Phathutshedzo Makovhololo Cape Peninsula University of Technology Pretoria, South Africa phathuts@gmail.com Tefo Sekgweleo Cape Peninsula University of Technology Pretoria, South Africa ts330ci@gmail.com Modikwa Luwi Makovhololo Tshwane University of Technology Pretoria, South Africa Luwi788@gmail.com Abstract—The Protection of Personal Information (PoPI) was enacted in South Africa in 2013 and came into effect on the 25 th of May 2018. The goal of this act is to give effect to the constitutional right to privacy by safeguarding personal information when processed by a responsible party. Health information is private; hence it is important for it to be protected by the Act. This Act safeguards and protects the health information not to land into the wrong hands. As per the findings of this study it was found that the manner in which personal health information is processed in the healthcare organisations is intricate and requires attention to its safeguarding, review of existing internal policies and processes, ethical considerations, security measures, accountability for all role-players, and understanding of the implications of possible data ruptures. Determining the impact of South African PoPI act in the Health Information Systems cannot be underestimated. Therefore, for the purpose of this study a qualitative research method was adopted. An interpretivist paradigm as well as the document review was employed to review the PoPI Act. Innovation decision process of Diffusion of Innovation (DOI) was adopted to analyse the data. Index Terms: Information Systems (IS), Information Communication Technology (ICT), Health Information Systems (HIS), Protection of Personal Information (PoPI). I. INTRODUCTION T he impact of the South African PoPI ACT on Health Information Systems (HIS) possible problem statement human lives are invaluable, hence the need to ensure good health at all times [1]. The health care industry has since proven to be a global need, as it provides an array of services that cater for individual health and lifestyle related problems. As honorable as its intentions are, the health care industry however tends to fall folly to issues such as patient misdiagnoses, mistreatment, mistaken identity and issuing of wrong medicine prescriptions etc. [2]. These issues are indicative of a disregard of patient data in terms of ensuring its privacy, with reference to whom, within healthcare institutions has which levels of access in terms of viewing and modification rights. Consequently, the South African government has hence introduced an act founded upon the protection of personal information, called the PoPI act. The PoPI act has provisioned regulations on which levels of access, data custodians have on the data which their clients have entrusted them with, as well as their responsibility to keep the data safe and unexposed to unauthorized bodies. The PoPI act however does not yet contain a clause that stipulates the punishable consequences that follow, should its regulations remain unobserved. The disregard of patient data concerning the failure to uphold its privacy and safety, by healthcare institutions, is therefore harmful to human lives and is in clear violation of the PoPI act. Due to the sensitivity of the health related data, health information systems are implemented together with features that fulfil an array of data quality checks for the correctness of the data, as well as the ability to have it modified and accessed only by stakeholders authorized to do so, within respective healthcare institutions. II. LITERATURE REVIEW A. Information and Communication Technology Information systems (IS) of an organization may consist of the information technology infrastructure, data, application systems, and personnel that employ IT to deliver information and communications services in an organization [3]. However, [4] assert that information systems also refers to the management of the organizational function in charge of planning, designing, developing, implementing, and operating the systems and providing services. Thus, the concept of IS combines both the technical components and human activities within the organization as well as describes the process of managing the life cycle of organizational IS practices [5]. ICTs for health are defined as tools that facilitate communication and the processing and transmission of information by electronic means, for the purpose of improving health (including health promotion, human resources for health, and health-service delivery). This definition encompasses the full range of ICTs, from radio and television to telephones (fixed and mobile), computers, and the Internet [6]. Information Communication Technology (ICT) has become a dominant instrument to eliminate poverty in the world, giving the developing countries opportunities to meet vital The impact of South African PoPI act in the Health Information Systems International Journal of Computer Science and Information Security (IJCSIS), Vol. 17, No. 6, June 2019 26 https://sites.google.com/site/ijcsis/ ISSN 1947-5500