Understanding patient rights and data protection in South Africa

The legal requirements for data protection tend to change from country to country. The South African government primarily consulted Germany and the UK when establishing the POPI Act, which was partially brought into force in 2014. As a result, South Africa’s data protection rules closely follow the EU’s GDPR (General Data Protection Regulation), which is due to be enforced across the EU as of May 25, 2018.

Much of the rest of the world have had data protection laws (like POPI) for 15 years or so. We are only now getting an umbrella data protection law, but many organisations in South Africa have been protecting personal information in any case, because it is the right thing to do, not because they were required by law to do it.

Under the POPI Act, consumers will have the right to:

• Know when and how providers share personal information;
• The type and extent of data they share;
• How their data is used (and to be notified if the data is compromised);
• How and where their data is stored; and who can access it;
• Consumers also have the right to have their personal data destroyed.

The digital health industry comprising of mobile applications for smartphones and tablets, electronic health records, online platforms, digital devices and the like is an area that has gained exponential growth over recent years. There is a variety of legislation that can apply to these digital innovations at any one time which includes the Consumer Protection Act 68 of 2008 (“CPA”), the Electronic Communications and Transactions Act 25 of 2002 (ECTA), the Copyright Act 98 of 1978, and the Protection of Personal Information Act 4 of 2013 (“POPI”).

Various litigation issues pertaining to the protection of data can be pursued as demonstrated in the recent Allscripts Ransomware Attack lawsuit or the 21st Century Oncology data breach where not enough focus was placed on protection against hackers. A recent report suggests that healthcare cybersecurity spending will exceed $65B over the next 5 years because of this.

One should always be aware of all the relevant legal requirements and Acts in each country associated with the development and implementation of a digital technology before investing time and capital in a venture that may not be legally feasible. It is, therefore, advisable that one seeks legal advice first.

Learn more about our digital health legal services
We offer various services relating to e-health and medical law both in South Africa and globally to all stakeholders including patients, healthcare providers, pharmaceutical companies, startup and tech companies. Malcolm Lyons and Brivik specialise in medical law, personal injury law, labour and road accident claims and have been recognised as leading attorneys in South Africa since 1965.

Contact our offices below for further information
0861 MLB INC
Johannesburg Office
+27(0) 011 268 6697
Cape Town Office
+27(0) 21 425-5570