Netcare Digital privacy policy


    This Privacy Policy applies to the Netcare Group of Companies (“Netcare”, “Medicross”, “Netcare 911”, “Netcare Hospitals”, “NetcarePlus” companies, “Primecure”, “Akeso” or “Netcare Education”).

    Netcare acknowledges the rights of privacy and dignity of all persons. This includes the right to protection of personal information. In compiling this policy, the statutory framework contained in the laws of South Africa, particularly the Bill of Rights and various other pieces of legislation applicable to healthcare, was given due consideration.

    Our Privacy Policy governs the way we, at Netcare, treat and deal or process your personal information. We respect your privacy and undertake to treat your personal information as confidential. Our Privacy Policy explains how we use, collect and share your personal information. We undertake to ensure that all personal information will be protected from unauthorised access, loss or damage and respected as confidential by all staff members, contractors, volunteers or learners, and in the unfortunate event that your information is compromised; we will follow the process outlined in the Protection of Personal Information Act.

    If you do not agree to the terms of this Privacy Policy, you may choose not to use any Netcare website, and/or products and services and not submit any personal information.


    Personal information means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:

    1. information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;

    2. information relating to the education or the medical, financial, criminal or employment history of the person;

    3. any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;

    4. the biometric information of the person;

    5. the personal opinions, views or preferences of the person;

    6. correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;

    7. the views or opinions of another individual about the person;

    8. shall include patient information; and

    9. the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.

      Personal information will be collected from you directly or from a healthcare professional that is providing medical treatment to you. This may be done during the admission, stay in facility and/or any other interactions. Where the law requires that information regarding certain diseases be notified to the authorities Netcare will do so without delay. We may also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal information but is not considered personal information in law as this information does not, directly or indirectly, reveal your identity.


    The following principles will be adhered to and considered when dealing with patient rights.

    1. It is important to recognise for each process or decision that the following is considered before release of information.

      1. Does it justify the purpose?

      2. Is the minimum patient identifiable detail disclosed?

      3. Access to information is on a strict need-to-know basis only.

      4. Everyone working with patient information understands his/her responsibilities in this regard.

      5. Compliance with the law is not negotiable.

    2. Right to refuse or permit the sharing of information - Netcare abides by the provisions of the National Health Act 61 of 2003 as well as the Patient Rights Charter, both of

      which grant a patient full participation in his/her health care management, including how to deal with or treat patient information.

    3. Providing names of patients to clergy may only be done with the explicit written consent of the patient and in line with the reception policy dealing with this topic. You will be asked to consent to being placed on this list.

    4. Sharing with Managed Care and authorised Third Parties - In accordance with medical aid membership, a hospital/ health care worker is obliged to share medical information with the medical aid the member belongs to. This information may include sensitive medical information and accounting details for purposes of managed care and accounting services.

    5. Privacy within the unit - It is important that the environment within the unit gives due consideration to privacy of patients i.e., tone of voice, closure of curtains, records out of reach of general public during visiting hours, not discussing patients in corridors or public places.

    6. Patient records will be archived by the hospital as defined in the terms and conditions of the admission document. Records remain active whilst patient is in hospital. On discharge, the record is archived and shall only be made available in terms of the stipulations of the Promotion to Access of Information Act 2 of 2000.

    7. Netcare premises may have CCTV cameras in place that will record movement on common premises. Except for this, the filming and video of patients is strictly prohibited, unless consent is obtained in accordance with Netcare’s Communication procedure.

    8. Netcare may share your de-identified personal information for market, statistical, academic research and commercial purposes. We will take all reasonable measures to ensure that all data is anonymised before sharing and that all third party/parties involved abide by the strict de-identification and data protection protocols that we require.

    9. Netcare may use your data directly or via a third party for marketing purposes and/or only where you have provided consent to the relevant third party to share your personal information, but explicit opt-out functionality will be available to manage your participation in these products and service offerings.

    10. To ensure continuous improving of the care and service offering, patients may be asked to complete service experience questionnaires.

    11. Clinical research and trials are completed in accordance with legislative requirements as set out in the National Health Act 61 of 2003. All research participants shall be required to submit written consent.


    Any information collected from you may be processed for, amongst others, the following purposes:

    1. For marketing of related products or services, directly or via a third party;

    2. To provide you with products and services;

    3. To process your hospital admission;

    4. To make an online appointment;

    5. To assess your psychiatric, psychological or addictive condition;

    6. To assess any medical treatment you may require;

    7. To process your admission or any other enquiry;

    8. For statistical and research purposes;

    9. To diagnose and attend to technical issues, support and user queries, as well as to determine the optimal and fastest route for your device to use;

    10. To comply with legislative requirements;

    11. To process your application for a vacancy; or

    12. To detect, prevent or deal with actual or alleged fraud, security breach, or the abuse, misuse or unauthorised use of the website and/or contravention of this Privacy Policy.

