Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

More Accept ×

We respect your Do Not Track preference.

Close ×

opc header logo
  • Home /
  • The value of a phone call

Print | Email this page

The value of a phone call Hayley Forrest
12 January 2016 at 10:07

070325 doctor speaks on phone

Updated by our Guidance team in March 2025.

Under rule 6 of the Health Information Privacy Code, people have the right to see their health records, but when you visit your doctor how often do you see your records? Digital healthcare information is a relatively common thing now, but many people’s health records may still be kept in paper form.

This was the case when a longstanding patient of a GP requested access to all his health records. The man, in his 70s, had been seeing the same GP for 40 years, and had also been extremely diligent in communicating with the other agencies he’d attended consultations with. As a result, those agencies had been able to forward his health information to the GP, and the man’s health records now filled two large archive boxes as well as files in the GP’s digital records system.

The reality was that his request represented many hours of collation and work.

Withholding grounds

Health agencies must provide individuals with access to their health information, unless there is a good reason not to. These withholding grounds are outlined in sections 49-53 of the Privacy Act. If an individual is denied access to their information and they believe it’s unfair, they can complain to the Privacy Commissioner who can look at the material and review the decision.

Clarifying the request

A quick phone call to the man allowed the GP to explain the logistical barriers to assessing and copying his full medical file, and how, due to time restraints, it could actually take several weeks to provide him with his records.
It turned out that the man only wanted to find out about a course of medication he’d taken 50 years ago. When the GP offered to find the relevant material he was delighted. He was also happy to have the information emailed to him.

Three years, rather than 70

Clarifying the man’s request meant the GP was able to focus on a date-range of three years rather than 70. The GP found the information he was interested in, checked it quickly for anything that wasn’t about him (in case something had found its way into his records over the years that could breach another person’s privacy), scanned it, and securely emailed it to him. Once the information was scanned, the scanned data could be added to his digital file as an attachment. A thick wedge of paper was replaced with a single file-divider indicating that three years of his medical information had been digitised. The paper records were offered to the patient, who ended up giving his permission to securely destroy them.

Had the patient asked for his entire file, the GP would have needed to consider the request in full. While it can be inconvenient and time-consuming for busy medical centres to respond to these types of requests, it should be worked into their business processes. 

You can find more information on clarifying the scope of an access request in our guidance on responding to requests and complaints well.

Health resources online

OPC has some online resources to help health agencies develop good policies to handle these requests:

  • We have free online training modules that cover all your rights and legal obligations when handling health information: privacy.org.nz/e-learning
  • If in doubt, contact the Office of the Privacy Commissioner – 0800 803 909 or enquiries@privacy.org.nz. We’re happy to help.

, , ,

Back
Previous Blog Post Next Blog Post

Latest Blog Entries

Back to top