No substance to “alarmist claims” about patient privacy breach

Return to eHealthNews.nz home page

eHealthNews.nz editor Rebecca McBeth

The Privacy Commissioner will not investigate “alarmist claims” about a potential breach of 800,000 patients’ privacy made by four healthcare IT companies.

Commissioner John Edwards has found no evidence to justify an investigation into ProCare after receiving a joint letter of concern from HealthLink, Medtech Global, myPractice and Best Practice Software New Zealand Ltd.

The four health IT companies sent a letter to the Commissioner in July claiming that Primary Health Organisation ProCare Health had created a single database, called the Clinical Intelligence System, containing the identifiable medical records of up to 800,000 Auckland patients and that most patients and some GPs were unaware of this. 

The companies asked the Commissioner to launch a formal investigation into ProCare and sent a press release to media saying that a large number of Aucklanders may have had their privacy breached.

“I have found no substance to allegations of such a breach,” Edwards says in a statement .

“I considered the issues that the letter raised, reviewed my Office’s work with ProCare, and did not see sufficient evidence to justify an investigation at this time.”

The Commissioner says ProCare appears to have acted responsibly in the development of the CIS database. This included consulting the Office of the Privacy Commissioner, as well as undertaking a Privacy Impact Assessment and providing it to the Office for review at the beginning of 2017.

Edwards also stressed the importance of considering the effect on public confidence before making public statements.

“Making alarmist claims that the health information of 800,000 patients may be at risk can cause unnecessary anxiety for those patients and needlessly undermine confidence in the health system,” he says.

“I appreciate these concerns being brought to my attention, but I see no evidence that this database has harmed patients, or that it presents a likely risk of harm.”

ProCare chief executive Steve Boomert says there was no basis to the complaint.

“We have received feedback from our network on the unnecessary patient stress this has caused and the additional workload this has in turn placed on clinicians,” he says.

“ProCare strongly shares the Privacy Commissioner’s concerns about the making of unsubstantiated claims and undermining of public confidence.”

The four health IT companies say they stand by their decision to ask the Privacy Commissioner to investigate and “remain concerned that many patients are not being kept well informed about the collection of their identifiable medical data by PHOs”.

“Open discussion about privacy issues and public awareness is vital to allow the safe and seamless sharing of medical data,” a statement says.

“The public’s trust must be retained at every step of the creation of any medical database.

A statement from the Ministry of Health says the finding supports the need for PHOs to access information from their practices in order to deliver effective health services.

"The Ministry supports this approach and expects that PHOs manage such information to ensure privacy, confidentiality and security," it says.

Return to eHealthNews.nz home page