The finding of a recent Auckland District Health Board investigation into a suspected privacy breach relating to Tania Dalton’s medical care has been released. Dalton was admitted to hospital on February 23 of this year and had her life support turned off six days later – the same day the Auckland DHB said it became aware of a suspected breach of her privacy by a staff member accessing her file.
While the Auckland DHB state they take “patient confidentiality extremely seriously”, and promote awareness in a variety of ways, this is not the first time patient privacy has been an issue in New Zealand. Another high profile sportsperson, Jesse Ryder, faced a similar breach of privacy when his X-ray records were inappropriately accessed by Canterbury DHB staff, and in 2012 33 Auckland City Hospital staff faced disciplinary action for looking up details about a man who had an eel stuck up his bottom.
While the investigation this time concluded that the staff member had been authorised to access Dalton’s file, it acts as another timely reminder of the importance of privacy. In addition to New Zealand’s Privacy Act 1993, the Privacy Commissioner has the power to issue codes of practice that become part of the law and modify the operation of the Act for specific industries, activities, agencies or types of personal information. One example is the Health Information Privacy Code 1994. This code applies to the health information about identifiable individuals and applies to all agencies providing personal or public health or disability services. Only those medical professionals directly associated with your care are able to access your health information, so any other clinician not directly involved would be in breach of the Code should they access your file unauthorised.
If you suspect that there has been a breach of your privacy, the first step is to talk directly to the agency concerned, and they may conduct their own internal investigation and undertake disciplinary action. Under the Code, agencies have to have privacy officers and complaint handling procedures. But if you are not satisfied with the response, the option of complaining to the Privacy Commissioner is always available and there can be financial consequences for agencies that breach the rules.