    13. On admission proof of identity will be required from all patients.

    14. On admission proof of medical aid membership will be required from all patients who are members of medical aids.

    15. All existing personal information of patients will be updated with every subsequent visit to a Netcare Facility.


    All personal information will be archived as per regulatory requirements and our documented retention policy.


    Netcare takes the security of your personal information very seriously. Netcare recognise the vital role that information technology plays in its daily operations, and the reliance placed on information technology systems in processing personal information. Although absolute security cannot be guaranteed, Netcare will take reasonable technical and organisational measures to protect your personal information against accidental, unauthorised or intentional manipulation, loss, misuse, destruction, disclosure or access.

    We have implemented procedures to deal with any suspected data security breach and will notify you and any relevant regulator of a confirmed breach where we are legally required to do so. Netcare will not be held liable under any circumstances if such information is compromised or disclosed through conduct outside the control of Netcare.


    Netcare may disclose your personal information if (a) authorised to do so by law, (b) you have provided consent and/or (c) it is required for proper medical treatment and care.

    When Netcare shares your information with any third party, such third party will be required to respect your right to privacy and Netcare will take reasonable measures to ensure that your personal information is safeguarded. Netcare will only allow third parties to process your personal information for a specific purpose, in accordance Netcare’s instructions and applicable law.


    Netcare stores your personal information on its servers and/or on third party servers. Netcare will take reasonably practicable steps to ensure that your personal information is adequately protected wherever it is stored.


    Netcare uses Cookies to understand and save your preference for future visits to our websites. A cookie is a small piece of data sent from our website to your computer or device or internet browser where it is saved. The cookie contains information to personalise your experience on our website and applications. The cookie has the ability to identify your device, computer or smart phone. By using our website and applications you agree that cookies may be forwarded from the relevant website or application to your computer or device. We may use the cookie to enable us to know you visited our website. You have the right to choose whether or not to accept cookies. However, please note that if you do not accept our cookies, you may not access to the full functionality of our website or mobile applications.


    When you interact with any Netcare website, you will come across links to other websites and applications. Netcare is not responsible for the security of those websites, or the information that it contains. In some cases, links are provided as a value added service for information purposes only. Please remember that when you click on a link on the Netcare website and you are taken to another web page or website or application that this Privacy Policy will no longer apply. You also acknowledge that by clicking on a link, that you do so at your own risk and hold Netcare harmless against any loss or damage that may occur.


    Care Connect is a non-profit company for the purpose of developing and operating a health information exchange. The aim of this health information exchange is to maximize quality, safety and efficiency in South Africa's healthcare system through timely access to the health information exchange for the benefit of the South African healthcare industry. Your personal information as well as your health records may be exchanged (subject to your consent) with your other healthcare providers and/or your medical schemes (while complying with applicable privacy and data protection legislation) via the health information exchange operated by CareConnect.


    Netcare will, at all times, process your personal information in accordance with applicable laws and your rights are set out below:

    1. You have the right to correct your personal information if it is incorrect;

    2. You have the right to update your personal information if your details have changed;

    3. You have the right to object to the processing of your personal information;

    4. You have the right to your personal information being deleted; and

    5. You have the right to be informed if your information has been deleted.

      You acknowledge that, in some cases, Netcare may not be able to comply with your request to delete or destroy your personal information if this request conflicts with applicable law.


    1. A data subject who wishes to object to the processing of personal information in terms of section 11(3) (a) of the Act, must submit the objection to Netcare on Form 1. Netcare will, through its Information Officer(s) or Deputy Information Officer(s) provide such reasonable assistance as is necessary, free of charge, to enable the data subject to make an objection on Form 1.

    2. Request for correction or deletion of personal information or destruction or deletion of record of personal information must submit a request to the Netcare on Form 2. The information Officer(s) or Deputy Information Officer(s) will provide reasonable assistance free of charge.

    3. All requests may be forwarded to Note that Form 1 and Form 2 are available on our website.


    Where a data subject’s information has been compromised, the notification form issued by the Information Regulator will be completed as soon as possible, notifying the Regulator. This responsibility will vest with the Information Officer of the Netcare Group for all entities.


    Information Officer : Charles Vikisi (


Our Privacy policy and procedures are regularly reviewed and updated on our website. Version tracking and date of publishing is noted in the footnote of this document.