We use cookies to optimise your online experience. By continuing, you agree to our use of cookies as set out in our policy. Should you disable cookies, certain features on our website may be unavailable or limited.

Privacy Policy

  1. Introduction
    1. Medihelp respects the privacy of stakeholders and will diligently ensure that it processes their personal information and special personal information appropriately, transparently, securely and in accordance with applicable laws. For the purpose of this policy, the relevant terms are defined as follows:
      1. Personal information means any information that may be used to identify an individual, including but not limited to marital status (married, single, divorced); national origin; age; language; birth; education; financial information, which may include financial history and information; an identifying number (for example, an account number, identity number or passport number); email address; location information; physical address (for example, a residential address, work address or physical location); telephone number (including a cellular number, home landline or office work number); online identifiers such as social media profiles; biometric information (for example, fingerprints, signature or voice); race and/or gender; physical health; mental health; well-being; disability; religion; belief; conscience; culture; medical history (HIV/Aids status and any medical history disclosed or obtained); criminal history; employment history; personal views, preferences and opinions; confidential correspondence; another person’s views or opinions about an individual; and/or name.
      2. Special personal information means personal information about religious and philosophical beliefs; race (for example, when applying for a product or service where the statistical information must be recorded); ethnic origin; trade union membership; political beliefs; health (for example, when applying for an insurance policy or medical/health-related products); biometric information (for example, to verify identity); and/or criminal behaviour and alleged commission of an offence (for example, to prevent money laundering as required by law or when applying for employment or when entering into a relationship with Medihelp).
      3. Processing of information means the lawful and reasonable automated or manual activity of collecting, recording, organising, storing, updating, distributing and removing or deleting personal information to ensure that such processing is adequate, relevant and not excessive given the purpose for which it is processed.
    2. As a self-administered medical scheme, Medihelp functions within the healthcare sector and is firmly committed to complying with the Protection of Personal Information Act 4 of 2013 (POPIA). This Act requires Medihelp to inform members regarding the manner in which their personal information is used, disclosed and destroyed. It furthermore places considerable responsibility on Medihelp with regard to the manner in which it engages with its stakeholders and how personal information is processed and secured. It is essential that Medihelp has accurate and up to date information on its stakeholders in order to allow the Scheme to effectively conduct the business of a medical scheme and communicate with stakeholders.
    3. Medihelp regards communication with stakeholders as an imperative, and in the medical schemes landscape, stakeholders who receive information from Medihelp include the following:
      • Regulators such as the Council for Medical Schemes (CMS);
      • Managed care organisations contracted to manage benefits on Medihelp’s behalf;
      • Healthcare service providers;
      • Advisers, brokerages and intermediaries;
      • Advertising agencies and contracted suppliers, e.g. mailing houses;
      • Consultants;
      • Data management companies;
      • Pharmacy management systems;
      • Medical practices;
      • Members and corporate clients; and
      • Medihelp employees.
    4. Medihelp consistently aims to ensure that personal information exchange is in line with legislative requirements. In South Africa, there are numerous legislative prescriptions that have an impact on the protection, collection, usage, storage, sharing and processing of personal health information.
      The most prevalent of these include:
      • Medical Schemes Act 131 of 1998;
      • National Health Act 61 of 2003;
      • Health Professions Act 56 of 1974 and ethical guidelines of the HPCSA;
      • Consumer Protection Act 68 of 2008;
      • Electronic Communications and Transactions Act 25 of 2002;
      • Children’s Act 38 of 2005;
      • Mental Health Act 17 of 2002;
      • Constitution of the Republic of South Africa 108 of 1996; and
      • Promotion of Access to Information Act 2 of 2000.
  2. Collecting personal information
    1. Medihelp will only collect, disclose, collate, process and store (“use’) personal information at its discretion when it is necessary and with written consent, in order to manage the membership and claims processes of the member and with the intention of providing an enhanced user experience. Such use will be subject to such prevailing laws as may be applicable, to ensure that personal information remains protected and is used for the lawful and specific purpose for which it is required.
