Unity Health’s measures to comply with POPI
In order to comply with the POPI Act, we have introduced numerous changes in the way we handle all our stakeholder’s personal information.
As a stakeholder and to meaningfully assist our members, please take note of the following measures that will be implemented:
-
- Our company policies and procedures have been updated to include the POPI Act and its requirements. These policies outline how personal information is secured, recorded, processed, shared, retained, used and destructed as well as who is entitled to the information.
- All processes were reviewed and updated to comply with the POPIA requirement.
- All administrative forms (including the policy document) have been updated to ensure they include the relevant POPI declarations.
- All IT security measures were reviewed to ensure all platforms are adequately protected and unauthorised access is prohibited.
- Our administration system was updated to password-protect documents containing personal information. Examples include membership certificates, broker commission statements and provider/member remittances. To access these documents the receiver will be required to enter a password as per the instruction in the email. For example, a broker code or an ID number for members.
- For bulk submissions, an SFTP site was created between stakeholders to securely share information.
- If SFTP cannot be used, documents containing personal information, shared via email will always be password protected. No password will be shared in the same or follow up email. A password will be shared via a different platform.
- Where the above cannot be followed, the email will be encrypted.
- Documents containing health information will be password protected.
- All call recordings stored on our server are secure and access controlled.
- Training was provided to all staff to ensure they comply with POPI requirements.
- Various checks are in place to ensure data quality is of a high standard. Before year-end renewals, campaigns are conducted to allow members to update their personal information. This ensures our data are updated and correct.