| (1) |
The person in charge of a health establishment in possession of a user’s health records must set up control measures to prevent unauthorized access to those records and to the storage facility in which, or system by which, records are kept. |
| (a) |
Fails to perform a duty imposed on them in terms of subsection (1); |
| (b) |
falsifies any record by adding to or deleting or changing any information contained in that record; |
| (c) |
creates, changes or destroys a record without authority to do so; |
| (d) |
fails to create or change a record when properly required to do so; |
| (e) |
provides false information with the intent that it be included in a record; |
| (f) |
without authority, copies any part of a record; |
| (g) |
without authority, connects the personal identification elements of a user’s record with any element of that record that concerns the user’s condition, treatment or history; |
| (h) |
gains unauthorised access to a record or record-keeping system, including intercepting information being transmitted from one person, or one part of a record-keeping system, to another; |
| (i) |
without authority, connects any part of a computer or other electronic system on which records are kept to— |
| (i) |
any other computer or other electronic system; or |
| (ii) |
any terminal or other installation connected to or forming part of any other computer or other electronic system; or |
| (j) |
without authority, modifies or impairs the operation of— |
| (i) |
any part of the operating system of a computer or other electronic system on which a user’s records are kept; or |
| (ii) |
any part of the programme used to record, store, retrieve or display information on a computer or other electronic system on which a user’s records are kept, |
commits an offence and is liable on conviction to a fine or to imprisonment for a period not exceeding one year or to both a fine and such imprisonment.
Statistics Act, 1999
