Seminar 4: POPIA Compliance Mastery: The Role, Duties, and Responsibilities of the Information Officer and Deputy Information Officer in Healthcare Practices

Seminar Overview

This advanced, sector-specific seminar provides healthcare practice owners, managers, appointed Information Officers (IOs), Deputy Information Officers (DIOs), and compliance personnel with a thorough understanding of their statutory obligations under the Protection of Personal Information Act 4 of 2013 (POPIA), read together with the Promotion of Access to Information Act 2 of 2000 (PAIA). Tailored to the unique context of medical practices in South Africa — where special personal information (health data) is processed daily — the session equips participants to lead effective compliance programs, mitigate risks, and demonstrate accountability during regulatory scrutiny (e.g., Information Regulator audits, OHSC inspections, or HPCSA-related matters).

Date: Sandton – Thursday, 21 May 2026; Pretoria – Friday, 22 May 2026
Format: Live In-Person – Seminar
Duration: Full day (approximately 6–7 hours, including breaks)
Accreditation: [e.g., 6 HPCSA ethical CPD points – confirm based on provider status]
Target Audience: Practice principals, practice managers, appointed IOs/DIOs, compliance officers, and senior administrative staff in medical, dental, allied health, and related healthcare practices.

Learning Objectives

By the end of the seminar, participants will be able to:

• Understand the legal appointment, registration, and authorisation process for IOs and DIOs in healthcare settings.
• Identify and fulfil the core statutory duties under Section 55 of POPIA and Regulation 4 of the POPIA Regulations.
• Develop, implement, and maintain a robust POPIA compliance framework tailored to medical practices.
• Handle requests for access to records, security compromise notifications, and cross-border data flows.
• Conduct personal information impact assessments (PIIAs) and internal awareness training.
• Manage accountability, delegation, and reporting obligations while protecting patient confidentiality and aligning with HPCSA ethical guidelines.
• Prepare for and respond to Information Regulator enquiries, complaints, or enforcement actions.

Seminar Agenda

Section 1: Introduction to POPIA in Healthcare (30 min)

• Overview of POPIA and PAIA interplay.
• Why healthcare practices are high-risk (special personal information – health data).
• Exemptions and obligations for medical professionals (Section 26(2) & Section 32).
• Accountability principle and personal liability risks.

Section 2: Appointment and Registration of the Information Officer and Deputy (45 min)

• Default IO: Head of the private body (e.g., practice principal or sole practitioner).
• Authorisation of an IO (executive/management level requirement per Guidance Note).
• Designation of Deputy Information Officers.
• Registration process with the Information Regulator (E-Services Portal).
• Practical steps for healthcare practices (including group practices and multi-site setups).
• Delegation, written authorisation, and retained accountability.

Section 3: Core Duties under Section 55 of POPIA (60 min)

• Encouraging compliance with lawful processing conditions (8 conditions).
• Dealing with data subject requests (access, correction, objection – Sections 18, 24).
• Cooperating with the Regulator during investigations (Chapter 6).
• Healthcare-specific considerations (e.g., health records and harm assessments).

Section 4: Prescribed Additional Responsibilities – Regulation 4 (60 min)

• Developing, implementing, monitoring, and maintaining a compliance framework.
• Conducting personal information impact assessments (PIIA).
• Developing and maintaining a PAIA/POPIA manual (Sections 14 & 51 PAIA).
• Establishing internal systems for processing requests.
• Conducting internal awareness sessions on POPIA provisions, regulations, and codes.
• Providing manuals upon request (with prescribed fees).

Section 5: Practical Compliance in Healthcare Practices (90 min)

• Risk areas: Patient registration, electronic communications (email/WhatsApp/SMS), record management, telehealth, billing/medical scheme interactions.
• Security safeguards, breach notification (Section 22), and incident response.
• Consent management, operator agreements, and cross-border transfers.
• Integration with HPCSA ethical rules (confidentiality, patient rights) and National Health Act.
• Tools and templates for immediate use.

Section 6: Reporting, Monitoring, and Enforcement (45 min)

• Annual reporting obligations (PAIA Section 32 for public bodies; Regulator requests for private).
• Handling complaints, security compromises, and Regulator requests.
• Preparing for assessments, audits, and enforcement.
• Case studies from healthcare contexts.

Section 7: Building a Culture of Compliance (45 min)

• Training staff and raising awareness.
• Policies, procedures, and checklists.
• Monitoring ongoing adherence and continuous improvement.

Section 8: Q&A, Toolkit Handover, and Action Planning (60 min)

• Open discussion and scenario-based problem-solving.
• Distribution of updated 2026 POPIA Compliance Toolkit (templates, checklists, frameworks, sample policies, registration guides).
• Personalised action plan for participants to implement in their practices.

Key Takeaways & Resources

• Comprehensive seminar notes and slides.
• Updated 2026 POPIA Compliance Management Framework Toolkit — including:
  • IO/DIO appointment and registration templates.
  • Compliance framework checklist.
  • PIIA template.
  • Breach notification procedure.
  • Awareness session outline.
  • PAIA manual guidance.
• Certificate of attendance (with CPD points if accredited).
• Post-seminar support: Access to recording (if virtual) and Q&A follow-up.

This seminar empowers healthcare leaders to transform POPIA obligations from a regulatory burden into a strategic advantage — enhancing patient trust, reducing breach risks, and ensuring defensible compliance in an increasingly enforced environment.

Registration:

Limited seats available. Contact marais@assentcompliance.co.za or reply to this invitation to secure your place. Early registration recommended.We look forward to supporting your practice in achieving POPIA mastery.