Version 1 • Effective: 2026-06-11
MedCascade is committed to protecting your privacy and securing your personal and health information, in line with POPIA and, for US healthcare customers, HIPAA.
MedCascade is committed to protecting your privacy and securing your personal and health information. Our privacy program is built on the South African Protection of Personal Information Act 4 of 2013 (POPIA).
MedCascade supports billing-assist, clinical validation, claim switching, and collections workflows for healthcare providers, medical bureaus and medical schemes:
Where a customer outside South Africa is subject to foreign health-information law (for example HIPAA in the United States), supplementary terms — including a Business Associate Agreement where required — are available on request and govern that processing.
We may collect and process the following categories of information:
We follow the POPIA principles of lawfulness, purpose limitation, minimality, and confidentiality in all our processing activities.
We process personal information for the following purposes:
For special personal information (health), we act primarily as operator for the responsible party (our customer) and process on documented instructions under the applicable POPIA grounds relied upon by that customer. Customers are responsible for ensuring a lawful basis and necessary notices/consent.
Where a customer engages the claim-switching service, claim data is exchanged with the relevant medical schemes and switching/clearing infrastructure solely to transmit, track, and reconcile the customer’s claims. We act as a technical conduit; adjudication remains with the scheme.
Where a customer mandates the collections service, we process debtor personal information — identity and contact details, account balances, and payment conduct — on the customer’s behalf to demand, collect, receive and account for amounts owing. Collections are conducted lawfully and respectfully; debtors may direct queries or complaints to the contact details below and retain all POPIA rights, exercised via the responsible party (the customer) where we act as operator.
Banking and payment details processed for remittance or payment purposes are encrypted in transit and at rest, access-restricted, and never used for any purpose other than the mandated service.
Our controls are designed to meet the POPIA appropriate-safeguards requirement and align with recognised international security practice.
As operator, we retain customer data according to the customer’s configuration and instructions, and for as long as necessary to provide the services, meet legal obligations and maintain auditability. Collections records are retained as required for the mandate, accounting, and applicable law.
Backups have limited retention windows. Upon termination, we will delete or return data per our agreement and the customer’s instructions unless retention is legally required.
Under POPIA, you have the following rights:
To exercise your rights, contact our Information Officer using the details below.
We do not directly target services to children. Where customer data includes information about minors, customers must ensure lawful processing and appropriate authorisations. We process such data as operator on their instructions.
In the event of a security compromise creating a real risk of harm, we will notify the affected customer (responsible party) and, where applicable, the Information Regulator and data subjects in accordance with POPIA and our contractual commitments.
Where a customer is subject to foreign breach-notification law (for example HIPAA), we will also report in accordance with the supplementary terms agreed with that customer.
We may update this policy occasionally to reflect changes in our practices or legal requirements. Material changes will be communicated in-product or by email. Continued use of the Service after such changes indicates acceptance of the updated policy.
Information Officer: Mr Jan Venter (Managing Director, CareCo Solutions (Pty) Ltd). For privacy queries and rights requests: privacy@medcascade.com.
Lodge complaints with the Information Regulator (South Africa): https://inforegulator.org.za | complaints.IR@inforegulator.org.za.
This privacy policy reflects our commitment to transparency and to meeting applicable privacy and security obligations under POPIA.
Content integrity (SHA-256): aefe28a33d9c92266503b2bf641df5dbf552b5e0af02521f90150f151ab23c79
MedCascade © 2026. All rights reserved.
We use cookies to measure traffic on our marketing pages and improve your experience. Analytics stays off until you accept. See our Privacy Policy.