menu-hamburger-svgrepo-com

The pitfalls of consent as a legal ground for processing personal information

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

There are five lawful grounds for the processing of personal information that is relevant for healthcare practices, namely:

1. Is the processing necessary for the conclusion or performance of a contract? The practice can process personal information if the processing is required to conclude and perform a contract to which the data subject is a party.

2. Is the processing necessary for compliance with legislation? The responsible person can process personal information if the processing complies with an obligation imposed by law on the responsible party. There is a lot of healthcare legislation, so the practice must process information to comply with these acts or ethical rules of the HPCSA.

3. Are you protecting the legitimate interest of the data subject? The practice can process personal information if the processing protects a legitimate interest of the data subject.

4. Are you pursuing a legitimate interest of your practice or a third party? The practice can process personal information if the processing is necessary for pursuing the legitimate interests of the practice or of a third party to whom the information is supplied.

5. Do you have the consent of the data subject? The practice can process personal information if the data subject or a competent person, where the data subject is a child, consents to the processing.

The requirements of consent 

The definition of consent in the POPIA requires three elements that need to be present for the practice to rely on the consent of the data subject as a legal ground for processing personal information:  

  • It must be voluntary 
  • It must be specific 
  • It must be informed. 

The pitfalls of consent as a lawful ground for the processing 

There is a real risk for the healthcare practice that these three elements that establish legal consent can be lacking. The practise needs to consider the following facts before choosing to rely on consent as a legal ground for processing information:  

1. Voluntary: In some European countries, the courts are now finding that for example, employee consents are not voluntary, as employees are not on the same bargaining level as the employer. If any processing based on consent lacks the voluntary element, processing will be deemed illegal

2. Specific: Consent can never be open-ended. The processing and processing purpose must be clearly defined. General consent is not good enough to fulfil the requirement of specific consent. Consent needs to deal with the ‘what, why, how, where’ and in each instance, whether the information will be given to anyone else

3. Informed: The practice must be able to prove that the data subject understood how his or her personal information would be processed.

4. The burden of proof: The practice bears the burden of proof that the data subject gave voluntary, specific and informed consent to processing personal information

5. Withdrawal of consent: The data subject can withdraw their consent at any time, whereafter the practice may not process the information anymore. This can lead to unworkable situations.

Due to these pitfalls of consent, consent should be the last resort for processing personal information. The best solution is to assess which information is processed, choose one of the other grounds for the processing, and then communicate to data subjects what the basis for processing is. Communication can be through a website, your patient and employee forms or policy documents in your practice. 

Kobus WolvaardtCEO and development strategist of GoodX Sagteware 

 

Welcome to Medical Academic​

Get the most out of Medical Academic by telling us your occupation. This helps us create more great content for you and the community.

idea

1000’s of Clinical and CPD content compiled by Key Opinion Leaders and our expert medical editors.

connection

Access to medical webinars and events

Group 193

Access medical journals from industry leaders and expert medical editorials.

Congratulations! Your account was successfully created.

Please check your email for an activation mail. Click the activation link to activate your account

Stay up to date

Search for anything across CPD, webinars and journals
idea

1000’s of Clinical and CPD content compiled by Key Opinion Leaders and our expert medical editors.

connection

Access to medical webinars and events

Group 193

Access medical journals from industry leaders and expert medical editorials.

Congratulations! You have successfully booked your seat.

All webinar details will be emailed to your email address.

Did you know, you can book future webinars with a single click if you register an account with Medical Academic.

Congratulations! Your account was successfully created.

Your webinar seat has been booked and all webinar details will be emailed to your registered email address

Why not register for Medical Academic while booking your seat for this webinar?

Future Medical Academic webinars can be booked with a single click, all with a Medical Academic account… and it’s FREE.

Book webinar & create your account

* (Required)

idea

1000’s of Clinical and CPD content compiled by Key Opinion Leaders and our expert medical editors.

connection

Access to medical webinars and events

Group 193

Access medical journals from industry leaders and expert medical editorials.

Congratulations! Your account was successfully created.

Thank you for registering. You can now log in to your account.

Create your account

* (Required)

Login with One Time Pin (OTP)

Enter your registered email address to receive an OTP

A verification code will be sent to your email address. Please ensure that admin@medicalacademic.co.za is on your safe sender list.

We've sent your OTP