Imac 2011

478 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
478
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • <number>
  • <number>
    Notes
  • <number>
  • <number>
    Notes – Handout sheet: Quick Tour of the Health Code Rules
  • <number>
    Notes – Page 9, HIPC Cl 4(1)
  • Notes
  • <number>
    Notes – Page 45
  • <number>
    Notes
  • <number>
    Notes – Page 70
  • <number>
    Notes – Page 7 & 8
  • <number>
    Notes - Page 30
  • <number>
    Notes – Page 61 - 62
  • <number>
    Notes – page 36
  • <number>
  • <number>
  • <number>
  • <number>
  • <number>
    Notes
  • Imac 2011

    1. 1. • Privacy is not secrecy or confidentiality • Privacy is wider than security • Privacy is about control What is Privacy?
    2. 2. • Tool for preserving peoples control over their information… • in the face of technology that tends to lessen that control What is Privacy?
    3. 3. Health Information Privacy Code 1994: What is it? • Code of practice issued by the Privacy Commissioner • Focus is on purpose not consent • Modifies 12 information privacy principles into 12 rules • Purpose and openness
    4. 4. Who and what is covered • Health information about identifiable individuals Medical history, services provided, results, incidentals Some exceptions around the Cervical Screening Programme • Health agencies People and organisations who provide health and disability services, insurers • Limits Health Code does not override any other law that authorises or requires collection, use or disclosure of information
    5. 5. Health Information Privacy Code 1994: Summary 1) Only collect the information you need 2) Get it from the person concerned 3) Tell them what you're doing 4) Be nice when you're doing it 5) Take care of the information once you've got it 6) They can see it if they want to 7) They can correct it if it's wrong 8) Make sure it's accurate before you use it 9) Get rid of it when you're done with it 10) Only use it for the purpose you got it for 11) Only disclose it if that's why you got it 12) Be careful with unique identifiers
    6. 6. Health Information Privacy Code: rule 11(1) Rule 11: Health information must not be disclosed unless one of the exceptions applies. Disclosure is allowable if it is: • To the individual or their representative, or authorised by them • One of the purposes for which it was obtained • Originally from a publicly available source • General information about presence, location, condition of patient in hospital
    7. 7. some exceptions rule 11(2) An agency may also disclose, if it believes on reasonable grounds that disclosure is: • for a directly related purpose, or statistical or research purposes • necessary to prevent or lessen a serious and imminent threat to public health or safety or the life or health of the individual or another • necessary to avoid prejudice to maintenance of law or conduct of proceedings
    8. 8. Section 22F Health Act 1956 requires disclosure unless withholding grounds apply, eg. Rule 11(4) HIPC, ss27- 29 Privacy Act. Who can make request under 22F • Person/agency who is providing or is to provide health or disability services to individual • The individual’s representative
    9. 9. Section 22F Health Act 1956 Upon request the holder of health information must disclose to: Individual Representative Healthcare Provider Treat as Rule 6, ss27-29 of Privacy Act apply Agency may refuse if: individual doesn’t want disclosure or there is a lawful excuse not to disclose Rule 11(4)(b) agency may refuse if: contrary to individual’s interests or patient veto, or ss27-29 Privacy Act apply
    10. 10. Representatives • Where a person is dead – their personal representative (executor or administrator) • Where a person is under 16, dead or alive – a parent or guardian • Where a person cannot give consent or exercise rights – a person lawfully acting on their behalf or in their best interests
    11. 11. Access & Correction Rules 6 and 7 If health information is readily retrievable people have a right to: • confirmation whether the agency holds information about them • have access to the information • ask for it to be corrected
    12. 12. Withholding Grounds Rule 6 Good reasons to withhold information from an individual; ss 27-29 of the Privacy Act • 27(1)(c) - prejudice maintenance of law • 27(1)(d) - endanger safety • 29(1)(a) - unwarranted disclosure • 29(1)(c) - prejudice physical / mental health • 29(2) - not readily retrievable / cannot be found / does not exist
    13. 13. Correction Rule 7 Individuals have a right to request correction; or have a statement of correction added. Agency must either: make the change attach statement inform the individual and any recipients of the information
    14. 14. Policy and Privacy in Health • Privacy isn’t just the Privacy Act • Complexities arise from relationship between: – Ethical confidentiality and privacy – Biological material and health information – Electronic records and physical records – “Opt-in” vs “Opt-out” – Informed consent vs notification
    15. 15. Function Creep
    16. 16. Collection some implications • Collection is where you find the key legal obligation of transparency • Falls on agency initially collecting data • In health context, places heavy weight on primary care • Practical need for ‘upstream’ users of data to take some of that load • Benefits in trust, openness and willingness of health consumers to have their information used • Also benefit of increased trust from ‘downstream’ health agencies
    17. 17. Wider context • Records can be owned, information cannot • Agencies have obligations (purpose and openness) • Individuals have rights (access and correction) • Also, privacy law focuses on awareness rather than consent • However both consumers and clinicians can have a valuable sense of ownership over information about them – don’t want it misused • Trust is harder to regain than it is to lose
    18. 18. Competing interests “The Commissioner shall have due regard for the protection of important human rights and social interests that compete with privacy, including the general desirability of a free flow of information and the recognition of the right of government and business to achieve their objectives in an efficient way”
    19. 19. Competing Interests Can be quite compelling: –Patient wellbeing –Research –New uses for information –Profit –Easier better processes
    20. 20. How are these managed? • Complaints and enquiries process in Privacy Act – Relies on people making complaints – Requires ‘harm’ – Legalistic • Ethics committees for research – Circular definitions • Privacy Commissioner comment on new laws and proposed schemes – Limited resources • Public and practitioner outrage – Potent but unreliable!
    21. 21. •Patients come to their doctors because they trust them. •Good privacy is good business •Our role is not to prevent change, but to make sure people know what they’re getting into •“Road maps, not road blocks” Ultimately…
    22. 22. Don’t blame the Privacy Act!Act! enquiries hotline 0800 803 909 www.privacy.org.nz sml@privacy.org.nz

    ×