Imac 2011

Imac 2011

• 2.
  • Privacy isnot secrecy or confidentiality • Privacy is wider than security • Privacy is about control What is Privacy?
• 3.
  • Tool forpreserving peoples control over their information… • in the face of technology that tends to lessen that control What is Privacy?
• 4.
  Health Information PrivacyCode 1994: What is it? • Code of practice issued by the Privacy Commissioner • Focus is on purpose not consent • Modifies 12 information privacy principles into 12 rules • Purpose and openness
• 5.
  Who and whatis covered • Health information about identifiable individuals Medical history, services provided, results, incidentals Some exceptions around the Cervical Screening Programme • Health agencies People and organisations who provide health and disability services, insurers • Limits Health Code does not override any other law that authorises or requires collection, use or disclosure of information
• 6.
  Health Information PrivacyCode 1994: Summary 1) Only collect the information you need 2) Get it from the person concerned 3) Tell them what you're doing 4) Be nice when you're doing it 5) Take care of the information once you've got it 6) They can see it if they want to 7) They can correct it if it's wrong 8) Make sure it's accurate before you use it 9) Get rid of it when you're done with it 10) Only use it for the purpose you got it for 11) Only disclose it if that's why you got it 12) Be careful with unique identifiers
• 7.
  Health Information Privacy Code:rule 11(1) Rule 11: Health information must not be disclosed unless one of the exceptions applies. Disclosure is allowable if it is: • To the individual or their representative, or authorised by them • One of the purposes for which it was obtained • Originally from a publicly available source • General information about presence, location, condition of patient in hospital
• 8.
  some exceptions rule11(2) An agency may also disclose, if it believes on reasonable grounds that disclosure is: • for a directly related purpose, or statistical or research purposes • necessary to prevent or lessen a serious and imminent threat to public health or safety or the life or health of the individual or another • necessary to avoid prejudice to maintenance of law or conduct of proceedings
• 9.
  Section 22F HealthAct 1956 requires disclosure unless withholding grounds apply, eg. Rule 11(4) HIPC, ss27- 29 Privacy Act. Who can make request under 22F • Person/agency who is providing or is to provide health or disability services to individual • The individual’s representative
• 10.
  Section 22F HealthAct 1956 Upon request the holder of health information must disclose to: Individual Representative Healthcare Provider Treat as Rule 6, ss27-29 of Privacy Act apply Agency may refuse if: individual doesn’t want disclosure or there is a lawful excuse not to disclose Rule 11(4)(b) agency may refuse if: contrary to individual’s interests or patient veto, or ss27-29 Privacy Act apply
• 11.
  Representatives • Where aperson is dead – their personal representative (executor or administrator) • Where a person is under 16, dead or alive – a parent or guardian • Where a person cannot give consent or exercise rights – a person lawfully acting on their behalf or in their best interests
• 12.
  Access & CorrectionRules 6 and 7 If health information is readily retrievable people have a right to: • confirmation whether the agency holds information about them • have access to the information • ask for it to be corrected
• 13.
  Withholding Grounds Rule6 Good reasons to withhold information from an individual; ss 27-29 of the Privacy Act • 27(1)(c) - prejudice maintenance of law • 27(1)(d) - endanger safety • 29(1)(a) - unwarranted disclosure • 29(1)(c) - prejudice physical / mental health • 29(2) - not readily retrievable / cannot be found / does not exist
• 14.
  Correction Rule 7 Individualshave a right to request correction; or have a statement of correction added. Agency must either: make the change attach statement inform the individual and any recipients of the information
• 15.
  Policy and Privacyin Health • Privacy isn’t just the Privacy Act • Complexities arise from relationship between: – Ethical confidentiality and privacy – Biological material and health information – Electronic records and physical records – “Opt-in” vs “Opt-out” – Informed consent vs notification
• 16.
  Function Creep
• 17.
  Collection some implications •Collection is where you find the key legal obligation of transparency • Falls on agency initially collecting data • In health context, places heavy weight on primary care • Practical need for ‘upstream’ users of data to take some of that load • Benefits in trust, openness and willingness of health consumers to have their information used • Also benefit of increased trust from ‘downstream’ health agencies
• 18.
  Wider context • Recordscan be owned, information cannot • Agencies have obligations (purpose and openness) • Individuals have rights (access and correction) • Also, privacy law focuses on awareness rather than consent • However both consumers and clinicians can have a valuable sense of ownership over information about them – don’t want it misused • Trust is harder to regain than it is to lose
• 19.
  Competing interests “The Commissionershall have due regard for the protection of important human rights and social interests that compete with privacy, including the general desirability of a free flow of information and the recognition of the right of government and business to achieve their objectives in an efficient way”
• 20.
  Competing Interests Can bequite compelling: –Patient wellbeing –Research –New uses for information –Profit –Easier better processes
• 21.
  How are thesemanaged? • Complaints and enquiries process in Privacy Act – Relies on people making complaints – Requires ‘harm’ – Legalistic • Ethics committees for research – Circular definitions • Privacy Commissioner comment on new laws and proposed schemes – Limited resources • Public and practitioner outrage – Potent but unreliable!
• 22.
  •Patients come totheir doctors because they trust them. •Good privacy is good business •Our role is not to prevent change, but to make sure people know what they’re getting into •“Road maps, not road blocks” Ultimately…
• 23.
  Don’t blame thePrivacy Act!Act! enquiries hotline 0800 803 909 www.privacy.org.nz [email protected]