Acts Online
GT Shield

National Health Act, 2003 (Act No. 61 of 2003)

Chapter 2 : Rights and Duties of Users and Health Care Personnel

17. Protection of health records

 

(1) The person in charge of a health establishment in possession of a user’s health records must set up control measures to prevent unauthorized access to those records and to the storage facility in which, or system by which, records are kept.

 

(2) Any person who—
(a) Fails to perform a duty imposed on them in terms of subsection (1);
(b) falsifies any record by adding to or deleting or changing any information contained in that record;
(c) creates, changes or destroys a record without authority to do so;
(d) fails to create or change a record when properly required to do so;
(e) provides false information with the intent that it be included in a record;
(f) without authority, copies any part of a record;
(g) without authority, connects the personal identification elements of a user’s record with any element of that record that concerns the user’s condition, treatment or history;
(h) gains unauthorised access to a record or record-keeping system, including intercepting information being transmitted from one person, or one part of a record-keeping system, to another;
(i) without authority, connects any part of a computer or other electronic system on which records are kept to—
(i) any other computer or other electronic system; or
(ii) any terminal or other installation connected to or forming part of any other computer or other electronic system; or
(j) without authority, modifies or impairs the operation of—
(i) any part of the operating system of a computer or other electronic system on which a user’s records are kept; or
(ii) any part of the programme used to record, store, retrieve or display information on a computer or other electronic system on which a user’s records are kept,

commits an offence and is liable on conviction to a fine or to imprisonment for a period not exceeding one year or to both a fine and such imprisonment.