Image Credit: From ‘Health Information: Your Rights’ poster made available to the public by the New Zealand Privacy Commissioner – www.privacy.org.nz
Tying for first place as the most private of “private information” would surely be an individual’s (a) medical and (b) financial information.
In this article, I’d like to reproduce for you, the 12 “Privacy Principles” the New Zealand Office of the Privacy Commissioner outlines for medical practices to adhere to, in dealing with your medical records.
It is my experience that these are frequently not adhered to, and that many practices take a “Big Brother” and somewhat cavalier attitude to this type of record. And making any related enquiry of the often self-superior practice manager or front desk staff is often not welcomed.
Well, folks, I’m here to make sure you know your rights. Here they are:
In the words of the Privacy Commissioner, “health agencies” must:
1) Only collect information about you that they really need.
2) Get it from you whenever possible.
3) Be open with you about what is going to be done with it.
4) Be fair about how they get it.
5) Keep it secure.
6) Let you see it if you want to.
7) Fix it, if you think it’s wrong.
8) Take care that it’s accurate before using it.
9) Dispose of it as soon as possible when they don’t need it any more.
10) Only use it for the purpose they got it.
11) Only disclose it if they have a good reason.
12) Only use the National Health Index number for health reasons.
Now, TPOC readers know how much faith I have in industry bodies, and ombudsman offices, and Government (supposed) watchdog agencies: Little to none. Closing ranks is pretty much standard practice, in both my observation and my experience.
You’ll note the very rubbery terms used in the above e.g. “Only disclose it if they have a good reason.” That gives any errant or overly loose self-governing practice/agency a lot of escape routes, and the Office of the Privacy Commissioner a lot of scope to let them off the hook if you should ever complain.
Nonetheless, you can use this list of “privacy principles” to argue the point with any service provider, as it certainly, at least, makes clear the “spirit” the Privacy Commissioner intends that organisation or agency demonstrate when dealing with your information.