ensure platform access, sufficient connectivity, and data for the Telemedicine Consultation.

14.1.2Failure to meet these requirements will void the service, and the Practice will not be liable for a refund. If connection failure is attributed to the MedConnex medical professional, rescheduling or continuing the consultation telephonically will be facilitated.

14.2Limitations of Telemedicine Consultations:

14.2.1Telemedicine Consultations come with acknowledged limitations:

  • Will require a device with video capabilities and internet access in order to facilitate a virtual face-to-face consultation;
  • Will not include a physical examination or assessment of vitals;
  • Does not necessarily include the prescription of medication, use of diagnostic services, or referral and will be at the discretion of the treating medical doctor.

14.2.2For patients without a pre-existing relationship/file with The Practice before the Telemedicine Consultation, the service is valid only as long as permitted by law.

14.3Availability of service

14.3.1The provision of goods and services by MedConnex is contingent upon availability. In cases of unavailability, a full refund will be issued within 30 calendar days from the joint awareness date of the Practice and Client regarding the change in service availability.

14.3.2Patients retain the right to cancel requested services by MedConnex at any point before, and up to, 2 hours prior to the scheduled commencement of the consultation appointment. Rescheduling is permissible before the scheduled commencement. For additional details, please review the billing policy.

14.3.3A patient has the right to claim a refund if goods or services have been pre-paid, and the patient cancels before the engagement commences using the Telemedicine Platform.

15Use of Online Payment Facilities

15.1Card Acquiring and Security:

15.1.1Card transactions on behalf of The Practice are facilitated by PayStack (Pty) Ltd, an approved payment gateway for all South African Acquiring Banks. Users are encouraged to visit www.paystack.co.za to access pertinent financial and security policies for a comprehensive understanding.

15.2Merchant Outlet Country and Transaction Currency

15.2.1The merchant outlet country at the time of presenting payment options to the cardholder is South Africa. The currency of Transaction is the South African Rand (symbolised by Rands, ZAR, or R).

Billng & Cancellation Policy

Billing, Payment, and Cancellation Policy

1. Billing and Financial Information

At MedConnex Inc, consultation fees are charged and payable either in cash or through the patient's medical aid. Claims are submitted directly to medical schemes at agreed-upon scheme rates. The practice adheres to the principle of balanced billing, as per the guidelines set by the South African Medical Association (SAMA).

Balanced billing ensures that identical accounts are provided to both the patient and their medical scheme, clearly outlining respective payment portions. In cases where balanced billing is not applicable, patients are advised to settle their accounts in full at the time of service and then seek reimbursement for a portion from their medical scheme.

2. Financial Responsibility

Patients are responsible for paying their account, regardless of their medical aid status. It remains the patient's responsibility to ensure that their medical aid/insurance is up to date and fully active. MedConnex Inc reserves the right to apply "balanced billing" for various services, including consultations, repeat prescriptions, telephone consultations, and chronic forms.

3. Cancellation of Appointments

We understand that plans may change, and appointments may need to be adjusted accordingly. To ensure the smooth operation of our services, we kindly request that cancellations be made at least 2 hours in advance. Please note that appointments should be canceled at least 2 hours in advance to avoid charges. Failure to cancel within this timeframe or not attending the appointment may result in a fee equivalent to 50% of the consultation cost. This fee will be applied if the appointment cannot be filled or if we are unable to confirm the appointment with you. Our billing policy aligns with the regulations outlined by the South African Medical Association's Doctor’s Billing Manual of 2009, the Consumer’s Protection Act 68 of 2008, and the guidance provided by the Health Professions Council of South Africa regarding cancellations and no-shows (published 02 October 2018).

As per Section A: General Medical and Surgical Services, Paragraph D of the Doctor’s Billing Manual, failure to cancel a consultation appointment within 2 hours for a general practitioner or 24 hours for a specialist may result in the forfeiture of 50% of the consultation fee. This fee will only be applied if the cancellation is made within the stipulated time period or if the practice has unsuccessfully attempted to confirm the appointment with the patient.

4. Non-payment of account

All medical aid accounts must be settled within 30 (thirty) calendar days of the date of the invoice. Non-medical aid accounts must be paid and settled immediately upon receiving the Practice’s invoice and payment link via SMS or other messaging service. Failure to settle your account within this timeframe may result in interest charges and could lead to further action, including referral to a debt collection agency or legal proceedings. We encourage timely payment to avoid additional fees and potential disruptions to your care.

