The exchanging of information between authorised users is a cornerstone of improving quality and efficiencies in a health system.

In 2016, six of South Africa’s largest private healthcare organisations came together to discuss and agree on the development of a HIE that would improve the quality, outcomes, safety and efficiency of the country’s health system.

CareConnect HIE, a NPO, was established as the entity that would take forward the development of a Health Information Exchange to benefit all South Africans through the exchange of relevant health information in a safe, secure and timely manner.

Consent & Confidentiality:​

CareConnect HIE complies with all applicable laws governing the processing of personal information (including clinical data); the protection of personal information; patient / member consent and data protection.

These laws, governed by the Protection of Personal Information Act (POPIA); the Medical Schemes Act (MSA); the National Health Act (NHA); and, General Data Protection Regulation (GDPR) of the European Union, have informed CareConnect’s approach to the protection of personal information.

Confidentiality of data:

The sharing and use of personal information via the HIE amongst the Founding Members and any other data provider is regulated by an agreement, the Data Use and Reciprocal Sharing Agreement (the DURSA).

Information security:

How secure will members’ and patients’ data be in the HIE?

Only a limited amount of demographic data will be stored on the HIE. All other data will be transferred from the data source via the HIE. The CareConnect HIE systems will be hosted in a secure environment and all personal data, whether stored in the HIE or transferred via secure networks, will be encrypted. This ensures that personal data is protected from unauthorised access.

Information and data security are of utmost importance to CareConnect and its Partners. Information privacy is about the control of how personal health information is collected, used and disclosed. Information privacy ensures that the Personal Health Information (PHI) is protected when transmitted, processed and stored. This applies to both Founding Member organizations and to CareConnect.

Information security involves the preservation of the following:

  • Confidentiality: information is accessible and available only to those authorized to have access.
  • Integrity: information stored, used, transferred and retrieved in manners such that there is confidence that the information has not been tampered with, or modified, other than as authorized. 
  • Availability: information is accessible to authorized individuals when and where required.

Further information contained in this section of the website is limited to CareConnect Partners only.
To access this information, please register below: