Privacy and your health information

All health professionals have to follow the rules in the Health Information Privacy Code dealing with how they collect your information and when they can release it to other people. This Privacy Code also specifically protects your rights to have access to your own health information.

Collecting health information Health professionals must collect health information directly from the you, not from other people.

Further, they can’t collect information in ways that are unfair or that intrude unreasonably into your personal affairs. For example, health information shouldn’t be collected in a waiting room where other people might overhear.

Releasing information to others

In general, health professionals can’t give your health information to anyone else.

However, there are some exceptions. Health professionals can give your information to others if:

• a specific law requires the health professional to release your information (for example, if there’s a risk to someone’s safety, or for statistical purposes)

• They are discussing your care professionally with other doctors or medical staff as appropriate (in this case, the other staff must keep the information confidential)

• It’s necessary to avoid a serious and imminent danger to you or someone else, and if it isn’t desirable or practicable to get your consent. In this case, health professionals can only give the information to people who can do something about the threat.

Your right to access your medical files

You have the right to see your personal medical records at any time and to get a

copy of these records. You can be refused access to your records only in limited situations.

For example:

If the information held also involves information about someone else, and releasing the information to you would be an unjustified breach of the other person’s privacy, or if giving the information would be likely to endanger any person’s safety.

How to complain about a breach of the Health Information

Privacy Code: You can complain about a breach of the Health information Privacy Code to the particular health professional or organisation. Then, if you’re not happy with their response, you can complain to the Privacy Commissioner.

This practice is contributing to, and accessing healthcare information from HealthOne - What is HealthOne?

HealthOne is a South Island based secure electronic record that allows registered healthcare providers directly involved in your healthcare, to quickly access information such as your test results, allergies, medications, GP summaries and hospital information. HealthOne adheres to the principles of the Privacy Act 2020 as well as the Rules set out in the Health Information Privacy Code 2020.  Access is only possible via an approved highly secure healthcare information network which is regularly audited and tested.  Privacy auditing is used to check that only those directly involved in your care are accessing your information.  To find out more about HealthOne please visit https://healthone.org.nz/.  Please note that you are entitled to restrict the sharing of your healthcare records by contacting 0508 837 872 or emailing HealthOne.privacy@pegasus.health.nz