    2. In order to provide personalised services and access to data, Medihelp will track, retain and collect personal information, and will share such information in a controlled manner with authorised persons, such as healthcare professionals, to enable users to access such personal information and services as contemplated herein.
    3. Medihelp will collect and share aggregated user data with its business partners and other third parties for the purposes of developing content and ensuring relevant advertising and content, but will never use such data to identify individual users. These business partners and affiliated companies do not have any independent right to share this information, and contracts therefore include detailed non-disclosure agreements. For the purpose of this policy, aggregated user data refers to behavioural data and anonymised demographic data
    4. Any information that Medihelp collects from individuals during the process of applying for membership or from members through correspondence with us, whether via email, telephone or by written letter, will only be used to address the matters required to finalise the enrolment or relevant to the correspondence. If this requires referring such correspondence to a department within Medihelp or to a third party in order to ensure customer excellence, personal information will only be disclosed to the point necessary to address a query or concerns, and will otherwise be kept confidential.
  3. Using the information collected
    1. Medihelp uses information for several general purposes, including the following:
      • To fulfil requests for certain products and services;
      • To send customised, targeted and relevant information;
      • To personalise an experience on the Medihelp websites and digital platforms;
      • To provide a stakeholder with information related to Medihelp and its offerings;
      • To better understand the needs of stakeholders as users; and
      • To allow users to access their own records and interact with self-service platforms.
    2. Medihelp may also use information for direct marketing purposes or contact users for market research. Should a stakeholder not wish to have data shared with third parties, they are required to stipulate this by utilising the appropriate opt-out channel in the direct marketing received and/or on the Medihelp websites.
    3. Personal information shall only be shared with authorised service providers in so far as this is required to render services to users. Should this information comprise health records, it will only be shared between those healthcare professionals as may be authorised by the user from time to time.
  4. Protection of your personal information
    1. Medihelp will take all reasonable steps to ensure that personal information is protected. In order for Medihelp to comply with the conditions stipulated in the Act, several IT security policies, guidelines, directives, standard operating procedures, security measures and controls are utilised within Medihelp. These include the following:
      1. Physical controls
        Various physical controls are implemented to prevent access to IT systems and data. These include but are not limited to CCTV, a 24-hour security company protecting the premises and controlling access, a restricted access card control system, and a fire detection and suppression system.
      2. Technical controls
        Medihelp has adopted a defence-in-depth cybersecurity strategy. This multi-layered approach ensures that security controls are placed throughout the entire internal segmented network to prevent any security breaches from advancing deeper into where the data resides. Medihelp’s network is monitored 24/7 by artificial intelligence (AI) security technology, which is capable of automatically modelling and clustering information dynamically and at speed. The AI cybersecurity appliance is in turn monitored by a third-party 24/7 security operations centre (SOC) to detect any potential cyber threats.
      3. Other IT controls
        There are various other security controls in place, including firewalls, an intrusion prevention system (IPS), disk encryption and a virtual private network (VPN) to protect the Medihelp data and network. The principle of least privilege applies to the identity management systems in place, ensuring that access to data and systems is limited to employees’ specific functional tasks.
      4. Administrative controls
        Medihelp complies with several industry-specific regulatory frameworks. Various internal policies, guidelines and standard operating procedures have been implemented and are reviewed periodically to be in line with the industry landscape. Medihelp has a continuous IT security and awareness training campaign in place to teach and regularly train Medihelp employees about data security and in particular the provisions of the Act.
      5. Website and digital platform controls
        The privacy of individuals who use the websites and other digital platforms of Medihelp is of the utmost importance to the Scheme. As such, our aim is to protect the privacy of all users and more specifically such information subject to legislative protection (“personal information”) shared with us on Medihelp websites.

