Register here

If you are interested, please complete our registration form.

We will follow your registration with an invoice and confirmation of your registration.

For information about how we use and protect your Personal Information, see our Section 18 POPIA Privacy Notification.

Click here to register

Remember: POPIA training and awareness for staff members is not an option, it is a legal requirement.

 

Where & When?

Seminar 1: POPIA, PAIA & Cybersecurity Compliance Seminar for Medical Practice Administrators

On request

 

Seminar Objectives

This comprehensive seminar is designed specifically for medical practice administrators, practice managers, Information Officers, and compliance personnel in South African healthcare settings. It provides practical, actionable guidance on achieving and maintaining full compliance with the Protection of Personal Information Act (POPIA), the Promotion of Access to Information Act (PAIA), and essential cybersecurity standards, while addressing the unique challenges of handling sensitive health information.The seminar focuses on real-world application in medical practices, including patient-facing processes, record management, data sharing, breach response, and risk mitigation. Delegates will receive templates, checklists, policies, and a comprehensive POPIA Compliance Office Handbook (which they will be required to review and sign during the session) to support immediate implementation.

Seminar Topics

  1. Introduction to POPIA, PAIA, and Cybersecurity in Healthcare
    • Overview of key legislation and their interplay in medical practices.
    • Key terms, definitions, and concepts (e.g., personal information, special personal information, responsible party, operator).
    • Key roles (Information Officer, Deputy Information Officer, staff responsibilities).
    • Business activities in medical practices most impacted by POPIA compliance requirements.
  2. Patient Scheduling and Registration Procedures
    • Lawful collection of personal information directly from the data subject (patient) — exemptions and exceptions.
    • Determining the practice’s legal basis for collecting and processing personal information (e.g., consent, necessity for treatment, legal obligation).
    • Developing and maintaining a Section 17 Record of Processing Activities (register) tailored to healthcare operations.
    • When and how to provide Section 18 privacy notifications to patients.
    • Drafting POPIA-compliant patient information sheets, terms and conditions, and payment policies.
    • Consent requirements: When is it needed? When can it be relied upon? Practical implementation and documentation.
    • Practical examples of non-compliant practices and common pitfalls.
    • Actionable advice, checklists, and supporting documentation templates.
  3. Information Security and POPIA Compliance
    • Core POPIA security safeguards (Section 19) and accountability requirements.
    • Implementing POPIA-compliant information security measures in a medical practice environment.
    • Guideline Cybersecurity Practices for Healthcare Practices — including access controls, email security, supplier relationships, insider threats, and human error prevention.
    • Practical examples of security failures and risks specific to healthcare.
    • Actionable advice, checklists, and related documentation.
    • Introduction to the POPIA Compliance Office Handbook — comprehensive information security policies, procedures, and templates (delegates must sign acknowledgment).
  4. Sharing and Disclosure of Personal Information
    • POPIA rules on further processing, sharing, and disclosure of personal information.
    • Special rules for sharing special personal information (health data) under Sections 27 and 32 — including exemptions for healthcare providers.
    • Maintaining the Section 17 Record of Processing Activities for disclosures and third-party sharing.
    • Developing and implementing a Section 51 PAIA Manual — requirements, content, and practical steps for medical practices.
    • Practical examples of improper sharing and common errors.
    • Actionable advice, checklists, and related documentation templates.
  5. POPIA-Compliant Records Management
    • Application of POPIA conditions (e.g., purpose specification, retention limitation, security) to health record management.
    • Retention periods for medical records and secure disposal practices.
    • Integration with National Health Act and HPCSA guidelines.
    • Practical examples of non-compliant record handling.
    • Actionable advice, checklists, and related documentation.
  6. Patient Rights under POPIA and PAIA
    • Overview of general patient rights (e.g., under National Health Act).
    • Specific data subject rights under POPIA (access, correction, objection, restriction, erasure, portability).
    • Developing a Practice Procedure Handbook for handling data subject access requests (DSARs) and other rights exercises.
    • Practical examples of mishandled requests.
    • Actionable advice, checklists, and related documentation.
  7. Data Breaches and Security Compromises
    • Identifying what constitutes a reportable data breach/security compromise under POPIA (Section 22).
    • Mandatory breach notification procedures (to Information Regulator and affected data subjects).
    • Incident response planning and documentation.
    • Practical examples of breach scenarios in healthcare settings.
    • Actionable advice, checklists, breach register templates, and response protocols.

Additional Seminar Features

  • Real-world case studies and scenarios drawn from South African healthcare contexts.
  • Emphasis on practical implementation to reduce risk of fines, complaints, or reputational damage.
  • Q&A sessions and interactive discussions.
  • Take-home resources: Updated templates, policies, checklists, and the signed POPIA Compliance Office Handbook.

This seminar ensures medical practice administrators are equipped to lead compliance efforts, protect patient confidentiality, and demonstrate accountability in an increasingly regulated environment. Ideal for those responsible for operational compliance, risk management, and staff training in POPIA, PAIA, and cybersecurity.

 

What’s included in this POPIA Training Seminar?

The following is included in our POPIA training seminar:

  • a Copy of our comprehensive manual and presentation covering information protection legislation, regulations and ethical rules.
  • POPIA-compliant forms, sheets, and policies.
  • Attendance certificate.
  • Refreshments and lunch.

 

Who should attend?

All employees

 

Cost

R2150.00 per delegate (plus 15% VAT)