5. Interest, Collection & Listing with a Credit Bureau

If an account is not paid in full by the due date, the outstanding amount will accrue interest at the greater of the maximum default (or mora) rate permitted under the Prescribed Rate of Interest Act, 1975 (Act No. 55 of 1975), or the maximum prescribed interest rate permitted for incidental credit agreements under the National Credit Act, 2005 (Act No. 34 of 2005), or the published prime overdraft rate of the Practice’s bank. Additionally, the Practice reserves the right to hand over the outstanding account for collection and, at its discretion, may list the Responsible Person with a credit bureau in accordance with Regulation 19(4) of the National Credit Act, 2005. This listing may affect the Responsible Person’s credit profile, and by default, the Responsible Person hereby authorizes such listing.

6. Collection/Legal Costs & Expenses

In the event of non-payment, the Practice reserves the right to pursue collection of outstanding accounts through legal means. The Responsible Person shall be liable for all reasonable collection and legal costs incurred by the Practice in the process of recovering the outstanding debt. These costs may include but are not limited to attorney fees, court costs, and other related expenses.

7. Cession of Claim

The Practice reserves the right to cede any outstanding claims or debts to third-party debt collectors or financial institutions for the purpose of collection. By default, the Responsible Person hereby authorizes the Practice to cede any outstanding claims or debts to such third parties. This process allows us to seek assistance in collecting unpaid balances. You will still be responsible for settling the outstanding amount, even if it is being managed by a third party. Any cession of claim shall not relieve the Responsible Person of their obligation to settle the outstanding debt in full.

8. Language for correspondence, notice, legal proceedings

All correspondence or notices issued pursuant to and/or in terms of this Agreement, as well as all legal actions and court and/or other proceedings will be written and/or conducted in the English language.

9. Read receipt as proof of communication

Read receipts may be used as proof of receipt for electronic communications sent and received in the course of business operations. This helps us ensure that important information has been received and acknowledged. For example, if we send you an email regarding your account, a read receipt lets us know that you have seen the message. This can be useful in situations where there may be disputes or questions about whether information was received.

10. Service Address

The Patient, Guardian, Guarantor, and/or Responsible Person, as applicable:

  • Selects their contact and service details, designated as the Service Address, provided through the applicable electronic page of the Website, or as otherwise specified on other mediums of communication, as appropriate.
  • Agrees to promptly notify the Practice of any changes to their contact details and Service Address.
  • Consents to receive legal proceedings via electronic mail, courier service, or any other lawful method, with the Practice reciprocally consenting to service in the same manner.

11. Medical aid administration and Payment

We are not contracted to any medical aids, and as such, the patient and/or guarantor remains responsible for payment of the account. The account is payable strictly before or on 30 (thirty) days after service delivery. Accounts older than 60 (sixty) days will attract interest and be handed over to a lawyer for debt recovery.

Patients are responsible for:

  • Obtaining authorization and claiming from their medical aid
  • Reviewing their medical aid’s terms and conditions regarding:
    • Referral letters from referring medical practitioners
    • Medical scheme exclusions
    • Authorization numbers for specialist visits and procedures
    • Short and co-payments for endoscopic and other procedures
    • Penalties

The medical practice will provide patients with diagnostic ICD10 codes (International Classification of Disease code) to request and receive medical aid authorization.

12. Account Administration

Accounts may be managed and submitted to a Medical Aid by MedConnex Inc. on behalf of a patient. This service is delivered free of charge. The submission of an account does not, however, constitute transfer of the liability for payment onto MedConnex Inc. The patient and/or guarantor will ultimately be responsible for payment, and will be informed of any short payments by the Medical Aid during the course of the account administration process. Any queries may be directed to the Medical Aid, or alternatively, to us via the contact details on our website.

