Data compliance for healthcare


Patient data is essential in healthcare, especially when managing an individual’s care. Safeguards governing the processing and storage of patient data are required and will be bolstered by the introduction of the Protection of Personal Information Act, No 4 of 2012 (PoPIA).

Since this law came into effect on 1 July 2021, all private and public bodies processing personal information are now required to have implemented policies and procedures in order to be compliant.


Xperien ITAD specialist Bridgette Vermaak says many of these healthcare facilities have heaps of old computer equipment lying in their storerooms. “This equipment has a large amount of patient data and reckless disposal of these electronics will put these institutions at risk.”

“To comply, they need to ensure that the data on all their retired electronics is erased or destroyed according to the PoPIA regulations. Deleting files is not sufficient. Data erasure and IT asset disposal has legislative requirements, compliance to PoPIA, the National Environmental Waste Management Act 2008 (NEMWA 2008), the Consumer Protection Act 68 of 2008 (CPA) and General Data Protection Regulations (GDPR),” she explains.

Xperien ITAD specialist Bridgette Vermaak

According to legislation, all healthcare facilities including hospitals and clinics are required to manage the complete destruction of all data when IT assets reach end-of-life. PoPIA requires them to practice due diligence and ensure their storerooms go through the expected data erasure techniques essential to protect company data.

Healthcare facilities that manage IT asset disposition internally continue to struggle with data security and proper environmental recycling. Efficient IT infrastructure life cycle management and secure IT asset disposition (ITAD) can help them maximise value at every stage of their technology investment.


Vermaak says effective environmental IT Asset Disposal (ITAD) is no longer a luxury, it has become a legal requirement. “It’s crucial to find a professional ITAD provider that can offer data sanitisation and destruction services to protect the data.”

She says if decommissioning and data destruction is done correctly, their reputation is safe, the budget receives a much-needed boost and the leaders have peace of mind. “Value recovery is a crucial part of the process, these institutions need to receive fair market value for end-of-life and redundant IT equipment.”


Professional ITAD service providers normally offer to purchase these assets, this includes the collection, data erasure and reporting. More importantly, most of these institutions are also missing out on the opportunity to get money back for their used IT equipment.

“Our offer to healthcare facilities is the safe collection of redundant equipment, data erasure and reporting so that they can dispose of their IT equipment knowing that they have complied with relevant legislation and have received the best value for your redundant IT equipment,” she concludes.