If you work in a small practice or medical centre, there’s every chance you may not have received many requests for personal information from patients. The starting point is to know that the Privacy Act gives people the right to make a request for information that is about them.
Under the Privacy Act, your practice is legally obligated to respond to that request within 20 working days and to provide the information requested, although the law does allow reasons for withholding the information.
Giving access to information can take several forms. It can mean giving a copy of a document; giving a reasonable opportunity to look at a document, or listen to or view a recording; giving a summary of the information; providing a transcript; or giving the information orally – depending on the requester’s preference.
Pointers for responding to a complaint
But here’s the thing. Failing to respond to a request for personal information can result in a complaint from the requester to the Privacy Commissioner. We hope this never happens to you but in case it does, here are some pointers on how best to engage with us.
Tell us in confidence
However, when you give us information to review, it will help us if you can tell us clearly what information is being withheld and the reasons why your practice wants to withhold it.
One example is whether to disclose information about a child to a non-custodial parent. While section 22 of the Health Act permits parents and guardians to request their child’s health information, a health agency, such as a GP, can withhold health information where:
We have many resources to help medical practices comply with the Privacy Act. Our website has tools such as AskUs – our online privacy FAQs, the Priv-o-matic privacy statement generator, as well as our free online privacy training modules. We have a range of health brochures (in English and Te Reo). All of these are designed to be used to help make privacy easy.
A starting point is to familiarise yourself with our Quick Tour of the Privacy Principles. It may also be a good idea to display it in the administrative area of your practice to help colleagues and employees understand the obligations and responsibilities that come with holding personal information. This way, when you have an encounter with a privacy issue, you’ll know where to start. And if you need to know more, ask us.
Originally published in NZ Doctor (31 January 2018)
Image credit: Blue and silver stethoscope via Pexels