Skip to content

HPCSA POPIA Manual

The Bill of Rights under the Constitution of the Republic of South Africa, 1996 gives everyone the right to privacy, which includes the right not to have the privacy of their communications infringed. The Protection of Personal Information Act 2013 (POPIA) gives effect to the constitutional right to privacy.

The Promotion of Access to Information Act, 2000, as amended, (PAIA) gives third parties the right to approach public bodies to request information held by them, which is required in the exercise and/or protection of any rights. On request, the public body is obliged to release such information unless the Act expressly states that the records containing such information may or must not be released. 

In compliance with POPIA, the Health Professions Council of South (HPCSA) has developed and published a manual dated 3 March 2021 (PAAI and POPIA Manual) with a view to inform its users of the way it processes their personal information.

Practitioners’ attention is drawn to paragraph 9 of the PAIA and POPIA Manual regarding the processing of their personal information; categories of recipients for processing of their personal information; actual or planned trans-border flows of personal information; and general description of information security measures.

Excerpt of HPCSA POPIA Manual

9. Processing of Personal Information:

9.1 Purpose of Processing

The HPCSA uses the Personal Information under its care in the following ways:

  • Administration of the register for Registered Practitioners
  • Managing the Continuing Professional Development (“CPD”) database of practitioners;
  • Staff administration;
  • Keeping of accounts and records;
  • Complying with tax laws and other applicable laws; and
  • Any other relevant administrative purposes in terms of any other law, code or standard.

9.2 Categories of Data Subjects and their Personal Information

HPCSA may possess or possesses records relating to clients/practitioners, suppliers, council and board members, contractors, service providers, members of the public who lodged complaints against Health Practitioners and staff:

Natural PersonsNames; contact details; physical and postal addresses; date of birth; ID number; Passport number; Tax related information; nationality; gender; confidential correspondence
Juristic Persons / EntitiesNames of contact persons; Name of Legal Entity; Physical and Postal address and contact details; Financial information; Registration Number; Founding documents; Tax related information; authorised signatories, beneficiaries, ultimate beneficial owners
Contracted Service ProvidersNames of contact persons; Name of Legal Entity; Physical and Postal address and contact details; Financial information; Registration Number; Founding documents; Tax related information; authorised signatories, beneficiaries, ultimate beneficial owners
Employees / Board & Council MembersGender; Marital Status; Ethnicity; Age; Home Language, Education information; Financial Information; Employment History; ID number; Physical and Postal address; Contact details; Opinions, Criminal behaviour; Well-being.

9.3 Categories of Recipients for Processing the Personal Information

HPCSA may supply the Personal Information to service providers who render the following services:

  • Capturing and organising of data;
  • Storing of data;
  • Sending of emails and other correspondence to stakeholders;
  • Conducting due diligence checks;
  • Administration Assistance.

9.4 Actual or Planned Trans-Border Flows of Personal Information

HPCSA may share personal information with International Regulators or Associations on an ad hoc basis and in particular for vetting purposes.

9.4 General Description of Information Security Measures

HPCSA employs up to date technology to ensure the confidentiality,

  • Firewalls
  • Virus protection software and update protocols
  • Secure access control;
  • Secure setup of hardware and software making up the IT infrastructure;
  • Outsourced Service Providers who process Personal Information on behalf of
  • Council are contracted to implement security controls.
  • Non-Disclosure Agreement

Click here to view the full HPCSA POPIA Manual.

Last Updated on 15 June 2023 by HPCSA Corporate Affairs