The purpose of this policy is to ensure that confidentiality of private health information is maintained for all eHR™.ZA's users, and to provide eHR™.ZA's users with notice of ELECTRONIC PATIENT RECORDS (PTY) LTD's information practices.
- EPR is Electronic Patient Records (Proprietary) Limited, (Registration Number 2002/000009/07), a company duly registered and incorporated according to the company laws of the Republic of South Africa.
- User means any individual who has enrolled and wishes to have or has a record of information about his own personal medical encounters held at EPR's web site.
- User-Practitioner means a medical practitioner, registered by the Health Professionals Council of South Africa, who has enrolled at EPR and wishes to store and retrieve electronic patient records at EPR's web site, or his/her nominee.
- Private health information means any information that is created or received by EPR, which identifies an individual and relates to the past, present or future physical or mental health or condition of that individual.
- Eligibility Information means information, whether written or oral, which describes a user or a user's eligibility for past or future medical services and the extent to which those services may or may not be covered under the user's medical aid, managed healthcare, health insurance or public healthcare plan. Eligibility information does not include Protected Health Information.
- Electronic Patient Records (Pty) Ltd shall not disclose any Private health information about a user collected or received in connection with any medical encounter unless the disclosure is expressly permitted by the user or required by law, and is:
- To the user or the user's legal representative or guardian, upon presentation to EPR of a valid Identity document or User Identification number and password; or
- With the written authorization of the user, or the user's legal representative or guardian, provided the authorization is:
- Signed by the user or the user's legal guardian; and
- Obtained one (1) year or less prior to the date a disclosure is sought; or
- To a medical care institution or medical professional for the purpose of:
- Reviewing the patient record and Recording a medical intervention with the patient's express approval.
- Verifying coverage or benefits;
- Informing an individual of a medical problem of which the individual may not be aware; or
- Conducting an operations or services audit to verify the users treated by the medical professional or at the medical care institution; provided only such information is disclosed as is reasonably necessary to accomplish the foregoing purposes; or
- To an insurance institution, health care organization, or self-insurer, provided the information disclosed is limited to that which is reasonably necessary:
- To detect or prevent criminal activity, fraud, material misrepresentation or material nondisclosure in connection with insurance transactions; or
- For either the disclosing or receiving entity to perform its function in connection with an insurance transaction involving the user; or
- To an insurance or healthcare regulatory authority; or
- To a law enforcement or other governmental authority:
- To protect the interests of EPR in preventing or prosecuting the perpetration of fraud upon it; or
- If EPR reasonably believes that illegal activities have been conducted by the user; or
- Made for the purpose of conducting actuarial or research studies, provided:
- No user may be identified in any actuarial or research report;
- Materials allowing the user to be identified are returned or destroyed as soon as they are no longer needed; and
- The actuarial or research organization agrees not to disclose the information unless the disclosure would otherwise be permitted by this section if made by an insurance institution, agent or insurance support organization; or
- To an internal or external professional peer review organization for the purpose of reviewing the service or conduct of a medical care institution or provider; or
- To a governmental authority for the purpose of determining the user's eligibility for health benefits for which the governmental authority may be liable; or
- In response to a facially valid administrative or judicial order, including a search warrant or subpoena; or
- To a health maintenance organization, health plan, or insurer, when EPR is acting as a subcontractor to that organization, with the users express permission, pursuant to his/her enrollment in that organization. In that circumstance, all Private health information maintained by EPR by virtue of the contract with the organization will be made available to the organization; or
- Otherwise permitted or required by law.
- In addition to those circumstances described in Section III(A), Eligibility Information will be provided in the following circumstances where permitted or required by law:
- To a user-medical practitioner, doctor, a user, a user's current spouse, a user's eligible dependent, or the legal guardian of an eligible dependent, upon presentation to EPR of a user's valid identification number and password or biometric identification;
- To a person who accesses the EPR Interactive system or Internet web page (www.ehr.co.za) and provides a valid identification number and password or biometric identification.
V. Confidentiality and Security
- All EPR employees, upon employment, agree to abide by EPR's policy and procedure of "Confidentiality of Information" which details the importance of confidentiality of medical records, personal information, medical funder information, insurance claims and other materials. The consequences of violating this policy include disciplinary action up to and including dismissal from employment.
