Digital communication is ubiquitous: a hair salon sends you text messages reminding you of appointments; movie tickets are booked through apps on your phone – and you wave a card in the air to pay for groceries. Our expectations might be that our health records can be also be swiftly and easily transferred.

When it comes to healthcare, the truth is more complicated. In New Zealand, there is no central store of all your health information and most of us change doctors several times in our lives. Our health information is created and used by multiple agencies through our lives: Plunket nurses, dentists, mental health support, Quitline, district health boards, to name a few.  What’s more, digital healthcare information is a relatively new development; if you’re older than 20 or so, your healthcare records are likely to include a solid file of dead trees.

Access – Rule 6

We have the legal right to see our health records under rule 6 of the Health Information Privacy Code, but how often when you visit your doctor do you actually see your records? 

One of my first jobs was filing records at a rural medical centre. The largest room in the building was dedicated to files, and every available space was filled with floor to ceiling shelves heaving with boxes of x-ray slides, blood test results, prescriptions and spidery handwriting. It kept a girl busy.

I had the opportunity to get acquainted with these files when a longstanding patient requested access to all his health records. The man, in his 70s, had been seeing the same GP for 40 years, and had also been extremely diligent in communicating with the other agencies he’d attended consultations with. As a result, those agencies had been able to forward his health information to the GP, and the man’s health records now filled two large archive boxes as well as files in our digital records system.

The reality was that his request represented many hours of collation and work. The practice manager at the medical centre paled at the thought of the size of the job ahead of her. 

Withholding grounds

Health agencies must provide individuals with access to their health information – unless there is a good reason not to. These withholding grounds are outlined in sections 27-29 of the Privacy Act. They are mostly common-sense reasons. There is an independent review of these decisions. If an individual is denied access to the information and they believe it’s unfair, they can complain to the Privacy Commissioner who can look at the material and review the decision.

Clarifying his request

A quick phone call allowed us to explain the logistical barriers to assessing and copying his full medical file, and how, due to time restraints, it could actually take several weeks to provide him with his records.

It was a fruitful call. It turned out that the man only wanted to find out about a course of medication he’d taken 50 years ago. When we offered to locate the relevant material he was delighted. He was also happy to have the information emailed to him.  

Three years, rather than 70

This meant I was able to hone in on a date-range of three years – rather than 70 – find the information he was interested in, check it quickly for anything that wasn’t about him (in case something had found its way into his records over the years that could breach another person’s privacy), scan it, and securely email it to him. 

Once the information was scanned, the scanned data could be added to his digital file as an attachment. A thick wedge of paper was replaced with a single file-divider indicating that three years of his medical information had been digitised. The paper records were offered to the patient, who ended up giving us permission to securely destroy them anyway.

And of course, had the patient asked for his entire file, we would have considered the request in full. While it can be inconvenient and time-consuming for busy medical centres to respond to these types of requests, it should be worked into your business plan, just like paying tax, ACC levies, and buying copy paper.

Health resources online

The Office of the Privacy Commissioner has provided some online resources to help health agencies develop good policies to handle these requests:

• All health agencies will benefit from bookmarking the Health Privacy Toolkit. It includes five printer-friendly Fact Sheets that simplify most of common issues and requests you’ll come across when it comes to health information. 
• We have free online training modules that cover all your rights and legal obligations when handling health information: privacy.org.nz/e-learning
• If in doubt, contact the Office of the Privacy Commissioner – 0800 803 909 or enquiries@privacy.org.nz. We’re happy to help. 

Image credit: Florida Memory from Tallahassee Democrat Collection, via Creative Commons 

Health Information Privacy Code, health, information sharing, enquiries