HEALTHCARE SECTOR

Objective:

This quick, high-level self-assessment helps South African medical practices evaluate their alignment with the Protection of Personal Information Act (POPIA), the Cybercrimes Act 2020, HPCSA ethical guidelines (including Booklets 4, 5, 9, 10, 16, and 19), and the international health information security standard ISO 27799.

Many practices meet basic POPIA requirements but overlook advanced safeguards.

• POPIA Section 19(3) requires responsible parties to have “due regard to generally accepted information security practices and procedures… including internationally recognised standards.”
• Furthermore, HPCSA Booklet 9 (Guidelines for Good Practice in the Keeping of Patient Records) in paragraph 6.4 specifically references ISO 27799 as the appropriate standard for securing health information.Completing this assessment will highlight gaps and show where ISO 27799-aligned controls can strengthen your practice’s compliance and patient data protection.

Instructions:

Answer each question honestly with Yes or No. Tally your “Yes” responses at the end.

The ISO 27799 Advantage

POPIA Section 19(3) mandates consideration of international standards for security safeguards. HPCSA Booklet 9 (para 6.4) explicitly recommends ISO 27799 – the global standard for health information security management. Implementing ISO 27799-aligned controls (e.g., advanced encryption, audit trails, network segregation, and disaster recovery) not only ensures clinical data integrity and availability but provides a strong legal defence in investigations.

If your assessment reveals gaps – especially in technical security (questions 13–20) – your practice may not yet meet these heightened standards.

Next Steps

Strengthen your compliance with our comprehensive POPIA + ISO 27799-aligned Compliance Management Framework. It includes policies, SOPs, registers, and checklists tailored for medical practices.