        The Medihelp website is a commercial website and uses standard technology called a “cookie” to collect information regarding the manner in which the site is used by all users. A cookie is a small data file that allows certain websites to write to the user’s hard drive when visited. A cookie file can contain information such as a user IP that the site uses to track the pages visited, but the only personal information a cookie can contain is information supplied by the user. A cookie cannot read data off a hard disk or read cookie files created by the other sites. Some parts of Medihelp’s website use cookies to track user traffic patterns. This is done in order to determine the usefulness of our website information to our users and see how effective our navigational structure is in helping users reach that information.

        Medihelp may log the websites visited; collect IP addresses and information about operating systems and the type of browsers used for the purposes of network/system administration; to report aggregate information to our advertisers, and to audit the use of our site. This data however will not be used to identify individual users who will at all times remain anonymous.
    2. When personal data is submitted to Medihelp, the Scheme will treat the data as if permission has been given – where necessary and appropriate – for the disclosures referred to in this policy. The user’s personal information is required when Medihelp is to provide services that the user has requested or when the user elects to provide personal information.
    3. Medihelp uses industry standard SSL encryption to enhance the security of its data transmission. Similar precautions are taken in respect of mobile apps and other digital platforms, where appropriate. While striving to protect personal information, Medihelp cannot guarantee the security of the information transmitted to Medihelp and users are urged to take every precaution to protect all data transmitted to or accessed from Medihelp.
  5. Sharing of information collected
    1. Personal information of users that is collected on Medihelp’s websites may be shared with companies and/or affiliated persons who are associated and in business with Medihelp, irrespective of their location in the world, except for personal information which is protected under the Act, which may only be shared or disclosed as may be permitted under the Act.
    2. Medihelp stores all data received within a secured environment with limited access. Personal information may be stored and processed in South Africa or in any other country where Medihelp, its partners, affiliates or agents are located, provided that those other countries have legislation protecting the personal information at least on the same level as intended by the Act.
    3. Medihelp may send personal information to other companies or people under any of the following circumstances:
      • When consent has been obtained to share the information;
      • When Medihelp is required to provide information to the user in respect of products, offerings or services requested by the user;
      • When Medihelp is required to send the information to service providers who work on behalf of Medihelp to provide a product or service to the user (we will only provide the information if the service provider needs this to deliver the service, and we will only share the information for such specific purpose and with the explicit understanding that they are prohibited from using the information for any other purpose);
      • When the user requests to receive updates on the latest relevant announcements, news, special offers or other information, either from Medihelp or our business partners (unless the stakeholders have opted out of these types of communication);
      • When Medihelp is required by law to disclose personal information;
      • When sharing information is required to enable us to enforce our Terms and Conditions of Use; and
      • In urgent circumstances in order to protect personal safety, public safety or where the integrity of Medihelp websites may be compromised.
  6. Minors and privacy
    1. Medihelp will not enter into a service subscription contract with a minor unless such minor has explicit written consent from a parent or guardian to do so. We do not intentionally collect or use personal information of children (persons under the age of 18 years) unless with express consent of a parent or guardian or if the law otherwise allows or requires us to process such personal information.
    2. Medihelp undertakes not to contact minors about promotional offers or for marketing purposes without parental consent.
  7. Other websites
    1. The Medihelp websites contain web links to other websites to make it easier for users to find information on specific subjects. Medihelp does not share personal information with those websites and cannot accept responsibility for the privacy practices of these websites. We encourage all users to familiarise themselves with the privacy policy of third-party companies prior to following such links.
    2. The Medihelp websites may contain links to websites operated by other companies. Some of these third-party sites may be co-branded with the Medihelp logo, even though they are not operated or maintained by Medihelp. Although our business partners are carefully selected, Medihelp is not responsible for the privacy practices of websites operated by third parties that are linked to the Medihelp websites. Once the user has left our websites or any other digital channels maintained by Medihelp, the user should be aware of the applicable privacy policy of the third-party website to determine how they handle the information they collect from the user.
  8. Lodging a complaint
    1. Should there be any concern regarding a breach of information or the inappropriate use of information, please let us know first by completing the prescribed form available at “Download forms” on Medihelp website (“Complaint regarding interference with the Protection of Personal Information”), submit it to popia@medihelp.co.za. This will allow us to investigate the matter and take appropriate action. In order to facilitate a timely response to a complaint, you should ensure the form is comprehensively completed.
    2. If you are still not satisfied after having followed this process, you have the right to lodge a complaint with the Information Regulator using the contact details below:

      The Information Regulator (South Africa)
      JD House
      27 Stiemens Street
      Braamfontein
      Johannesburg
      2001

      Telephone Number: +27 (0) 10 023 5207
      Fax Number: (011) 403 0668
      Complaints email: complaints.IR@justice.gov.za
      General enquiries email: inforeg@justice.gov.za
  9. Security breach
    1. It is important to note that Medihelp may access information without the necessary authority in the event that systems are compromised as a result of viruses, hacking incursions and other illicit means of obtaining such data, where the user’s IT infrastructure or device has been compromised in any way or where the user provides sensitive login information or passwords to third parties, or where the unauthorised interception has occurred due to the fault or negligence of the user which may be beyond the control of the Scheme.
    2. Where such information is accessed or disclosed through such unauthorised means, the Scheme shall not be held liable for any such unauthorised disclosure of any such information, including the personal information, except where there is intentional disclosure of the personal information or in circumstances where the Scheme is grossly negligent.
  10. Changes to this privacy policy
    1. Medihelp reserves the right to amend this policy and the terms and conditions from time to time. Any material change in the way we use or protect the personal information will be noted on the Medihelp websites, or otherwise will be communicated to the user as may be reasonably expedient, and the user will have the option of reviewing such amendment prior to proceeding to use the websites, the mobile app or any other affected digital platforms.
    2. The amended version of the Privacy Policy shall supersede and replace all previous versions thereof.