South Africa is in the grip of a third wave of the COVID-19 pandemic.

As the country hardest-hit by the coronavirus on the continent, South Africa has been regrettably slow with its vaccine rollout, with only two million of the country’s 59 million citizens having received a vaccine dose at the time of writing this.

A first phase, which focused on healthcare workers, concluded in mid-May, and the second phase targeting the elderly and other vulnerable groups, including teachers, is currently underway.

The vaccination of the South African population against SARS-CoV-2 is the most ambitious and far-reaching healthcare initiative in the country’s history, and continues to stretch the limits of our healthcare sector.

Much has been said about the slow pace of vaccine procurement and challenges with convincing parts of the population to vaccinate – thanks in no small part to the extraordinary disinformation campaigns flourishing on social media.

However, one somewhat forgotten aspect risks being lost: the importance of data, and the protection thereof, in building trust in the process.

Optimal usage and protection of patient data

Personal health data represent a particular challenge in terms of data security as a failure to protect such data could severely harm people and expose them to discrimination.

For example, inadvertently sharing sensitive personal health data of a person living with a dread disease could affect their job prospects and livelihoods. A mix-up in personal health data could lead to someone receiving the incorrect diagnosis or, even worse, the wrong treatment. This can be life-threatening under some circumstances.

The Protection of Personal Information Act (POPIA), which was finally implemented in full force in 2020, aims to give citizens greater control over how their personal data is stored, processed and used.

While all businesses that work with private data – including that of organisations and other juristic persons – are affected, it is arguably the healthcare sector that is under most pressure due to the ongoing pandemic and the unprecedented vaccine rollout effort.

Where is my data anyway?

The vaccine rollout in particular poses an immense challenge in terms of data security and privacy protection. Any clinic, hospital, private or public healthcare practitioner, medical aid or medicines firm needs to ensure they protect the personal healthcare data processed during the course of business.

This is easier said than done.

While government has taken steps to centralise the scheduling and rollout of vaccinations via its Electronic Vaccination Data System (EVDS) portal, and require that all citizens wishing to be vaccinated register on EVDS. The intention is that, as each population group (over-60s, teachers, healthcare workers, etc.) registers, each person receives communication with the time, date and location of their scheduled vaccination appointment.

However, the system is often unreliable, and many people simply get no confirmation of where they need to go or when. There is also little communication over the status of an application for vaccination.

Compounding the problem is that actual vaccination sites are run by a combination of public and private sector organisations, and in many cases are open to walk-ins who may not have received confirmation of their appointments.

How is the data of walk-ins, for example, collected, stored, processed and managed? Who is overseeing the full end-to-end process to ensure it is fully POPIA compliant? In the case of manual data entries, how is quality maintained to ensure data integrity? And how is this data secured from the rising tide of cyberattacks besieging South African organisations?

The role of technology

Public and private sector healthcare organisations should lean heavily on technology to assist with both the protection of vaccine patient data as well as better supporting the end-to-end vaccination process.

A patient experience management tool can give healthcare decision-makers insights into underperforming or misaligned aspects of the vaccination process – for example, insufficient communication around vaccination appointments – and help ensure a seamless process from start to finish.

A cloud-based analytics tool can help integrate healthcare data from public and private sector roleplayers and highlight critical insights that can point to trends, risks, opportunities and areas for improvement while maintaining data integrity throughout. Equipped with accurate and complete data, government and other decision-makers will be able to determine the most effective healthcare response and potentially save lives.

In addition, any vaccine rollout strategy should include a comprehensive customer data strategy, which helps to safeguard the longevity of each organisation involved in the vaccination value chain. Such a strategy should include relevant digital platforms that can ease or enable the process of managing patient profiles, and help manage access and authorisation to systems that provide self-service options for activities such as booking vaccination appointments or tests.

In terms of POPIA compliance, all organisations should have taken steps by now to ensure they meet the requirements of the Act, especially since the grace period for sanction and fines for non-compliance expired at the end of June. Implementing an effective cloud-based customer relationship management tool enables healthcare providers to have a unified view of each vaccinated patient, and gives them the power to limit how that information is used or even delete it (in line with the requirements of POPIA) if needed.

Critically, the customer data strategy should provide individuals with the power of consent to subscribe or unsubscribe to correspondence, manage their preferences for ongoing communication, and afford them the right to be forgotten.