.jpg){kind=logo}
Elisabeth Harding, Privacy Officer, Counties Manukau DHB, opened her presentation by emphasising that "privacy" does not equal "private". The New Zealand privacy legislation does not attempt to keep things "private" or "secret", but rather to ensure that personal information is used consistently with the purposes for which it was obtained and that individuals concerned are aware of such purposes. Misunderstandings regarding the use of the term privacy have prompted her to substitute the term "safe management of health information".
The privacy legislation provides a framework for managing the sharing of relevant health information between different interested parties such as funders, the Ministry of Health and health researchers, all of whom make different demands on that information.
The Privacy Act does not stop anyone from doing anything. It simply provides a framework for providing policy in relation to transparency about what is done with information. One should be able to justify the use of required information.
Health information is a valuable commodity that needs to be protected. Unless people believe that their information will be protected, they may object to a particular use of their information. Perceptions and trust are important.
Privacy was one of eight project work streams making up the WAVE (Working to Add Value through E-information) Project. Other streams were: strategy; knowledge; electronic health records; data architecture; systems infrastructure; investment; and organisation design.
Harding summarised the linkages between the privacy workstream and a number of other workstreams including strategy, knowledge, electronic health records, data architecture, systems infrastructure, and organisation design streams.
Often the impression is given that IT is a solution looking for a problem. Technology is a tool the use of which needs to be driven by a purpose. It is a means of finding a solution; it is not the solution. For example, a national register is a tool, and only as good as the information in it.
Harding reviewed the issues that arose as a result of the privacy workstream as follows:
- Who and what are the drivers - what are patients, health care providers, health services funders, Ministry of Health and researchers expecting?
- What are areas of concern, eg, what is the entitlement of patients’ families to a member’s health information?
- What is the relevant legislation?
- Who should be able to use health information?
Harding provided diagrammatic representations of the structure and funding of the health sector, showing the many interfaces in the sector and how information sharing takes place, and of information flows within the sector (refer slides 9 and 10). In her view, the biggest gap in information management exists at DHB level, where there has not yet been enough consideration of what patient information is required for and what it will be used for.
One area where information sharing is not as transparent as it should be relates to the provision of information to the New Zealand Health Information Service (NZHIS). Patients are not usually given the option of whether their information is given to the NZHIS and should be made aware that this will happen and aware of how information will be used.
Harding reviewed the relevant legislation, noting that it provides a framework for sharing health information for relevant purposes.
The Privacy Act 1993 and the Health Information Privacy Code 1994 are very straightforward legislation. Twelve principles in total include four regarding the collection of information. Other relevant legislation includes the Health and Disability Commissioner Act 1994, the Code of Health and Disability Services Consumers’ Rights 1996, the Official Information Act 1982 and the Health Act 1956.
Harding described a "perfect world" scenario where:
- Patients’ health information is used to ensure that best care is provided and patients are aware of how their information is used.
- Providers have access to relevant health information to enable them to provide the most appropriate care and there is appropriate sharing of health information between providers of health services.
- Funders have access to (aggregate) information to enable them to target funding and monitor health outcomes.
- Policy makers have access to demographic information about disease patterns, health needs analysis, population health status.
- Researchers have access to relevant information both anonymous and, when necessary, health information about identifiable individuals to carry out research and develop disease management tools.
Harding presented general principles for managing health information, based on recommendations that arose from the privacy workstream and which drew on the UK Coldicott report:
- Justify the purpose.
- Don’t use patient-identifiable information unless it is absolutely necessary.
- Use the minimum necessary patient information.
- Access to patient-identifiable information should be on a strict need to know basis; this can be an area of weakness - IT systems tend to make information available on a liberal basis and do not always monitor who uses it.
- Those with access to health information must be aware of their responsibilities and understand and comply with the law.
She reviewed the privacy workstream recommendations:
- Patient awareness is critical.
- There is a need for increased awareness about the NHI.
- The NHI is the agreed identifier for health information.
- There is a need for consideration of a national provider index number.
- More work is required on compliance and security audits.
- There is a need to provide leadership in the management of health information; there could be a broader role of the NZHIS in guidance.
- There is a requirement for:
• networks for privacy officers
• national workshop for consumers
• education programmes
• protocols for the exchange of health information.
Harding concluded by noting that technology can and does add value to health care but it must be purpose-based.
[View Elisabeth Harding’s presentation The Safe Management of Health Information]