13. Consultation & procedure rates

  • Payment Policy: Payment for consultations must be made in full by the patient prior to completion of the consultation, or shortly thereafter if additional payment is required.
  • Follow-Up Appointments: Follow-up appointments up until 6 weeks after surgery are not charged for, unless they are for complications such as wound infections or fluid collections, or for new health issues, in which case the first consultation fee will apply. Follow-up appointments after gastroscopies, colonoscopies, and other non-surgical procedures will be charged as follow-up consultations.
  • Consultation Charges: When consulting about new surgical problems or 6 calendar months after the patient’s last appointment, the appointment will be charged at the first consultation rate.
  • Emergency and After-Hours Charges: During emergencies, weekends, and after-hours hospitalization or consultations, emergency rates will apply. Bills will be processed during business hours and sent to the medical aid. Any outstanding amounts will be billed to the patient by the accounting bureau for payment.
  • Additional Charges: For long consultations or third-party consultations, a surcharge is added to the standard rate. Telephonic feedback or result discussions will be charged accordingly.
  • Procedure Charges: For procedures on medical aid patients, the rates negotiated with the medical aid scheme will apply, and the patient must obtain authorization from the medical aid. Any outstanding amount not covered by the medical aid remains the patient's liability. For procedures on patients not contracted with the practice's medical aid network, authorization must be obtained from their medical aid. These patients or private "cash" patients will be provided with a cost estimate for approval for elective (pre-planned) procedures prior to undergoing any treatment. This excludes emergencies, weekends, and after-hour admissions, which will be charged and submitted without a cost estimate and then processed during business hours.

14. Payment methods

Accepted payment methods:

  • All major credit and debit cards
  • Payflex

Note: No cheques or cash accepted. For outstanding amounts, contact our accounts department to arrange a payment plan with a written agreement.

15. Account department contact details

  • Tel: 087 153 2300
  • Email: accounts@medconnex.co.za

    • Version date: 28 April 2024

Data & document Retention, Archiving & Destruction Policy

1. Purpose

This policy outlines the commitment of MedConnex (from hereinafter referred to as “The Practice”) to safeguarding personal information in compliance with the Protection of Personal Information Act (POPI) and other relevant legislation. "The Practice" ensures data is retained only for legal or legitimate business purposes, adhering to South African laws, standards, and best practices. Additionally, expressly acknowledges and adheres to the patient recordkeeping guidelines set forth by the Health Professions Council of South Africa (HPCSA).

This policy prescribes the maintenance of the organization’s data for a predetermined length of time. Different types of data require different lengths of retention, and computer systems and applications have added increased complexity to the issue. In addition to describing how long various types of information must be maintained while in possession, it also highlights the procedures for retaining/archiving/protecting the information and gives guidelines for destroying the information. The information contained in this policy represents the actions taken by “The Practice” concerning all its data and/or information acquisition, storage, usage, and/or deletion.

In the event of a data breach, “The Practice” has a documented Data Breach Response Protocol that outlines the steps to be taken to address potential breaches, ensuring a prompt and effective response. Data and/or information include that of “The Practice” clients, partners, service providers, staff, and other information as necessary for its operation.

“The Practice” adopts this data/information retention policy to ensure that we retain all information that we have an obligation to keep and that information is deleted where there is no business or legal requirement for it to be retained. The reasons for the necessity of this policy include:

  • To comply with legal and regulatory requirements.
  • To support “The Practice” to bring/defend legal proceedings or if “The Practice” is under investigation.
  • To preserve information that has operational and historical value.

“The Practice” ensures that this Policy is implemented and that files and documents are regularly reviewed and disposed of when these are no longer needed. As part of our commitment to continuous improvement, this policy will undergo periodic reviews and updates to align with evolving regulations, technological advancements, and organizational requirements. This policy makes reference to, and should be read alongside, the Data Retention Schedule (refer to the section below in this document). It is everyone’s responsibility to ensure that the Policy is adhered to; however, automation should be in place wherever possible to ensure that data is correctly managed as per the Data Retention Schedule.


2. Scope

This policy applies to all “The Practice” employees, contractors, vendors, and agents with access to “The Practice” network, whether using company-owned or personal devices. It covers remote access connections for work-related activities.


