1. Trust underpins the relationship between the staff on the hand, and clients on the other. A breach of confidentiality or even the perception of a potential breach may have a detrimental impact on client financial health clients may then not disclose all relevant information or may not follow the instructions of professional. This policy is adopted to protect the rights of clients, as well as the information that is confidential and/or proprietary to the Company.

2. This policy binds all employees, irrespective of the terms and duration of their contracts, including all independent contractors and sub-contractors (including persons who manage the firm’s billing, IT, suppliers, etc); and all professionals working in the Company and who, in the course and scope of their work, may require client / Company information.

3. As a matter of principle, no “client information” or “Company Information” may be disclosed unless authorized in terms of this policy.

3.1 Where reference is made to “client information”, the protected information includes, amongst others

3.1.1 Whether someone is, or is not a client, or related person to a client, in the Company

3.1.2 Any billing information or any financial information pertaining to the client or any payor.

3.1.3 The client or any related person’s name, address, identity number or any biographical information (gender, race, etc) and any other personal information whatsoever.

3.1.4 Communications from and to clients / clients or any related person.

3.2 Where reference is made to “Company Information”, the protected information includes, amongst others

3.2.1 All personal details of all staff, excluding their names, titles, professional status and registration numbers, the Company code number and the Company’s address and contact details, which is not confidential, as clients and the public should have access to those details.

3.2.2 All firm suppliers of services and/or goods, contracts, arrangements and all systems.

3.2.3 All firm financial information, except the fee structure of the firm which is not confidential and should be accessible to clients and others.

3.2.4 The Company’s way of doing business or way of working.

3.2.5 The Company’s policies, notices, notes and all communications not intended for client or public consumption.

4. All the contracts or engagements entered into, this policy serves as an addendum to these agreements or arrangements and for employees, it is a codification of their duty to preserve confidentiality on all aspects relating to their employment.

5. Employees, contractors, and other professionals have the responsibility to ensure that all information relating to individual clients, groups of clients or other employees are held in the strictest confidence, as well as all Company information.

6. The information covered in this policy includes -

6.1 All written and verbal information, irrespective of the way it was stored, i.e. hard copy, electronic or in any other form.

6.2 Information that falls within and outside of the person’s scope of duties.

6.3 Information that accidentally comes to the knowledge of the person.

6.4 All personal, identifiable and de-identified / anonymous unlinked information.

7. Employees, contractors and must adhere to the strictest standards of confidentiality protection and must take due care in handling information relating to others. These mechanisms include -

7.1 Placing information, such as client files, the appointment book, etc. under lock and key when not in use, and taking care that there is no instance where such information may be accidentally viewed by any other person.

7.2 Ensuring that all computers and software programmes used, are password protected and access to databases, registries and the like are limited.

7.3 Adhering to timeous and appropriate filing procedures – no document should remain on a desk or in a filing tray, or in an email inbox after it has been dealt with;

7.4 Not using social media (Twitter X, Facebook, Instagram, Pinterest, etc) at all in relation to Company, client, or employment matters, the only exception being, when applicable social media accounts run officially by a designated person by the Company.

7.5 On email: double-checking that email address is correct; not necessarily copying persons in emails (carefully consider the “reply-all” function); ensure that clients have agreed to email unless sanctioned by the relevant healthcare professional; etc. all emails must have an email disclaimed at the bottom. Employees may not use the Company’s email system to pass on materials or information (including jokes, etc) that may be offensive to others, or that are politically or otherwise sensitive.

8. Unless stipulated otherwise in another law, or required to be dealt with in a particular manner (duration, manner and place of retention, etc):

8.1 All information shall be retained for at least 5 (five) years. This includes invoices and billing information, bank statements, and supplies, etc.

8.2 Client information (client files, appointment books, client communication) must be kept for 7 (seven) years.

8.3 Employee information (contracts, banking details, copy of identity document, IRP5s, etc) is kept until 5 (five) years after the person’s last day of employment.

8.4 Employees who are certain as to the retention policy in relation to any specific document, should approach the Managing Director, to obtain certainty.

9. Company and client information are archived on our private cloud information management system.

10. Destruction of information shall only take place in accordance with the destruction policy after the duration of the retention period had expired.

11. All requests to access information must be handled by the Information Officer, Nhlanhla Leshaba, in terms of the Access of Information Act of 2000. A specific form must be completed to access information. Where the client consents to a third party (e.g. a human resource manager at their workplace, an insurance company) accessing specified information from a specified period and for a purpose, a written consent form must be signed, and a copy placed in the clients’ file.

12. Violations of this policy, including negligent or unintentional breaches of confidentiality, may lead to either one of all the following sanctions being imposed:

12.1 Disciplinary action against an employee, which may result in a variety of sanctions, including dismissal.

12.2 Termination of a relevant service or any contract.

12.3 Legal action, including to recover losses sustained as a result of the breach.

12.4 Reporting the conduct to a relevant professional body or other entity with jurisdiction.