- User-Medical Practitioners and Users of EPR agree to and accept a Confidentiality Statement.
- Any patient specific information or medical record will be considered confidential and will be shared only with those parties who have the authority to receive such information, as provided for in Section II, above.
- If disclosure is required through a court order or subpoena, the order or subpoena will first be reviewed by the EPR Legal Department to determine the legitimacy of the order, the purpose for the disclosure, and limitations on the information disclosed.
- All patient specific medical information will be stored for the appropriate length of time as required by legal statutes and company policy, in files that are secure and made accessible only for the purposes stated above.
- System stored patient specific medical and personal information will be protected through system security measures designed to protect against access by unauthorized staff. Additionally, EPR is monitoring the status of proposed regulations pursuant to the Electronic Communications and Transactions Bill, and will implement such security measures mandated by the final regulations. EPR monitors world best practices and applies them where appropriate. EPR currently employs industry standard system security measures to protect electronically stored and transmitted information.
- EPR's terms and condition of use states that user-practitioners agree that they shall maintain the integrity and confidentiality of Private health information in the electronic patient record against loss, defacement, tampering or use by unauthorized persons. The user-practitioner shall maintain a policy of confidentiality regarding patient medical record information.
- If EPR becomes aware of a confidentiality violation by a user-practitioner, either through an on-site visit or through a complaint/grievance, the EPR Quality Assurance Committee and EPR Management will determine the proper steps needed to restore confidentiality. Human Resource Procedures will be invoked if the violation was perpetrated through an EPR employee.
- This policy shall be provided to any user, body, group, administrator, user-practitioner or individual upon request.
EPR respects the privacy of its Web site users. Simply visiting the EPR Web site collects no personal information whatsoever. Information collected and distributed is done so under strict access control and is logged against the user accessing the information.
EPR users who enter personal information should know that all communication between your computer and EPR's Web servers is encrypted using secured server technology (SSL). EPR's secure server software is the industry standard and among the best software available today for secure transactions.
VI. Personal information
All features are linked directly to your personal information. We want to make sure we're providing information services to the right person.
At EPR, we understand the privacy concerns surrounding one's Identification Number and or biometric fingerprint/password. Identification Numbers/passwords are routinely used for patient identification in health care systems. Rest assured your Identification Number and biometric fingerprint will only be used to verify your access. EPR does not and will not release Identification Numbers and/or biometric fingerprints to ANY unauthorized individuals.
- Server Logs
Server log files are analyzed for purposes of optimising performance and assessing site usage. Summary site statistics are compiled regularly and the original server logs deleted at that time. These statistics are for internal use only and are not disseminated in any way other than in general terms (i.e., total number of visitors, most used areas of the site) in reports to our funders. Individual IP addresses are not used in any way other than to count a "unique visit" to the site. Navigation paths and individual "user sessions" are not saved or analyzed.
This policy is effective 3 September 2002. EPR reserves the right to modify this policy by notifying users of the existence of a new privacy statement. This statement and the policies outlined are not intended to and do not create any contractual or other legal rights in or on behalf of any party.
This site may contain facts, views, opinions, statements, and recommendations of third party individuals, writers, advertisers and organizations. EPR does not represent or endorse the views, accuracy or reliability of any advice, opinion, statement, product or service displayed or distributed on this web site. You acknowledge that any reliance upon such opinion, advice, statement or information shall be at your sole risk and discretion. The information supplied by EPR is for recording purposes only and should not be treated as medical advice. Nothing contained eHR™.ZA is intended to be for medical diagnosis or treatment or a substitute for consultation with a qualified healthcare professional. In no event will EPR, its affiliates, partners, agents, or contractors be liable to you for any damages or losses resulting from or caused by EPR, eHR™.ZA or its services, including use of the message boards and communication forums/chat rooms, email, web pages, content (including articles, stories, news) or any errors or omissions in its content, even if advised of the possibility of such damages.
EPR respects the copyrights of contributing writers and authors and other content providers. It is illegal to reprint articles in any format, online or offline, without explicit written permission from the author or content provider. EPR is not responsible for any third party use or misuse, including violation of copyright laws, of contributed content, nor is it responsible for the posting of copyrighted material to community message boards or web pages or any other violations of our terms of service.