3. Definitions

  • Account Data: consists of client agreement, cardholder, bank data, and/or sensitive authentication data.
  • Anonymization: is the process of turning data into a form that does not identify individuals. It is a type of information sanitization whose intent is privacy protection.
  • Archiving: is the process of moving data that is no longer actively used to a separate storage device or location for retention.
  • Asset Owner: is the Functional or Business Line Head who is responsible for the Data Asset (or within whose function or business line the Data Asset resides or is used). This individual ensures the proper management and security of the data asset.
  • Data Asset: is any item or entity that comprises data. For example, databases are data assets that comprise records. A data asset may be a system or application output file, database, document, or webpage. A data asset may also include a means to access data from an application.
  • Data Processing: is the collection and manipulation of data to produce meaningful information. In the healthcare context, this includes activities such “as collecting patient information, updating medical records, and ensuring the secure transfer of sensitive data.
  • Data Retention: is usually required to meet applicable legal or contractual obligations or meet business objectives. Retention Periods are determined accordingly. For Personal Data, it must be no longer than necessary to protect the rights and freedoms of individual data subjects in accordance with this policy. In some cases, retention may be in the form of “Archival,” to preserve storage space or bandwidth on the system or container originally employed for Active Use processing.
  • Destruction: is defined as physical or technical destruction sufficient to render the information contained in the document irretrievable by ordinary commercially available means.
  • Document: as used in this Policy, is any medium that holds information used to support an effective and efficient organizational operation. Examples of Documents include:
    • Policies
    • Agreements
    • Procedures
    • Templates.
  • Dormancy: refers to the period subsequent to the last date that the patient was treated by a healthcare practitioner.
  • Financial Records: are pieces or sets of information related to the financial health of a business. The pieces of data are used by internal management to analyze business performance and determine whether tactics and strategies must be altered.
  • Personal Data: (also “Personally Identifiable Information”) is any information relating to an identified or identifiable natural person (the “Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Record: as used in this policy, is any medium that holds information or evidence about a past event. Examples of Records include:
    • Case records
    • Reports
    • Minutes
    • Video and audio recordings
    • Data generated by physical access control systems.
  • Retention: is the continued processing of data, after the initial “Active Use” has achieved the purpose for which the data was originally collected.

4. Data Retention Schedule

The Data Retention Schedule is a comprehensive list of information items held by “The Practice” Inc., which may be retained for specified periods of time for legal, statutory, fiscal, historical, or operational reasons. This must be read in conjunction with the “The Practice” – POPI Internal Approval Policy.

4.1 Retention Schedule and Medical Records

In accordance with guidelines from the Health Professions Council of South Africa (HPCSA), we adhere to the following retention practices for medical records:

  • Minimum retention of 6 years after dormancy.
  • Keeping records of minors until their 21st birthday.
  • Maintaining records of mentally impaired patients until their demise.
  • Retaining records related to occupational illnesses or accidents for 20 years post-treatment.
  • Seeking proper authorization for the destruction of records in provincial hospitals and clinics.
  • Considering extensions to retention periods in specific circumstances.

4.2 Disposal Guidelines

Our efficient records management system includes:

  • Arrangements for archiving or destroying dormant records, creating space for new records.
  • Adherence to the Electronic Communications and Transactions Act for the deletion or destruction of electronic records.
  • Clear guidelines for record retention and procedures for identifying records due for disposal.
  • Examination of records before disposal, with authorization by designated staff.

4.3 Secure Disposal Practices

  • Shredding or incinerating paper records.
  • Overwriting or physically destroying CDs, DVDs, hard disks, and other electronic storage media.
  • Caution against selling or donating second-hand computers to prevent information recovery.
  • Maintenance of a register detailing destroyed healthcare records for accountability.

4.4 Destruction of Personal Information

Practices must consciously consider:

  • Caution when outsourcing services to destroy hard copy or electronic data to ensure POPIA compliance.
  • Ensuring practices take control of the manner in which personal information is disposed of, mitigating potential risks.
  • Scrutiny of actions taken to destroy or delete personal information, preventing reconstruction in an intelligible form.

4.5 Rights of Data Subjects

Under specific conditions, data subjects have the right to request the deletion of personal data when:

  • No longer needed for the original purpose.
  • Consent is withdrawn.
  • No relevant legitimate interest exists in continued processing.
  • Personal data has been processed illegally.
  • Destruction is required by law.

The following table serves as a guide to facilitate the decision-making of retention periods for the types of information. The data subject is the original source of, and the subject of the information, and thus also owns it.


