HPA Compliance for Zimbabwe Medical Practices in 2026: What You Need to Know

The Health Professions Authority (HPA) of Zimbabwe regulates all health professions under the Health Professions Act [Chapter 27:19]. Recent updates to the Act have strengthened requirements around patient record retention, informed consent documentation, and data privacy.

Key Compliance Requirements

Patient records must be retained for a minimum of 10 years from the date of last treatment, or until the patient turns 21 if they were a minor at the time of treatment. Electronic records are acceptable provided they are backed up and protected against unauthorised access.

Informed consent must be documented in writing for all surgical procedures, anaesthesia, and any treatment with significant risk. The consent form must be signed by the patient (or guardian) and witnessed.

Data Privacy

While Zimbabwe does not yet have a comprehensive data protection act equivalent to GDPR, the HPA guidelines require that patient information not be disclosed to third parties without written consent, except in specific circumstances (medical emergencies, court orders, public health reporting).

Practical Steps

1. Audit your current record retention policy and ensure all records are accessible for the required period. 2. Review your consent forms — ensure they are specific to the procedure and written in plain language. 3. Implement access controls so that only authorised staff can view patient records. 4. Document your data handling procedures in a written policy.