Data Subject Type of Information Retention Period
Company/practice information Agendas of Board meetings Indefinite period
Clients or Service Provider data All information from customers, business contacts and suppliers At least (5) years and at maximum, 7 years after termination of service as set out in applicable law
Electronic Documents Email Retain emails per data subject requirements.
Employees data PDF, word processor documents Must be based on the contents of the file
Financial Data Financial information related to and owned by "The Practice". As set out in applicable law
Job seekers data Personnel records (attendance records, application forms, job or status change records, evaluations, termination documents, test results, training, qualification records) At least (5) years and a maximum of (7) years after termination of service contract
CV, cover letter, qualifications, work history, references A maximum of 6 months, after which the job seeker must give permission again
Patient health / medical records Clinical notes, diagnostic reports, imaging, laboratory results. Preferably indefinitely, but a minimum of 6 years from the date of dormancy (See section 4: Retention Schedule and Medical Records above for details and exceptions).

By law, all information stored under this policy must be non-encrypted. Encryption and decryption keys must be kept secure for as long as the information is retained.


4.6 ROLES AND RESPONSIBILITIES

Employees Must:

  • Ensure the proper destruction of all patient and business-related information held by 'The Practice' in accordance with this policy.
  • Hand over incorrect or unnecessary data retention devices (HARD DISK, FLASH, CD, etc.) to the IT Department for safe destruction.
  • Regularly backup all sensitive information.

Heads of Departments and Information Asset Owners:

  • Hold overall responsibility for managing records and data within their department.
  • Ensure records and data are managed in accordance with this policy.
  • Collaborate with the appointed information officer in data retention processes and records management.

IT Department:

  • Take responsibility for archiving, destroying information, and sanitizing hardware and software.
  • Destroy any hardware capable of storing sensitive patient health information using secure methods such as shredding or incineration.
  • Solely authorize the disposal of IT equipment, personally accepting and approving such assets.
  • Confirm the successful deletion and destruction of each asset in all cases.

Prohibited Activities for Employees:

  • Dispose of “The Practice” patients and business-related information by throwing it in the trash.
  • Discard “The Practice” patients, client, and business-related information anywhere other than “The Practice” business premises.
  • Use a memory device (FLASH) containing “The Practice” patients and business-related information.
  • Open and/or reuse a flash disk, hard drive, or CD-ROM for personal reasons, initially containing “The Practice” patients and business-related information.
  • Donate or sell any mobile, portable, wireless device capable of retaining sensitive information issued by “The Practice”.

Employees Must:

  • Destroy “The Practice” patients and business information in accordance with this policy.
  • Delete any paper-based information related to “The Practice” and its patients, clients following this policy.
  • Transmit any hard drive to the IT Department in accordance with this policy.
  • Use cloud storage (like OneDrive accounts) and file transfer technologies such as OneDrive accounts, ensuring compliance with this policy.

Heads of Departments and Information Asset Owners:

  • Responsible for managing records and data within their department, ensuring compliance with this policy.
  • Collaborate with the information officer in data retention processes and records management.

IT Department:

  • Responsible for archiving, destroying information, and sanitizing hardware and software.
  • Exclusive authority over the disposal of IT equipment, personally accepting and approving such assets.
  • Confirmation of the successful deletion and destruction of each asset in all cases.

5 POLICY COMPLIANCE

5.1 COMPLIANCE MEASUREMENT

  • The Information Security team will verify policy compliance through methods such as video monitoring, business tool reports, internal and external audits, and feedback to the policy owner.

5.2 EXCEPTIONS

  • In the event that an exception to this policy is deemed necessary, employees must seek advance approval from the Chief Information Officer, providing a detailed justification for the exception.

5.3 NON-COMPLIANCE

  • Employees found engaging in prohibited activities, such as discarding patient information improperly, may face severe disciplinary actions, including termination of employment.

6 RELATED STANDARDS AND POLICIES

  • Acceptable Internet use Policy
  • Email Policy
  • Incident response Policy
  • Notice of Security Incident Policy
  • Mobile and Portable Devices Policy
  • Monitoring Policy
  • Physical Security Policy
  • Access to Information Policy

7 POLICY CHAMPION

Contact details of the administrator responsible for this policy:

  • Name: Rephaim Mpofu
  • Position: Information Officer
  • Tel: 087 153 2300
  • E-mail: rephaim.mpofu@medconnex.co.za

bottom of page